VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Míra Mareček at 2010-12-05 17:06:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 47 GB (41%) free of 114 GB
Total RAM: 1023 MB (1% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:36, on 5.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Qtomed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\services.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system\ixdfsx.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\gymmy.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\9230.exe
C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\Qb1.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Míra Mareček\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Míra Mareček.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.translateclient.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - (no file)
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe svtiqf
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [jogic] C:\WINDOWS\system32\kihu.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [tabu] C:\WINDOWS\system32\penijoutou.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\dsoqq.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [api32] C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\apiqq.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe
O4 - HKCU\..\Run: [tabu] C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\penijoutou.exe
O4 - HKCU\..\Run: [jogic] C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\kihu.exe
O4 - HKCU\..\Run: [koohoon] C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\gymmy.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Míra Mareček\wdoe.exe \u
O4 - HKCU\..\Run: [King_ar] C:\WINDOWS\system32\arking.exe
O4 - HKCU\..\Run: [mooreni] C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\quotoozuquooc.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\míra mareček\wuaucldt.exe
O4 - HKCU\..\Run: [Local Security Authentication Server] C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\Qb1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-507921405-1604221776-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 03mm9yy.exe
O4 - Startup: 03qw91c.exe
O4 - Startup: 0870aaq.exe
O4 - Startup: 0hxd2jk.exe
O4 - Startup: 0hxd66u.exe
O4 - Startup: 0i0jzf2.exe
O4 - Startup: 0jfflbm.exe
O4 - Startup: 0lbh2no.exe
O4 - Startup: 0lbh60j.exe
O4 - Startup: 0pq1rmn.exe
O4 - Startup: 1ijo86a.exe
O4 - Startup: 1nt03kf.exe
O4 - Startup: 1topu81.exe
O4 - Startup: 3cxd60f.exe
O4 - Startup: 3y0zplw.exe
O4 - Startup: 5eeuva8.exe
O4 - Startup: 6jzk1ab.exe
O4 - Startup: 6q81cno.exe
O4 - Startup: 70rhxyt.exe
O4 - Startup: 75rx0i7.exe
O4 - Startup: 81mxytz.exe
O4 - Startup: 86c8syo.exe
O4 - Startup: 86sdo5j.exe
O4 - Startup: ab6ndo1ef0.exe
O4 - Startup: abg86ite5z.exe
O4 - Startup: almniizpa1.exe
O4 - Startup: avlmhxytup.exe
O4 - Startup: b675izpa.exe
O4 - Startup: b70xtjuu1q.exe
O4 - Startup: bbhxnj6ua.exe
O4 - Startup: bg86s81epq.exe
O4 - Startup: brmxs6tu.exe
O4 - Startup: cx1jo1f703.exe
O4 - Startup: cxyt081alm.exe
O4 - Startup: d2u5plgh.exe
O4 - Startup: dtupllbh.exe
O4 - Startup: euva81mn6z.exe
O4 - Startup: fgb081it.exe
O4 - Startup: fq5xc3jee.exe
O4 - Startup: g0hxttjp67.exe
O4 - Startup: griiyzeaqr.exe
O4 - Startup: gwm5itejuf.exe
O4 - Startup: hm81jeu1l.exe
O4 - Startup: i81ufgbh6.exe
O4 - Startup: iyyoe1v703.exe
O4 - Startup: jff66mxx.exe
O4 - Startup: k81whidt6va.exe
O4 - Startup: kaq0rhn6.exe
O4 - Startup: lhh2ndezpvr.exe
O4 - Startup: m0de6u81.exe
O4 - Startup: m5hsdezpql.exe
O4 - Startup: m5ie3kq5mhn.exe
O4 - Startup: mccid081kl.exe
O4 - Startup: mcdi86a3q0.exe
O4 - Startup: mns81epqbm.exe
O4 - Startup: mnsooeu1l7.exe
O4 - Startup: ndo1efk86.exe
O4 - Startup: ndoze835g.exe
O4 - Startup: o871wbsxs.exe
O4 - Startup: q6g81sdep.exe
O4 - Startup: qb8yyte30w.exe
O4 - Startup: qbcxd2eafv.exe
O4 - Startup: r5hsdezp.exe
O4 - Startup: rniyzeaq.exe
O4 - Startup: tt2zf6rhs1i.exe
O4 - Startup: vblhcs5y3k.exe
O4 - Startup: w81itupa8.exe
O4 - Startup: w8di86kfb.exe
O4 - Startup: wrx2dtupqq.exe
O4 - Startup: xi5dzuva.exe
O4 - Startup: xnojkf0lbh.exe
O4 - Startup: xtopu86rx.exe
O4 - Startup: yt3aa9bm.exe
O4 - Startup: zvv66m86.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: google sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Asset Management Daemon (aaify0jgu) - Unknown owner - C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\boucinno.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Apple Mobile Device (apple mobile device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service (bonjour service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PowerUtility TV Recording Reservation (ece16faacowooi) - Unknown owner - C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\gooroze.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Canon BJ Memory Card Manager (ey5eya25aoenoi) - Unknown owner - C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: WM System Decode Application - Unknown owner - C:\WINDOWS\system\ixdfsx.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Microsoft Local Alerter (ydoeoviae) - Unknown owner - C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\ridyttydouk.exe

--
End of file - 17312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-14 16050176]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-06-02 176128]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-20 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-11 202256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"wuaucldt"=c:\windows\system32\wuaucldt.exe [2010-11-19 33280]
"jogic"=C:\WINDOWS\system32\kihu.exe []
"services"=C:\WINDOWS\services.exe [2010-11-23 45568]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"tabu"=C:\WINDOWS\system32\penijoutou.exe [2010-11-30 315392]
"THGuard"=C:\Program Files\TrojanHunter 4.2\THGuard.exe [2005-02-19 1089024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-13 323392]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"cdoosoft"=C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\herss.exe [2010-04-14 126976]
"nod32"=C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\nodqq.exe [2010-05-11 112640]
"dso32"=C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\dsoqq.exe [2010-08-25 140800]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"api32"=C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\apiqq.exe [2010-10-30 174592]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-03-02 1347496]
"king_mg"=C:\WINDOWS\system32\mgking.exe [2010-11-25 182784]
"tabu"=C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\penijoutou.exe [2010-11-24 201216]
"jogic"=C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\kihu.exe [2010-11-23 201216]
"koohoon"=C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\gymmy.exe [2010-11-24 201216]
"MSConfig"=C:\Documents and Settings\Míra Mareček\wdoe.exe [2010-11-25 18432]
"King_ar"=C:\WINDOWS\system32\arking.exe [2010-12-02 180736]
"mooreni"=C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\quotoozuquooc.exe [2010-11-30 315392]
"wuaucldt"=c:\documents and settings\míra mareček\wuaucldt.exe []
"Local Security Authentication Server"=C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe [2010-12-02 131072]
"JP595IR86O"=C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\Qb1.exe [2010-12-02 189440]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění
03mm9yy.exe
03qw91c.exe
0870aaq.exe
0hxd2jk.exe
0hxd66u.exe
0i0jzf2.exe
0jfflbm.exe
0lbh2no.exe
0lbh60j.exe
0pq1rmn.exe
1ijo86a.exe
1nt03kf.exe
1topu81.exe
3cxd60f.exe
3y0zplw.exe
5eeuva8.exe
6jzk1ab.exe
6q81cno.exe
70rhxyt.exe
75rx0i7.exe
81mxytz.exe
86c8syo.exe
86sdo5j.exe
ab6ndo1ef0.exe
abg86ite5z.exe
almniizpa1.exe
avlmhxytup.exe
b675izpa.exe
b70xtjuu1q.exe
bbhxnj6ua.exe
bg86s81epq.exe
brmxs6tu.exe
cx1jo1f703.exe
cxyt081alm.exe
d2u5plgh.exe
dtupllbh.exe
euva81mn6z.exe
fgb081it.exe
fq5xc3jee.exe
g0hxttjp67.exe
griiyzeaqr.exe
gwm5itejuf.exe
hm81jeu1l.exe
i81ufgbh6.exe
iyyoe1v703.exe
jff66mxx.exe
k81whidt6va.exe
kaq0rhn6.exe
lhh2ndezpvr.exe
m0de6u81.exe
m5hsdezpql.exe
m5ie3kq5mhn.exe
mccid081kl.exe
mcdi86a3q0.exe
mns81epqbm.exe
mnsooeu1l7.exe
ndo1efk86.exe
ndoze835g.exe
o871wbsxs.exe
q6g81sdep.exe
qb8yyte30w.exe
qbcxd2eafv.exe
r5hsdezp.exe
rniyzeaq.exe
tt2zf6rhs1i.exe
vblhcs5y3k.exe
w81itupa8.exe
w8di86kfb.exe
wrx2dtupqq.exe
xi5dzuva.exe
xnojkf0lbh.exe
xtopu86rx.exe
yt3aa9bm.exe
zvv66m86.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
C:\WINDOWS\system32\cryptnet32.dll [2010-11-19 46592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WM System Decode Application]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\ASUS\RT-G32 Wireless Router Utilities\EZSetup\EZSetup.exe"="C:\Program Files\ASUS\RT-G32 Wireless Router Utilities\EZSetup\EZSetup.exe:*:Enabled:EZSetup Wizard"
"C:\Program Files\ASUS\RT-G32 Wireless Router Utilities\Discovery\Discovery.exe"="C:\Program Files\ASUS\RT-G32 Wireless Router Utilities\Discovery\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system\ixdfsx.exe"="C:\WINDOWS\system\ixdfsx.exe:*:WM System Decode Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\System32\svchost.exe:*:Enabled:Microsoft Office"
"C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe"="C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-05 17:06:40 ----D---- C:\Program Files\trend micro
2010-12-05 17:06:20 ----D---- C:\rsit
2010-12-05 16:50:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-05 16:50:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-05 16:40:20 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 7
2010-12-05 14:48:57 ----A---- C:\WINDOWS\system32\penijoutou.exe
2010-12-05 14:15:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
2010-12-05 14:15:23 ----D---- C:\Program Files\CentrumczToolbar
2010-12-05 13:57:18 ----A---- C:\WINDOWS\Qtomed.exe
2010-12-05 07:19:38 ----A---- C:\WINDOWS\Qtomec.exe
2010-12-03 19:53:03 ----A---- C:\WINDOWS\Qtomeb.exe
2010-12-02 14:36:01 ----D---- C:\Program Files\TrojanHunter 4.2
2010-12-02 14:14:04 ----A---- C:\WINDOWS\Qtomea.exe
2010-12-02 14:13:48 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-12-02 13:57:18 ----A---- C:\Documents and Settings\Míra Mareček\Data aplikací\lsass.exe
2010-12-01 10:11:28 ----RSH---- C:\WINDOWS\system32\arking1.dll
2010-11-30 10:54:05 ----D---- C:\Program Files\CCleaner
2010-11-30 10:39:10 ----RSH---- C:\albkpq3.exe
2010-11-28 17:02:04 ----RSH---- C:\WINDOWS\system32\arking0.dll
2010-11-28 17:02:02 ----RSH---- C:\WINDOWS\system32\arking.exe
2010-11-27 10:59:16 ----A---- C:\WINDOWS\system32\drivers\wcscd.sys
2010-11-25 20:33:41 ----RSH---- C:\yveqsh93.exe
2010-11-24 13:42:28 ----RA---- C:\Documents and Settings\Míra Mareček\Data aplikací\BG0Ai.txt
2010-11-23 01:14:55 ----A---- C:\WINDOWS\services.exe
2010-11-22 00:48:56 ----RSH---- C:\i00dvoym.exe
2010-11-21 13:05:38 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\YouTube Downloader
2010-11-20 18:50:27 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Search Settings
2010-11-19 11:27:09 ----A---- C:\WINDOWS\system32\shimg.dll
2010-11-19 11:27:09 ----A---- C:\WINDOWS\system32\cryptnet32.dll
2010-11-19 11:27:01 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-11-19 00:58:24 ----D---- C:\WINDOWS\Sun
2010-11-15 16:00:00 ----RSH---- C:\Documents and Settings\Míra Mareček\Data aplikací\juzjf.exe
2010-11-15 15:59:45 ----SH---- C:\WINDOWS\system32\drivers\sysdrv32.sys
2010-11-14 23:12:04 ----D---- C:\bwinPoker
2010-11-14 22:52:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-11-14 22:52:57 ----D---- C:\Program Files\Common Files\Java
2010-11-14 22:52:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-14 22:52:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-14 22:52:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-14 22:52:27 ----A---- C:\WINDOWS\system32\java.exe
2010-11-14 22:51:56 ----D---- C:\Program Files\Java
2010-11-14 22:51:03 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Sun
2010-11-14 20:20:38 ----RSH---- C:\et3ypes.exe
2010-11-13 23:45:26 ----RSH---- C:\bud3mkqr.exe
2010-11-10 20:27:12 ----RSH---- C:\cbbw88s.exe
2010-11-10 13:54:22 ----RSH---- C:\WINDOWS\system32\mgking1.dll
2010-11-09 03:07:15 ----RSH---- C:\dwh.exe
2010-11-09 03:06:48 ----RSH---- C:\WINDOWS\system32\mgking0.dll
2010-11-09 03:06:47 ----RSH---- C:\WINDOWS\system32\mgking.exe
2010-11-06 23:53:31 ----RSH---- C:\egmjjb.exe

======List of files/folders modified in the last 1 months======

2010-12-05 17:07:31 ----D---- C:\WINDOWS\Prefetch
2010-12-05 17:07:17 ----AD---- C:\WINDOWS\Temp
2010-12-05 17:06:40 ----D---- C:\Program Files
2010-12-05 17:04:37 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Skype
2010-12-05 17:01:08 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\DNA
2010-12-05 16:43:45 ----SD---- C:\WINDOWS\Tasks
2010-12-05 16:39:48 ----D---- C:\Program Files\Mozilla Firefox
2010-12-05 16:05:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-05 16:02:07 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\skypePM
2010-12-05 15:01:37 ----D---- C:\WINDOWS\system32\drivers
2010-12-05 15:01:27 ----D---- C:\WINDOWS
2010-12-05 15:01:12 ----SD---- C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft
2010-12-05 15:01:09 ----D---- C:\WINDOWS\system32
2010-12-05 15:00:54 ----D---- C:\Program Files\DNA
2010-12-05 14:26:30 ----D---- C:\WINDOWS\Minidump
2010-12-05 07:34:35 ----D---- C:\Program Files\Full Tilt Poker
2010-12-03 03:18:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-02 17:56:45 ----D---- C:\WINDOWS\system32\wbem
2010-12-02 17:56:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-02 14:36:43 ----R---- C:\WINDOWS\streamhlp.dll
2010-12-01 13:58:42 ----SHD---- C:\WINDOWS\Installer
2010-12-01 13:58:42 ----D---- C:\WINDOWS\WinSxS
2010-12-01 13:57:26 ----SHD---- C:\Config.Msi
2010-12-01 13:57:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-01 13:57:04 ----D---- C:\Program Files\Windows Live
2010-11-30 17:37:43 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Winamp
2010-11-30 11:29:13 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-11-30 11:19:58 ----D---- C:\Program Files\Common Files
2010-11-30 11:16:39 ----D---- C:\Program Files\Google
2010-11-30 11:13:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-30 11:13:46 ----D---- C:\Program Files\ASUS
2010-11-30 11:05:08 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Media Player Classic
2010-11-30 11:04:40 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\BitTorrent
2010-11-30 11:02:58 ----D---- C:\WINDOWS\Debug
2010-11-30 10:40:56 ----HD---- C:\WINDOWS\inf
2010-11-24 01:23:22 ----SHD---- C:\RECYCLER
2010-11-21 13:29:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-11-21 13:29:14 ----D---- C:\Documents and Settings\Míra Mareček\Data aplikací\Real
2010-11-21 13:17:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-11-21 13:17:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-19 11:27:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-15 15:59:28 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-09-24 717296]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 staropen;staropen; C:\WINDOWS\system32\drivers\staropen.sys [2006-07-24 5632]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2006-05-26 111104]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-09 471264]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 gearaspiwdm;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-15 4368896]
R3 M3AD;Motorola Messenger Modem Audio Device; C:\WINDOWS\system32\drivers\m3aux.sys [2006-08-10 136832]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-09 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-09 13184]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-01-19 1324544]
R3 sysdrv32;Play Port I/O Driver; \??\C:\WINDOWS\system32\drivers\sysdrv32.sys []
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
S1 c96f44d9;c96f44d9; C:\WINDOWS\System32\drivers\c96f44d9.sys []
S1 cdfss;cdfss; \??\C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\cdfss []
S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-11-27 30560]
S3 acun1uo4;acun1uo4; C:\WINDOWS\system32\drivers\acun1uo4.sys []
S3 aqayjlnq;aqayjlnq; \??\C:\WINDOWS\System32\Drivers\aqayjlnq.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cofluckr;cofluckr; \??\C:\WINDOWS\System32\Drivers\cofluckr.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 fcwjyspb;fcwjyspb; \??\C:\WINDOWS\System32\Drivers\fcwjyspb.sys []
S3 gfxtoimv;gfxtoimv; \??\C:\WINDOWS\System32\Drivers\gfxtoimv.sys []
S3 hrqwdiiu;hrqwdiiu; \??\C:\WINDOWS\System32\Drivers\hrqwdiiu.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2007-08-09 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 ikckujxp;ikckujxp; \??\C:\WINDOWS\System32\Drivers\ikckujxp.sys []
S3 ivucwxcd;ivucwxcd; \??\C:\WINDOWS\System32\Drivers\ivucwxcd.sys []
S3 ixhjypgr;ixhjypgr; \??\C:\WINDOWS\System32\Drivers\ixhjypgr.sys []
S3 jcdjtawy;jcdjtawy; \??\C:\WINDOWS\System32\Drivers\jcdjtawy.sys []
S3 jjpnaibq;jjpnaibq; \??\C:\WINDOWS\System32\Drivers\jjpnaibq.sys []
S3 jzqdajtm;jzqdajtm; \??\C:\WINDOWS\System32\Drivers\jzqdajtm.sys []
S3 khpmguyo;khpmguyo; \??\C:\WINDOWS\System32\Drivers\khpmguyo.sys []
S3 kzlymqyp;kzlymqyp; \??\C:\WINDOWS\System32\Drivers\kzlymqyp.sys []
S3 mbnmccbl;mbnmccbl; \??\C:\WINDOWS\System32\Drivers\mbnmccbl.sys []
S3 mcxlrzia;mcxlrzia; \??\C:\WINDOWS\System32\Drivers\mcxlrzia.sys []
S3 miaatdqf;miaatdqf; \??\C:\WINDOWS\System32\Drivers\miaatdqf.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 mywhlxxr;mywhlxxr; \??\C:\WINDOWS\System32\Drivers\mywhlxxr.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nfkrrcwr;nfkrrcwr; \??\C:\WINDOWS\System32\Drivers\nfkrrcwr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 pvmlfuzn;pvmlfuzn; \??\C:\WINDOWS\System32\Drivers\pvmlfuzn.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-18 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-18 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 uifwieju;uifwieju; \??\C:\WINDOWS\System32\Drivers\uifwieju.sys []
S3 usbaapl;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 uysehqpf;uysehqpf; \??\C:\WINDOWS\System32\Drivers\uysehqpf.sys []
S3 uzfmsstp;uzfmsstp; \??\C:\WINDOWS\System32\Drivers\uzfmsstp.sys []
S3 vufckfrv;vufckfrv; \??\C:\WINDOWS\System32\Drivers\vufckfrv.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 wtiiltxg;wtiiltxg; \??\C:\WINDOWS\System32\Drivers\wtiiltxg.sys []
S3 wvbppzcb;wvbppzcb; \??\C:\WINDOWS\System32\Drivers\wvbppzcb.sys []
S3 yawnxuqe;yawnxuqe; \??\C:\WINDOWS\System32\Drivers\yawnxuqe.sys []
S3 zajfgoww;zajfgoww; \??\C:\WINDOWS\System32\Drivers\zajfgoww.sys []
S3 zetkpunz;zetkpunz; \??\C:\WINDOWS\System32\Drivers\zetkpunz.sys []
S3 zkjoucba;zkjoucba; \??\C:\WINDOWS\System32\Drivers\zkjoucba.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\MRAMAR~1\LOCALS~1\Temp\mc212.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-03-02 67312]
R2 apple mobile device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 bonjour service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-14 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2006-12-10 24576]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WM System Decode Application;WM System Decode Application; C:\WINDOWS\system\ixdfsx.exe [2010-11-15 56320]
R3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 aaify0jgu;Asset Management Daemon; C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\boucinno.exe []
S2 ece16faacowooi;PowerUtility TV Recording Reservation; C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\gooroze.exe [2010-11-24 201216]
S2 ey5eya25aoenoi;Canon BJ Memory Card Manager; C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-16 135664]
S2 ydoeoviae;Microsoft Local Alerter; C:\Documents and Settings\Míra Mareček\Data aplikací\Microsoft\ridyttydouk.exe [2010-11-19 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 nettcpportsharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Zdravim a pekny den preji

No mate tam pekne nastlano

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 10-12-04.02 - Míra Mareček 05.12.2010 19:13:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.471 [GMT 1:00]
Spuštěný z: c:\documents and settings\Míra Mareček\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\09lf.exe
C:\12GN6ID2.EXE
C:\1thes92p.exe
C:\2bbi1ax.exe
C:\2ul.exe
C:\33r.exe
C:\9d6resf.exe
C:\9keibj.exe
C:\9rfpp.exe
C:\albkpq3.exe
C:\apqpm.exe
C:\autorun.inf
C:\b9v.exe
C:\ba.exe
C:\biriprg.exe
C:\bu8.exe
C:\bud3mkqr.exe
C:\ca.exe
C:\cbbw88s.exe
C:\cgaqyi.exe
c:\docume~1\MRAMAR~1\LOCALS~1\Temp\apiqq0.dll
c:\documents and settings\Míra Mareček\Data aplikací\lsass.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\funnoody.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\gooroze.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\gymmy.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\kihu.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\lojottore.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\penijoutou.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\quotoozuquooc.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\quuzyfoufy.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\ridyttydouk.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\toufou.exe
c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\bobivbd.dat
c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\bobivbd_nav.dat
c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\bobivbd_navps.dat
c:\documents and settings\Míra Mareček\Local Settings\Temp\apiqq0.dll
C:\dqm.exe
C:\dwh.exe
C:\e.exe
C:\eer6ril9.exe
C:\egmjjb.exe
C:\et3ypes.exe
C:\eyruu.exe
C:\f662sjd.exe
C:\ggb6w.exe
C:\hc3hvi0.exe
C:\chxnxyx.exe
C:\i00dvoym.exe
C:\i8gcgmg.exe
C:\i8ikdjwt.exe
C:\img8hi.exe
C:\iuvvl9f3.exe
C:\jeo3ky.exe
C:\jofk1wf.exe
C:\krwyrv0d.exe
C:\n0qls.exe
C:\o1o.exe
C:\P6XEBRNT.EXE
C:\p9rs.exe
C:\q0wfr.exe
C:\QHBFQX.EXE
C:\r3fhr.exe
C:\r3q63rok.exe
C:\R3X0K.EXE
C:\rfg.exe
C:\vgyn6ewc.exe
C:\vi8f.exe
C:\wa.exe
c:\windows\Qtomea.exe
c:\windows\system\ixdfsx.exe
c:\windows\system32\arking.exe
c:\windows\system32\arking0.dll
c:\windows\system32\arking1.dll
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\ddr.exe
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\drivers\wcscd.sys
c:\windows\system32\kavo0.dll
c:\windows\system32\kavo1.dll
c:\windows\system32\mgking.exe
c:\windows\system32\mgking0.dll
c:\windows\system32\mgking1.dll
c:\windows\system32\secupdat.dat
c:\windows\system32\shimg.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\wuaucldt.exe
C:\wyskq6lt.exe
C:\x3xh.exe
C:\xjb3.exe
C:\yqq8eqil.exe

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS
-------\Legacy_SSHNAS
-------\Legacy_SYSDRV32
-------\Legacy_WCSCD
-------\Service_cdfss
-------\Service_sysdrv32
-------\Service_wcscd
-------\Legacy_ece16faacowooi
-------\Legacy_WM_System_Decode_Application
-------\Legacy_ydoeoviae
-------\Service_ece16faacowooi
-------\Service_WM System Decode Application
-------\Service_ydoeoviae

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 16:06 . 2010-12-05 16:08 -------- d-----w- c:\program files\trend micro
2010-12-05 16:06 . 2010-12-05 16:09 -------- d-----w- C:\rsit
2010-12-05 15:50 . 2010-12-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-05 15:50 . 2010-12-05 15:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 15:40 . 2010-12-05 15:40 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-05 13:15 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-05 13:15 . 2010-12-05 14:08 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-05 12:57 . 2010-12-05 06:36 184832 ----a-w- c:\windows\Qtomed.exe
2010-12-05 06:19 . 2010-12-04 13:50 256512 ----a-w- c:\windows\Qtomec.exe
2010-12-04 13:33 . 2010-12-04 13:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2010-12-03 18:53 . 2010-12-03 18:52 192512 ----a-w- c:\windows\Qtomeb.exe
2010-12-02 13:36 . 2010-12-02 15:10 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-12-02 12:57 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-30 09:54 . 2010-11-30 09:54 -------- d-----w- c:\program files\CCleaner
2010-11-25 19:33 . 2010-11-25 19:34 182784 --sh--r- C:\yveqsh93.exe
2010-11-25 07:04 . 2010-11-25 07:04 18432 ---ha-w- c:\documents and settings\Míra Mareček\wdoe.exe
2010-11-21 12:05 . 2010-11-21 12:05 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\YouTube Downloader
2010-11-20 17:50 . 2010-11-20 17:51 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\Search Settings
2010-11-18 23:58 . 2010-11-18 23:58 -------- d-----w- c:\windows\Sun
2010-11-15 15:00 . 2010-11-18 18:52 93184 --sh--r- c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe
2010-11-14 22:12 . 2010-11-14 22:12 -------- d-----w- c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\P5
2010-11-14 22:12 . 2010-11-14 22:13 -------- d-----w- C:\bwinPoker
2010-11-14 21:52 . 2010-11-14 21:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 21:52 . 2010-11-14 21:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 21:51 . 2010-11-14 21:51 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 14:36 . 2004-08-18 12:00 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-04 16:27 . 2010-11-04 07:06 173568 --sh--r- C:\l10.exe
2010-10-26 18:11 . 2010-10-26 21:21 180224 --sh--r- C:\lpl.exe
2008-12-30 14:11 . 2008-12-30 14:11 2595931 ----a-w- c:\program files\GfxUpdate.exe
1999-04-23 12:56 . 2008-12-30 14:12 6784 ----a-w- c:\program files\clcd16.dll
1999-04-23 12:56 . 2008-12-30 14:12 30208 ----a-w- c:\program files\clcd32.dll
1999-04-23 12:56 . 2008-12-30 14:12 177152 ----a-w- c:\program files\clokspl.exe
1999-04-23 12:56 . 2008-12-30 14:12 5207552 ----a-w- c:\program files\WA.icd
1999-04-23 12:56 . 2007-06-29 10:55 236272 ----a-w- c:\program files\WA.exe
1999-04-23 12:56 . 2008-12-30 14:12 155648 ----a-w- c:\program files\dplayerx.dll
1999-04-23 12:56 . 2008-12-30 14:12 14304 ----a-w- c:\program files\secdrv.sys
1999-04-23 12:56 . 2008-12-30 14:12 34816 ----a-w- c:\program files\drvmgt.dll
1999-04-20 17:30 . 2008-12-30 14:12 240128 ------r- c:\program files\DXMfc.dll
1999-04-20 17:30 . 2008-12-30 14:12 83456 ------r- c:\program files\DirectX2D.dll
1999-04-20 17:30 . 2008-12-30 14:12 10240 ------r- c:\program files\DirectSound.dll
1999-03-29 12:48 . 2008-12-30 14:12 297984 ------r- c:\program files\ltkrn10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 105472 ------r- c:\program files\ltfil10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 31744 ------r- c:\program files\lflmb10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 27648 ------r- c:\program files\lftga10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 269312 ------r- c:\program files\LFCMP10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 34304 ------r- c:\program files\lfbmp10N.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"THGuard"="c:\program files\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Mˇra Mareźek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
03mm9yy.exe [2010-11-22 43008]
03qw91c.exe [2010-11-18 43008]
0870aaq.exe [2010-11-23 43008]
0hxd2jk.exe [2010-11-20 43008]
0hxd66u.exe [2010-11-19 43008]
0i0jzf2.exe [2010-11-23 43008]
0jfflbm.exe [2010-11-24 43008]
0lbh2no.exe [2010-11-18 43008]
0lbh60j.exe [2010-11-18 43008]
0pq1rmn.exe [2010-11-19 43008]
1ijo86a.exe [2010-11-18 43008]
1nt03kf.exe [2010-11-23 43008]
1topu81.exe [2010-11-25 43008]
3cxd60f.exe [2010-11-20 43008]
3y0zplw.exe [2010-11-19 43008]
5eeuva8.exe [2010-11-23 43008]
6jzk1ab.exe [2010-11-23 43008]
6q81cno.exe [2010-11-24 43008]
70rhxyt.exe [2010-11-21 43008]
75rx0i7.exe [2010-11-24 43008]
81mxytz.exe [2010-11-21 43008]
86c8syo.exe [2010-11-21 43008]
86sdo5j.exe [2010-11-19 43008]
ab6ndo1ef0.exe [2010-11-21 43008]
abg86ite5z.exe [2010-11-23 43008]
almniizpa1.exe [2010-11-22 43008]
avlmhxytup.exe [2010-11-23 43008]
b675izpa.exe [2010-11-22 43008]
b70xtjuu1q.exe [2010-11-24 43008]
bbhxnj6ua.exe [2010-11-21 43008]
bg86s81epq.exe [2010-11-23 43008]
brmxs6tu.exe [2010-11-21 43008]
cx1jo1f703.exe [2010-11-22 43008]
cxyt081alm.exe [2010-11-18 43008]
d2u5plgh.exe [2010-11-23 43008]
dtupllbh.exe [2010-11-22 43008]
euva81mn6z.exe [2010-11-19 43008]
fgb081it.exe [2010-11-18 43008]
fq5xc3jee.exe [2010-11-22 43008]
g0hxttjp67.exe [2010-11-20 43008]
griiyzeaqr.exe [2010-11-21 43008]
gwm5itejuf.exe [2010-11-19 43008]
hm81jeu1l.exe [2010-11-18 43008]
i81ufgbh6.exe [2010-11-23 43008]
iyyoe1v703.exe [2010-11-18 43008]
jff66mxx.exe [2010-11-23 43008]
k81whidt6va.exe [2010-11-24 43008]
kaq0rhn6.exe [2010-11-19 43008]
lhh2ndezpvr.exe [2010-11-23 43008]
m0de6u81.exe [2010-11-25 43008]
m5hsdezpql.exe [2010-11-21 43008]
m5ie3kq5mhn.exe [2010-11-21 43008]
mccid081kl.exe [2010-11-22 43008]
mcdi86a3q0.exe [2010-11-19 43008]
mns81epqbm.exe [2010-11-18 43008]
mnsooeu1l7.exe [2010-11-21 43008]
ndo1efk86.exe [2010-11-21 43008]
ndoze835g.exe [2010-11-21 43008]
o871wbsxs.exe [2010-11-21 43008]
q6g81sdep.exe [2010-11-23 43008]
qb8yyte30w.exe [2010-11-22 43008]
qbcxd2eafv.exe [2010-11-24 43008]
r5hsdezp.exe [2010-11-21 43008]
rniyzeaq.exe [2010-11-21 43008]
tt2zf6rhs1i.exe [2010-11-21 43008]
vblhcs5y3k.exe [2010-11-24 43008]
w81itupa8.exe [2010-11-25 43008]
w8di86kfb.exe [2010-11-19 43008]
wrx2dtupqq.exe [2010-11-20 43008]
xi5dzuva.exe [2010-11-19 43008]
xnojkf0lbh.exe [2010-11-19 43008]
xtopu86rx.exe [2010-11-18 43008]
yt3aa9bm.exe [2010-11-24 43008]
zvv66m86.exe [2010-11-18 43008]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-9-22 987136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\EZSetup\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\Discovery\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2008 19:16 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 11:13 67312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [22.9.2008 12:37 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [22.9.2008 12:37 1324544]
S1 c96f44d9;c96f44d9;c:\windows\system32\drivers\c96f44d9.sys [6.6.2009 20:54 0]
S2 aaify0jgu;Asset Management Daemon;c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\boucinno.exe --> c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\boucinno.exe [?]
S2 ey5eya25aoenoi;Canon BJ Memory Card Manager;c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe --> c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2010 17:13 135664]
S3 aqayjlnq;aqayjlnq;\??\c:\windows\System32\Drivers\aqayjlnq.sys --> c:\windows\System32\Drivers\aqayjlnq.sys [?]
S3 cofluckr;cofluckr;\??\c:\windows\System32\Drivers\cofluckr.sys --> c:\windows\System32\Drivers\cofluckr.sys [?]
S3 fcwjyspb;fcwjyspb;\??\c:\windows\System32\Drivers\fcwjyspb.sys --> c:\windows\System32\Drivers\fcwjyspb.sys [?]
S3 gfxtoimv;gfxtoimv;\??\c:\windows\System32\Drivers\gfxtoimv.sys --> c:\windows\System32\Drivers\gfxtoimv.sys [?]
S3 hrqwdiiu;hrqwdiiu;\??\c:\windows\System32\Drivers\hrqwdiiu.sys --> c:\windows\System32\Drivers\hrqwdiiu.sys [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.10.2010 21:33 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27.9.2010 0:04 100736]
S3 ikckujxp;ikckujxp;\??\c:\windows\System32\Drivers\ikckujxp.sys --> c:\windows\System32\Drivers\ikckujxp.sys [?]
S3 ivucwxcd;ivucwxcd;\??\c:\windows\System32\Drivers\ivucwxcd.sys --> c:\windows\System32\Drivers\ivucwxcd.sys [?]
S3 ixhjypgr;ixhjypgr;\??\c:\windows\System32\Drivers\ixhjypgr.sys --> c:\windows\System32\Drivers\ixhjypgr.sys [?]
S3 jcdjtawy;jcdjtawy;\??\c:\windows\System32\Drivers\jcdjtawy.sys --> c:\windows\System32\Drivers\jcdjtawy.sys [?]
S3 jibcrltd;jibcrltd;\??\c:\windows\System32\Drivers\jibcrltd.sys --> c:\windows\System32\Drivers\jibcrltd.sys [?]
S3 jjpnaibq;jjpnaibq;\??\c:\windows\System32\Drivers\jjpnaibq.sys --> c:\windows\System32\Drivers\jjpnaibq.sys [?]
S3 jzqdajtm;jzqdajtm;\??\c:\windows\System32\Drivers\jzqdajtm.sys --> c:\windows\System32\Drivers\jzqdajtm.sys [?]
S3 khpmguyo;khpmguyo;\??\c:\windows\System32\Drivers\khpmguyo.sys --> c:\windows\System32\Drivers\khpmguyo.sys [?]
S3 kzlymqyp;kzlymqyp;\??\c:\windows\System32\Drivers\kzlymqyp.sys --> c:\windows\System32\Drivers\kzlymqyp.sys [?]
S3 mbnmccbl;mbnmccbl;\??\c:\windows\System32\Drivers\mbnmccbl.sys --> c:\windows\System32\Drivers\mbnmccbl.sys [?]
S3 mcxlrzia;mcxlrzia;\??\c:\windows\System32\Drivers\mcxlrzia.sys --> c:\windows\System32\Drivers\mcxlrzia.sys [?]
S3 miaatdqf;miaatdqf;\??\c:\windows\System32\Drivers\miaatdqf.sys --> c:\windows\System32\Drivers\miaatdqf.sys [?]
S3 mywhlxxr;mywhlxxr;\??\c:\windows\System32\Drivers\mywhlxxr.sys --> c:\windows\System32\Drivers\mywhlxxr.sys [?]
S3 nfkrrcwr;nfkrrcwr;\??\c:\windows\System32\Drivers\nfkrrcwr.sys --> c:\windows\System32\Drivers\nfkrrcwr.sys [?]
S3 oiagukyl;oiagukyl;\??\c:\windows\System32\Drivers\oiagukyl.sys --> c:\windows\System32\Drivers\oiagukyl.sys [?]
S3 pvmlfuzn;pvmlfuzn;\??\c:\windows\System32\Drivers\pvmlfuzn.sys --> c:\windows\System32\Drivers\pvmlfuzn.sys [?]
S3 uifwieju;uifwieju;\??\c:\windows\System32\Drivers\uifwieju.sys --> c:\windows\System32\Drivers\uifwieju.sys [?]
S3 uysehqpf;uysehqpf;\??\c:\windows\System32\Drivers\uysehqpf.sys --> c:\windows\System32\Drivers\uysehqpf.sys [?]
S3 uzfmsstp;uzfmsstp;\??\c:\windows\System32\Drivers\uzfmsstp.sys --> c:\windows\System32\Drivers\uzfmsstp.sys [?]
S3 vufckfrv;vufckfrv;\??\c:\windows\System32\Drivers\vufckfrv.sys --> c:\windows\System32\Drivers\vufckfrv.sys [?]
S3 wtiiltxg;wtiiltxg;\??\c:\windows\System32\Drivers\wtiiltxg.sys --> c:\windows\System32\Drivers\wtiiltxg.sys [?]
S3 wvbppzcb;wvbppzcb;\??\c:\windows\System32\Drivers\wvbppzcb.sys --> c:\windows\System32\Drivers\wvbppzcb.sys [?]
S3 yawnxuqe;yawnxuqe;\??\c:\windows\System32\Drivers\yawnxuqe.sys --> c:\windows\System32\Drivers\yawnxuqe.sys [?]
S3 zajfgoww;zajfgoww;\??\c:\windows\System32\Drivers\zajfgoww.sys --> c:\windows\System32\Drivers\zajfgoww.sys [?]
S3 zetkpunz;zetkpunz;\??\c:\windows\System32\Drivers\zetkpunz.sys --> c:\windows\System32\Drivers\zetkpunz.sys [?]
S3 zkjoucba;zkjoucba;\??\c:\windows\System32\Drivers\zkjoucba.sys --> c:\windows\System32\Drivers\zkjoucba.sys [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:12]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:12]

2010-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.translateclient.com
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = proxy:3128
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} -
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-king_mg - c:\windows\system32\mgking.exe
HKCU-Run-tabu - c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\penijoutou.exe
HKCU-Run-jogic - c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\kihu.exe
HKCU-Run-koohoon - c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\gymmy.exe
HKCU-Run-King_ar - c:\windows\system32\arking.exe
HKCU-Run-mooreni - c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\quotoozuquooc.exe
HKCU-Run-Local Security Authentication Server - c:\documents and settings\Míra Mareček\Data aplikací\lsass.exe
HKLM-Run-jogic - c:\windows\system32\kihu.exe
HKLM-Run-tabu - c:\windows\system32\penijoutou.exe
SafeBoot-WM System Decode Application
AddRemove-SAS Learning Edition 2.0 - c:\program files\SAS Institute\SAS\V8\UNINSTAL.ISU

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 19:22
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MRAMAR~1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(4484)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\Apvfb.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-12-05 19:28:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-05 18:28

Před spuštěním: Volných bajtů: 49 689 432 064
Po spuštění: Volných bajtů: 49 563 148 288

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0E882236C98D69D11AAFBF0AD03A6ABC

A tohle se da nakoupit prosim kde

Neodpustim si oblibenou otazku - to jste dokazal sam nebo Vam nekdo pomahal

Jeste tam toho ale hruza je

Takze s tim jdem zatocit

Vse zatim provadejte v nouzovem rezimu, tam je vetsina haveti neaktivni

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
c:\windows\Qtomed.exe
c:\windows\Qtomec.exe
c:\windows\Qtomeb.exe
C:\yveqsh93.exe
c:\documents and settings\Míra Mareček\wdoe.exe
c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe
C:\l10.exe
C:\lpl.exe
c:\windows\system32\drivers\c96f44d9.sys
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\boucinno.exe
c:\windows\System32\Drivers\aqayjlnq.sys
c:\windows\System32\Drivers\cofluckr.sys
c:\windows\System32\Drivers\fcwjyspb.sys
c:\windows\System32\Drivers\gfxtoimv.sys
c:\windows\System32\Drivers\hrqwdiiu.sys
c:\windows\System32\Drivers\ikckujxp.sys
c:\windows\System32\Drivers\ivucwxcd.sys
c:\windows\System32\Drivers\ixhjypgr.sys
c:\windows\System32\Drivers\jcdjtawy.sys
c:\windows\System32\Drivers\jibcrltd.sys
c:\windows\System32\Drivers\jjpnaibq.sys
c:\windows\System32\Drivers\jzqdajtm.sys
c:\windows\System32\Drivers\khpmguyo.sys
c:\windows\System32\Drivers\kzlymqyp.sys
c:\windows\System32\Drivers\mbnmccbl.sys
c:\windows\System32\Drivers\mcxlrzia.sys
c:\windows\System32\Drivers\miaatdqf.sys
c:\windows\System32\Drivers\mywhlxxr.sys
c:\windows\System32\Drivers\nfkrrcwr.sys
c:\windows\System32\Drivers\oiagukyl.sys
c:\windows\System32\Drivers\pvmlfuzn.sys
c:\windows\System32\Drivers\uifwieju.sys
c:\windows\System32\Drivers\uifwieju.sys
c:\windows\System32\Drivers\uysehqpf.sys
c:\windows\System32\Drivers\uzfmsstp.sys
c:\windows\System32\Drivers\vufckfrv.sys
c:\windows\System32\Drivers\wtiiltxg.sys
c:\windows\System32\Drivers\wvbppzcb.sys
c:\windows\System32\Drivers\yawnxuqe.sys
c:\windows\System32\Drivers\zajfgoww.sys
c:\windows\System32\Drivers\zetkpunz.sys
c:\windows\System32\Drivers\zkjoucba.sys
c:\docume~1\MRAMAR~1\LOCALS~1\Temp\mc24.tmp

Folder::
c:\program files\TrojanHunter 4.2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"BitTorrent DNA"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"NeroFilterCheck"=-
"WinampAgent"=-
"QuickTime Task"=-
"iTunesHelper"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"THGuard"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\WINDOWS\\System32\\svchost.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

Driver::
c96f44d9
aaify0jgu
aqayjlnq
cofluckr
fcwjyspb
gfxtoimv
hrqwdiiu
ikckujxp
ivucwxcd
ixhjypgr
jcdjtawy
jibcrltd
jjpnaibq
jzqdajtm
khpmguyo
kzlymqyp
mbnmccbl
mcxlrzia
miaatdqf
mywhlxxr
nfkrrcwr
oiagukyl
pvmlfuzn
uifwieju
uysehqpf
uzfmsstp
vufckfrv
wtiiltxg
wvbppzcb
yawnxuqe
zajfgoww
zetkpunz
zkjoucba
mchInjDrv

File::
c:\windows\Tasks\AppleSoftwareUpdate.job
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2010-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job
2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job
2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job

DDS::
uStart Page = hxxp://search.translateclient.com
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = proxy:3128
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} -

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

All processes killed
========== FILES ==========
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\03mm9yy.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\03qw91c.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0870aaq.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0hxd2jk.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0hxd66u.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0i0jzf2.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0jfflbm.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0lbh2no.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0lbh60j.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\0pq1rmn.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\1ijo86a.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\1nt03kf.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\1topu81.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\3cxd60f.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\3y0zplw.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\5eeuva8.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\6jzk1ab.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\6q81cno.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\70rhxyt.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\75rx0i7.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\81mxytz.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\86c8syo.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\86sdo5j.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\ab6ndo1ef0.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\abg86ite5z.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\almniizpa1.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\avlmhxytup.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\b675izpa.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\b70xtjuu1q.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\bbhxnj6ua.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\bg86s81epq.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\brmxs6tu.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\cx1jo1f703.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\cxyt081alm.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\d2u5plgh.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\dtupllbh.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\euva81mn6z.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\fgb081it.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\fq5xc3jee.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\g0hxttjp67.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\griiyzeaqr.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\gwm5itejuf.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\hm81jeu1l.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\i81ufgbh6.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\iyyoe1v703.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\jff66mxx.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\k81whidt6va.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\kaq0rhn6.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\lhh2ndezpvr.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\m0de6u81.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\m5hsdezpql.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\m5ie3kq5mhn.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\mccid081kl.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\mcdi86a3q0.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\mns81epqbm.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\mnsooeu1l7.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\ndo1efk86.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\ndoze835g.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\o871wbsxs.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\q6g81sdep.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\qb8yyte30w.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\qbcxd2eafv.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\r5hsdezp.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\rniyzeaq.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\tt2zf6rhs1i.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\vblhcs5y3k.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\w81itupa8.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\w8di86kfb.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\wrx2dtupqq.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\xi5dzuva.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\xnojkf0lbh.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\xtopu86rx.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\yt3aa9bm.exe moved successfully.
C:\Documents and Settings\Míra Mareček\Nabídka Start\Programy\Po spuštění\zvv66m86.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\NV3094451348.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEE9.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI254.tmp moved successfully.
C:\WINDOWS\Installer\MSIEE8.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Míra Mareček
->Temp folder emptied: 613137 bytes
->Temporary Internet Files folder emptied: 15453803 bytes
->Java cache emptied: 13019 bytes
->FireFox cache emptied: 53494059 bytes
->Google Chrome cache emptied: 39776608 bytes
->Opera cache emptied: 65742354 bytes
->Flash cache emptied: 17864 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3984562 bytes

Total Files Cleaned = 171,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 12052010_205630

Files moved on Reboot...

Registry entries deleted on Reboot...

ComboFix 10-12-04.02 - Míra Mareček 05.12.2010 21:08:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.400 [GMT 1:00]
Spuštěný z: c:\documents and settings\Míra Mareček\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Míra Mareček\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"

file zipped: c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe
file zipped: c:\documents and settings\Míra Mareček\wdoe.exe
file zipped: C:\l10.exe
file zipped: C:\lpl.exe
file zipped: c:\windows\Qtomeb.exe
file zipped: c:\windows\Qtomec.exe
file zipped: c:\windows\Qtomed.exe
file zipped: c:\windows\system32\drivers\c96f44d9.sys
file zipped: C:\yveqsh93.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\l10.exe
C:\lpl.exe
c:\program files\TrojanHunter 4.2
c:\program files\TrojanHunter 4.2\AFileRules.trf
c:\program files\TrojanHunter 4.2\ANewFileRules.trf
c:\program files\TrojanHunter 4.2\APortRules.trf
c:\program files\TrojanHunter 4.2\AProcessRules.trf
c:\program files\TrojanHunter 4.2\ARegistryRules.trf
c:\program files\TrojanHunter 4.2\AScriptRules.trf
c:\program files\TrojanHunter 4.2\ATrojans.trf
c:\program files\TrojanHunter 4.2\contmenu.dll
c:\program files\TrojanHunter 4.2\FileRules.trf
c:\program files\TrojanHunter 4.2\Gen.dll
c:\program files\TrojanHunter 4.2\IL.ini
c:\program files\TrojanHunter 4.2\InifileRules.trf
c:\program files\TrojanHunter 4.2\InstallLicense.exe
c:\program files\TrojanHunter 4.2\InstTimeUpdater.exe
c:\program files\TrojanHunter 4.2\LicenseInstallDoc.rtf
c:\program files\TrojanHunter 4.2\NewFileRules.trf
c:\program files\TrojanHunter 4.2\Options.cfg
c:\program files\TrojanHunter 4.2\PortRules.trf
c:\program files\TrojanHunter 4.2\ProcessRules.trf
c:\program files\TrojanHunter 4.2\RegistryRules.trf
c:\program files\TrojanHunter 4.2\Rev.dat
c:\program files\TrojanHunter 4.2\Rulesets.ini
c:\program files\TrojanHunter 4.2\ScriptRules.trf
c:\program files\TrojanHunter 4.2\SubmitFiles\SubmitFiles.exe
c:\program files\TrojanHunter 4.2\SubmitFiles\SubmitFiles.exe.manifest
c:\program files\TrojanHunter 4.2\THGuard.exe
c:\program files\TrojanHunter 4.2\THGuard.ini
c:\program files\TrojanHunter 4.2\THSec.dll
c:\program files\TrojanHunter 4.2\thshlicons.dll
c:\program files\TrojanHunter 4.2\thupdate.txt
c:\program files\TrojanHunter 4.2\Tools.ini
c:\program files\TrojanHunter 4.2\Tools\Autostart Explorer\AutostartExplorer.exe
c:\program files\TrojanHunter 4.2\Tools\Autostart Explorer\Descriptions.ini
c:\program files\TrojanHunter 4.2\Tools\LiveUpdate\LiveUpdate.exe
c:\program files\TrojanHunter 4.2\Tools\LiveUpdate\LiveUpdate.ini
c:\program files\TrojanHunter 4.2\Tools\LiveUpdate\thupdate.txt
c:\program files\TrojanHunter 4.2\Tools\MemString\MemString.exe
c:\program files\TrojanHunter 4.2\Tools\Netstat Viewer\NetstatViewer.exe
c:\program files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
c:\program files\TrojanHunter 4.2\Tools\Window List\WindowList.exe
c:\program files\TrojanHunter 4.2\TreeState.dat
c:\program files\TrojanHunter 4.2\TrojanHunter.exe
c:\program files\TrojanHunter 4.2\TrojanHunter.ini
c:\program files\TrojanHunter 4.2\TrojanHunter.url
c:\program files\TrojanHunter 4.2\Trojans.trf
c:\program files\TrojanHunter 4.2\unins000.dat
c:\program files\TrojanHunter 4.2\unins000.exe
c:\program files\TrojanHunter 4.2\UninstCheck.exe
c:\program files\TrojanHunter 4.2\unrar.dll
c:\program files\TrojanHunter 4.2\UnUpx.dll
c:\program files\TrojanHunter 4.2\unzdll.dll
c:\program files\TrojanHunter 4.2\Update.zip
c:\program files\TrojanHunter 4.2\urls.ini
c:\program files\TrojanHunter 4.2\WelcomeText.rtf
c:\program files\TrojanHunter 4.2\winstate.ini
c:\program files\TrojanHunter 4.2\ZipDll.dll
c:\windows\Qtomeb.exe
c:\windows\Qtomec.exe
c:\windows\Qtomed.exe
c:\windows\system32\drivers\c96f44d9.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
C:\yveqsh93.exe

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AAIFY0JGU
-------\Legacy_MCHINJDRV
-------\Service_aaify0jgu
-------\Service_aqayjlnq
-------\Service_c96f44d9
-------\Service_cofluckr
-------\Service_fcwjyspb
-------\Service_gfxtoimv
-------\Service_hrqwdiiu
-------\Service_ikckujxp
-------\Service_ivucwxcd
-------\Service_ixhjypgr
-------\Service_jcdjtawy
-------\Service_jibcrltd
-------\Service_jjpnaibq
-------\Service_jzqdajtm
-------\Service_khpmguyo
-------\Service_kzlymqyp
-------\Service_mbnmccbl
-------\Service_mcxlrzia
-------\Service_mchInjDrv
-------\Service_miaatdqf
-------\Service_mywhlxxr
-------\Service_nfkrrcwr
-------\Service_oiagukyl
-------\Service_pvmlfuzn
-------\Service_uifwieju
-------\Service_uysehqpf
-------\Service_uzfmsstp
-------\Service_vufckfrv
-------\Service_wtiiltxg
-------\Service_wvbppzcb
-------\Service_yawnxuqe
-------\Service_zajfgoww
-------\Service_zetkpunz
-------\Service_zkjoucba

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 19:56 . 2010-12-05 19:56 -------- d-----w- C:\_OTM
2010-12-05 18:53 . 2010-12-05 18:53 56320 ----a-w- c:\documents and settings\Míra Mareček\JGMJPMJPMS.exe
2010-12-05 16:06 . 2010-12-05 16:08 -------- d-----w- c:\program files\trend micro
2010-12-05 16:06 . 2010-12-05 16:09 -------- d-----w- C:\rsit
2010-12-05 15:50 . 2010-12-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-05 15:50 . 2010-12-05 15:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 15:40 . 2010-12-05 15:40 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-05 13:15 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-05 13:15 . 2010-12-05 14:08 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-04 13:33 . 2010-12-04 13:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2010-12-02 12:57 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-30 09:54 . 2010-11-30 09:54 -------- d-----w- c:\program files\CCleaner
2010-11-25 07:04 . 2010-11-25 07:04 18432 ---ha-w- c:\documents and settings\Míra Mareček\wdoe.exe
2010-11-21 12:05 . 2010-11-21 12:05 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\YouTube Downloader
2010-11-20 17:50 . 2010-11-20 17:51 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\Search Settings
2010-11-18 23:58 . 2010-11-18 23:58 -------- d-----w- c:\windows\Sun
2010-11-15 15:00 . 2010-11-18 18:52 93184 --sha-r- c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe
2010-11-14 22:12 . 2010-11-14 22:12 -------- d-----w- c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\P5
2010-11-14 22:12 . 2010-11-14 22:13 -------- d-----w- C:\bwinPoker
2010-11-14 21:52 . 2010-11-14 21:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 21:52 . 2010-11-14 21:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 21:51 . 2010-11-14 21:51 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 14:36 . 2004-08-18 12:00 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-12-30 14:11 . 2008-12-30 14:11 2595931 ----a-w- c:\program files\GfxUpdate.exe
1999-04-23 12:56 . 2008-12-30 14:12 6784 ----a-w- c:\program files\clcd16.dll
1999-04-23 12:56 . 2008-12-30 14:12 30208 ----a-w- c:\program files\clcd32.dll
1999-04-23 12:56 . 2008-12-30 14:12 177152 ----a-w- c:\program files\clokspl.exe
1999-04-23 12:56 . 2008-12-30 14:12 5207552 ----a-w- c:\program files\WA.icd
1999-04-23 12:56 . 2007-06-29 10:55 236272 ----a-w- c:\program files\WA.exe
1999-04-23 12:56 . 2008-12-30 14:12 155648 ----a-w- c:\program files\dplayerx.dll
1999-04-23 12:56 . 2008-12-30 14:12 14304 ----a-w- c:\program files\secdrv.sys
1999-04-23 12:56 . 2008-12-30 14:12 34816 ----a-w- c:\program files\drvmgt.dll
1999-04-20 17:30 . 2008-12-30 14:12 240128 ------r- c:\program files\DXMfc.dll
1999-04-20 17:30 . 2008-12-30 14:12 83456 ------r- c:\program files\DirectX2D.dll
1999-04-20 17:30 . 2008-12-30 14:12 10240 ------r- c:\program files\DirectSound.dll
1999-03-29 12:48 . 2008-12-30 14:12 297984 ------r- c:\program files\ltkrn10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 105472 ------r- c:\program files\ltfil10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 31744 ------r- c:\program files\lflmb10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 27648 ------r- c:\program files\lftga10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 269312 ------r- c:\program files\LFCMP10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 34304 ------r- c:\program files\lfbmp10N.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-9-22 987136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\EZSetup\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\Discovery\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2008 19:16 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 11:13 67312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [22.9.2008 12:37 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [22.9.2008 12:37 1324544]
S2 ey5eya25aoenoi;Canon BJ Memory Card Manager;c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe --> c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2010 17:13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.10.2010 21:33 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27.9.2010 0:04 100736]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:12]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 16:12]

2010-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Míra Mareček\Data aplikací\Mozilla\Firefox\Profiles\i7anyevu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-TrojanHunter_is1 - c:\program files\TrojanHunter 4.2\unins000.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(5832)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\Apvfb.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-12-05 21:22:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-05 20:22
ComboFix2.txt 2010-12-05 18:28

Před spuštěním: Volných bajtů: 49 628 053 504
Po spuštění: Volných bajtů: 49 602 818 048

- - End Of File - - 37B89DF99D4BCC55FA4D8FD66A4CAB71

Jeste se nam tam neco drzi

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
c:\documents and settings\Míra Mareček\JGMJPMJPMS.exe
c:\documents and settings\Míra Mareček\wdoe.exe
c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe
c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job
c:\windows\Tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job

Drivers to delete:
ey5eya25aoenoi

Registry values to delete:
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list | c:\\WINDOWS\\System32\\svchost.exe

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

havěť odporná

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\Míra Mareček\JGMJPMJPMS.exe" deleted successfully.
File "c:\documents and settings\Míra Mareček\wdoe.exe" deleted successfully.
File "c:\documents and settings\Míra Mareček\Data aplikací\juzjf.exe" deleted successfully.

Error: file "c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe" not found!
Deletion of file "c:\documents and settings\Míra Mareček\Data aplikací\Microsoft\vacoocuquoo.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\Tasks\GoogleUpdateTaskMachineCore.job" deleted successfully.
File "c:\windows\Tasks\GoogleUpdateTaskMachineUA.job" deleted successfully.
File "c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1604221776-725345543-1004.job" deleted successfully.
File "c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1604221776-725345543-1004.job" deleted successfully.
File "c:\windows\Tasks\User_Feed_Synchronization-{9A3E2F28-3B58-4EA8-A911-B87D0E6353D9}.job" deleted successfully.
Driver "ey5eya25aoenoi" deleted successfully.

Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS

Error: could not delete registry value "HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list|c:\\WINDOWS\\System32\\svchost.exe"
Deletion of registry value "HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list|c:\\WINDOWS\\System32\\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Jdeme dale

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

DDS::
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\WINDOWS\\System32\\svchost.exe"=-
"c:\WINDOWS\\System32\svchost.exe"=-

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 10-12-04.06 - Míra Mareček 06.12.2010 16:27:43.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.565 [GMT 1:00]
Spuštěný z: c:\documents and settings\Míra Mareček\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Míra Mareček\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-05 19:56 . 2010-12-05 19:56 -------- d-----w- C:\_OTM
2010-12-05 16:06 . 2010-12-05 16:08 -------- d-----w- c:\program files\trend micro
2010-12-05 15:50 . 2010-12-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-05 15:50 . 2010-12-05 15:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 15:40 . 2010-12-05 15:40 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-05 13:15 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-05 13:15 . 2010-12-05 14:08 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-04 13:33 . 2010-12-04 13:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2010-12-02 12:57 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-30 09:54 . 2010-11-30 09:54 -------- d-----w- c:\program files\CCleaner
2010-11-21 12:05 . 2010-11-21 12:05 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\YouTube Downloader
2010-11-20 17:50 . 2010-11-20 17:51 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\Search Settings
2010-11-18 23:58 . 2010-11-18 23:58 -------- d-----w- c:\windows\Sun
2010-11-14 22:12 . 2010-11-14 22:12 -------- d-----w- c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\P5
2010-11-14 22:12 . 2010-11-14 22:13 -------- d-----w- C:\bwinPoker
2010-11-14 21:52 . 2010-11-14 21:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 21:52 . 2010-11-14 21:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 21:51 . 2010-11-14 21:51 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 14:36 . 2004-08-18 12:00 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-12-30 14:11 . 2008-12-30 14:11 2595931 ----a-w- c:\program files\GfxUpdate.exe
1999-04-23 12:56 . 2008-12-30 14:12 6784 ----a-w- c:\program files\clcd16.dll
1999-04-23 12:56 . 2008-12-30 14:12 30208 ----a-w- c:\program files\clcd32.dll
1999-04-23 12:56 . 2008-12-30 14:12 177152 ----a-w- c:\program files\clokspl.exe
1999-04-23 12:56 . 2008-12-30 14:12 5207552 ----a-w- c:\program files\WA.icd
1999-04-23 12:56 . 2007-06-29 10:55 236272 ----a-w- c:\program files\WA.exe
1999-04-23 12:56 . 2008-12-30 14:12 155648 ----a-w- c:\program files\dplayerx.dll
1999-04-23 12:56 . 2008-12-30 14:12 14304 ----a-w- c:\program files\secdrv.sys
1999-04-23 12:56 . 2008-12-30 14:12 34816 ----a-w- c:\program files\drvmgt.dll
1999-04-20 17:30 . 2008-12-30 14:12 240128 ------r- c:\program files\DXMfc.dll
1999-04-20 17:30 . 2008-12-30 14:12 83456 ------r- c:\program files\DirectX2D.dll
1999-04-20 17:30 . 2008-12-30 14:12 10240 ------r- c:\program files\DirectSound.dll
1999-03-29 12:48 . 2008-12-30 14:12 297984 ------r- c:\program files\ltkrn10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 105472 ------r- c:\program files\ltfil10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 31744 ------r- c:\program files\lflmb10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 27648 ------r- c:\program files\lftga10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 269312 ------r- c:\program files\LFCMP10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 34304 ------r- c:\program files\lfbmp10N.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_20.19.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-06 14:13 . 2010-12-06 14:13 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-9-22 987136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\EZSetup\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\Discovery\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2008 19:16 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 11:13 67312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [22.9.2008 12:37 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [22.9.2008 12:37 1324544]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2010 17:13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.10.2010 21:33 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27.9.2010 0:04 100736]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Míra Mareček\Data aplikací\Mozilla\Firefox\Profiles\i7anyevu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
.

**************************************************************************
skenování skrytých procesů ...

? [33596]
? [44980]
? [48160]
? [47968]
? [48200]
? [47976]
? [47984]
? [49936]
? [49944]

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(179056)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-12-06 16:35:44
ComboFix-quarantined-files.txt 2010-12-06 15:35
ComboFix2.txt 2010-12-05 20:22
ComboFix3.txt 2010-12-05 18:28

Před spuštěním: Volných bajtů: 50 293 886 976
Po spuštění: Volných bajtů: 50 280 386 560

- - End Of File - - AB01622DEC822A9CCA5E9E45E85D658D

Jeste to neni ono

A tusim tam poradnou mrsku

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Restore::
c:\windows\system32\drivers\cdrom.sys

SRPeek::
c:\windows\system32\drivers\cdrom.sys

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Udelejte krok dle navodu kolgy

stell píše: Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

ComboFix 10-12-04.06 - Míra Mareček 06.12.2010 17:08:05.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.460 [GMT 1:00]
Spuštěný z: c:\documents and settings\Míra Mareček\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Míra Mareček\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-05 19:56 . 2010-12-05 19:56 -------- d-----w- C:\_OTM
2010-12-05 16:06 . 2010-12-05 16:08 -------- d-----w- c:\program files\trend micro
2010-12-05 15:50 . 2010-12-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-12-05 15:50 . 2010-12-05 15:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-05 15:40 . 2010-12-05 15:40 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-05 13:15 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-05 13:15 . 2010-12-05 14:08 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-04 13:33 . 2010-12-04 13:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2010-12-02 12:57 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-30 09:54 . 2010-11-30 09:54 -------- d-----w- c:\program files\CCleaner
2010-11-21 12:05 . 2010-11-21 12:05 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\YouTube Downloader
2010-11-20 17:50 . 2010-11-20 17:51 -------- d-----w- c:\documents and settings\Míra Mareček\Data aplikací\Search Settings
2010-11-18 23:58 . 2010-11-18 23:58 -------- d-----w- c:\windows\Sun
2010-11-14 22:12 . 2010-11-14 22:12 -------- d-----w- c:\documents and settings\Míra Mareček\Local Settings\Data aplikací\P5
2010-11-14 22:12 . 2010-11-14 22:13 -------- d-----w- C:\bwinPoker
2010-11-14 21:52 . 2010-11-14 21:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 21:52 . 2010-11-14 21:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 21:52 . 2010-11-14 21:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 21:51 . 2010-11-14 21:51 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 14:36 . 2004-08-18 12:00 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-12-30 14:11 . 2008-12-30 14:11 2595931 ----a-w- c:\program files\GfxUpdate.exe
1999-04-23 12:56 . 2008-12-30 14:12 6784 ----a-w- c:\program files\clcd16.dll
1999-04-23 12:56 . 2008-12-30 14:12 30208 ----a-w- c:\program files\clcd32.dll
1999-04-23 12:56 . 2008-12-30 14:12 177152 ----a-w- c:\program files\clokspl.exe
1999-04-23 12:56 . 2008-12-30 14:12 5207552 ----a-w- c:\program files\WA.icd
1999-04-23 12:56 . 2007-06-29 10:55 236272 ----a-w- c:\program files\WA.exe
1999-04-23 12:56 . 2008-12-30 14:12 155648 ----a-w- c:\program files\dplayerx.dll
1999-04-23 12:56 . 2008-12-30 14:12 14304 ----a-w- c:\program files\secdrv.sys
1999-04-23 12:56 . 2008-12-30 14:12 34816 ----a-w- c:\program files\drvmgt.dll
1999-04-20 17:30 . 2008-12-30 14:12 240128 ------r- c:\program files\DXMfc.dll
1999-04-20 17:30 . 2008-12-30 14:12 83456 ------r- c:\program files\DirectX2D.dll
1999-04-20 17:30 . 2008-12-30 14:12 10240 ------r- c:\program files\DirectSound.dll
1999-03-29 12:48 . 2008-12-30 14:12 297984 ------r- c:\program files\ltkrn10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 105472 ------r- c:\program files\ltfil10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 31744 ------r- c:\program files\lflmb10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 27648 ------r- c:\program files\lftga10N.dll
1999-03-29 12:48 . 2008-12-30 14:12 269312 ------r- c:\program files\LFCMP10N.DLL
1999-03-29 12:48 . 2008-12-30 14:12 34304 ------r- c:\program files\lfbmp10N.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\dllcache\cdrom.sys [x]
[-] 07F25240FA7DC02ACA3BC419AD6BEB3D 84800 \RP465\A0181106.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-12-05_20.19.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-06 15:42 . 2010-12-06 15:42 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-9-22 987136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\EZSetup\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\RT-G32 Wireless Router Utilities\\Discovery\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2008 19:16 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 7:21 33800]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 11:13 67312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 7:21 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [22.9.2008 12:37 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [22.9.2008 12:37 1324544]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2010 17:13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.10.2010 21:33 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [27.9.2010 0:04 100736]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Míra Mareček\Data aplikací\Mozilla\Firefox\Profiles\i7anyevu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 17:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

? [11476]
? [8492]
? [8528]
? [12264]
skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(74064)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-12-06 17:16:37
ComboFix-quarantined-files.txt 2010-12-06 16:16
ComboFix2.txt 2010-12-05 20:22
ComboFix3.txt 2010-12-05 18:28

Před spuštěním: Volných bajtů: 50 285 084 672
Po spuštění: Volných bajtů: 50 271 330 304

- - End Of File - - F52B1773E2C4C2782ED505E1E02E07F0

Jeste poprosim o TDSS Killer a budem nahrazovat jeden systemovy soubor co nam havet napadla...

2010/12/06 17:35:49.0562 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 17:35:49.0562 ================================================================================
2010/12/06 17:35:49.0562 SystemInfo:
2010/12/06 17:35:49.0562
2010/12/06 17:35:49.0562 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/06 17:35:49.0562 Product type: Workstation
2010/12/06 17:35:49.0562 ComputerName: MARECEK
2010/12/06 17:35:49.0562 UserName: Míra Mareček
2010/12/06 17:35:49.0562 Windows directory: C:\WINDOWS
2010/12/06 17:35:49.0562 System windows directory: C:\WINDOWS
2010/12/06 17:35:49.0562 Processor architecture: Intel x86
2010/12/06 17:35:49.0562 Number of processors: 2
2010/12/06 17:35:49.0562 Page size: 0x1000
2010/12/06 17:35:49.0562 Boot type: Normal boot
2010/12/06 17:35:49.0562 ================================================================================
2010/12/06 17:35:49.0843 Initialize success
2010/12/06 17:35:58.0859 ================================================================================
2010/12/06 17:35:58.0859 Scan started
2010/12/06 17:35:58.0859 Mode: Manual;
2010/12/06 17:35:58.0859 ================================================================================
2010/12/06 17:35:59.0531 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/06 17:35:59.0578 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/06 17:35:59.0656 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/06 17:35:59.0734 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/06 17:35:59.0890 ApfiltrService (69c2e4fdfaab3e23a23a35fa36914e47) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/06 17:35:59.0937 AR5211 (65b963f05458a7ee00473eb21ce3789d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/12/06 17:36:00.0015 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/06 17:36:00.0250 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\ATK0100\ASNDIS5.SYS
2010/12/06 17:36:00.0312 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/06 17:36:00.0375 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/06 17:36:00.0437 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/06 17:36:00.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/06 17:36:00.0578 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/06 17:36:00.0875 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/06 17:36:00.0953 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/06 17:36:00.0984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/06 17:36:01.0125 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/06 17:36:01.0312 Cdrom (07f25240fa7dc02aca3bc419ad6beb3d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/06 17:36:01.0937 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/06 17:36:02.0500 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/06 17:36:02.0906 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2010/12/06 17:36:03.0296 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/06 17:36:03.0406 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/06 17:36:03.0500 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/06 17:36:03.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/06 17:36:03.0640 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/06 17:36:03.0796 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/06 17:36:03.0859 eamon (7a25ad652a3003b8854e873a3324e672) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/06 17:36:03.0921 easdrv (c7c17bc80b7264322207abc31f20ea84) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2010/12/06 17:36:03.0968 epfwtdir (74051da749e5e89a14ddab5ba4a03a7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/12/06 17:36:04.0046 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/06 17:36:04.0093 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/06 17:36:04.0109 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/06 17:36:04.0125 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/06 17:36:04.0203 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/06 17:36:04.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/06 17:36:04.0390 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/06 17:36:04.0453 gearaspiwdm (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/06 17:36:04.0531 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/06 17:36:04.0609 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/06 17:36:04.0687 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/06 17:36:04.0765 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/06 17:36:04.0828 Huawei (4183be439981bbc77ef2c1d66629f124) C:\WINDOWS\system32\DRIVERS\ewdcsc.sys
2010/12/06 17:36:04.0875 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/12/06 17:36:05.0046 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2010/12/06 17:36:05.0156 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/06 17:36:05.0234 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/06 17:36:05.0515 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/06 17:36:05.0656 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/06 17:36:05.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/06 17:36:05.0843 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/06 17:36:05.0984 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/06 17:36:06.0015 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/06 17:36:06.0078 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/06 17:36:06.0140 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/06 17:36:06.0203 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/06 17:36:06.0281 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/06 17:36:06.0296 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/06 17:36:06.0406 M3AD (b57beae8d352647337fa79cd6e470557) C:\WINDOWS\system32\drivers\m3aux.sys
2010/12/06 17:36:06.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/06 17:36:06.0593 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/06 17:36:06.0718 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/06 17:36:06.0765 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/06 17:36:06.0843 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/06 17:36:06.0921 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/06 17:36:06.0984 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/06 17:36:07.0062 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/06 17:36:07.0140 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/06 17:36:07.0203 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/06 17:36:07.0234 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/06 17:36:07.0265 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/06 17:36:07.0343 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/06 17:36:07.0406 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/06 17:36:07.0437 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2010/12/06 17:36:07.0500 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/06 17:36:07.0531 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/06 17:36:07.0562 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/06 17:36:07.0703 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/06 17:36:07.0750 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/06 17:36:07.0765 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/06 17:36:07.0781 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/06 17:36:07.0812 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/06 17:36:07.0828 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/06 17:36:07.0859 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/06 17:36:07.0968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/06 17:36:08.0000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/06 17:36:08.0125 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/06 17:36:08.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/06 17:36:08.0453 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/06 17:36:08.0671 NVENETFD (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/06 17:36:08.0687 nvnetbus (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/06 17:36:08.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/06 17:36:08.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/06 17:36:08.0921 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/06 17:36:09.0000 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/06 17:36:09.0093 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/06 17:36:09.0125 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/06 17:36:09.0140 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/06 17:36:09.0171 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/06 17:36:09.0234 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/06 17:36:09.0375 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/06 17:36:09.0406 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/06 17:36:09.0437 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/06 17:36:09.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/06 17:36:09.0484 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/06 17:36:09.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/06 17:36:09.0750 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/06 17:36:09.0796 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/06 17:36:09.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/06 17:36:09.0875 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/06 17:36:09.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/06 17:36:10.0046 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/06 17:36:10.0109 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/06 17:36:10.0156 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/06 17:36:10.0203 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/06 17:36:10.0281 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/06 17:36:10.0406 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/06 17:36:10.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/06 17:36:10.0625 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/06 17:36:10.0687 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/06 17:36:10.0703 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/06 17:36:10.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/06 17:36:10.0843 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/06 17:36:10.0937 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/06 17:36:11.0046 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/06 17:36:11.0046 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/06 17:36:11.0046 sptd - detected Locked file (1)
2010/12/06 17:36:11.0140 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/06 17:36:11.0250 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/06 17:36:11.0312 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/12/06 17:36:11.0359 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/12/06 17:36:11.0437 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/12/06 17:36:11.0484 staropen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\staropen.sys
2010/12/06 17:36:11.0609 StkCMini (b14cbd454ea369692cee1810d0d27aa7) C:\WINDOWS\system32\Drivers\StkCMini.sys
2010/12/06 17:36:11.0656 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/06 17:36:11.0671 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/06 17:36:11.0734 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/06 17:36:11.0906 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/06 17:36:12.0000 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/06 17:36:12.0078 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/06 17:36:12.0125 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/06 17:36:12.0171 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/06 17:36:12.0265 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2010/12/06 17:36:12.0296 tosporte (02ebf69066d6f208af4d07481bbae0ad) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2010/12/06 17:36:12.0343 Tosrfbd (b52d9ce4a1f2feb1c77f913b55768530) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2010/12/06 17:36:12.0390 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2010/12/06 17:36:12.0421 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2010/12/06 17:36:12.0453 Tosrfhid (8310963d2d06860e272eec87bca4217a) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2010/12/06 17:36:12.0484 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2010/12/06 17:36:12.0609 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2010/12/06 17:36:12.0687 Tosrfusb (c639fc314ea7436325ade8cd514b627c) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2010/12/06 17:36:12.0765 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/06 17:36:12.0812 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/06 17:36:12.0875 usbaapl (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/06 17:36:12.0906 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/06 17:36:12.0984 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/06 17:36:13.0015 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/06 17:36:13.0046 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/06 17:36:13.0218 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/06 17:36:13.0265 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/06 17:36:13.0312 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/06 17:36:13.0406 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/06 17:36:13.0437 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/06 17:36:13.0546 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/06 17:36:13.0640 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/06 17:36:13.0796 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/06 17:36:14.0015 ================================================================================
2010/12/06 17:36:14.0015 Scan finished
2010/12/06 17:36:14.0015 ================================================================================
2010/12/06 17:36:14.0031 Detected object count: 1
2010/12/06 17:36:21.0890 Locked file(sptd) - User select action: Skip

Takze TDSS nam nic nenaslo, nahradite infik.soubor a pujdem pripadne dal...omlouvam se ze je to na dlouho, ale PC bylo vic nez jen "bezne" zavirovane

Stahnete si tady tento soubor http://leteckaposta.cz/476650022 a ulozte jej primo na disk c:\, takze cesta k nemu bude c:\cdrom.sys

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

FCopy::
c:\cdrom.sys | c:\windows\system32\drivers\cdrom.sys

DDS::
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Internet Explorer a Firefox nefungují, Opera, Chrome funguje

Internet Explorer a Firefox nefungují, Opera, Chrome funguje

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun

Re: Internet Explorer a Firefox nefungují, Opera, Chrome fun