VIRY.CZ

zdravim...mam problem s nejakym virem ktery avast detekoval ale nedari se mu ho smazat....

tady posilam log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by uživatel at 2010-12-13 16:01:12
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (15%) free of 50 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:46, on 13.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\spool\drivers\Distributed.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\nvsvc32.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [coudef] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\uživatel\mqf.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0uupllh.exe
O4 - Startup: 0vrmm70.exe
O4 - Startup: 2xidtze.exe
O4 - Startup: 2zkpq0m.exe
O4 - Startup: 70dtze3.exe
O4 - Startup: 70xtoo6.exe
O4 - Startup: 9s69e1a.exe
O4 - Startup: a0b0rns8.exe
O4 - Startup: aa6mm70tp.exe
O4 - Startup: avmmhyytkk.exe
O4 - Startup: bxnnjzzvll.exe
O4 - Startup: fl870njz.exe
O4 - Startup: g69so0e3qq.exe
O4 - Startup: hdttpffb.exe
O4 - Startup: o9k1gccxoo.exe
O4 - Startup: ooz83q3ssn.exe
O4 - Startup: u86bc70dzpf.exe
O4 - Startup: zvllhxxt.exe
O4 - Startup: zzvllhxxi3k.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: TMMonitor.lnk = D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DistributedAgentServices - BrainWork - C:\WINDOWS\system32\spool\drivers\Distributed.exe
O23 - Service: Služba Google Update (gupdate1ca3f42ddb1aee2) (gupdate1ca3f42ddb1aee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: ASUSKeyboardService (y6ajoaoakfxs) - Unknown owner - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe (file missing)

--
End of file - 13111 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for uživatel.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-29 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-27 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-27 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-27 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-20 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-03 16116224]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-07 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-10-15 1783808]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-29 185896]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-02-15 111928]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-14 61440]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-23 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-14 61440]
"coudef"=C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe [2010-12-02 461824]
"MSConfig"=C:\Documents and Settings\uživatel\mqf.exe [2010-11-24 18432]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
TMMonitor.lnk - D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění
0uupllh.exe
0vrmm70.exe
2xidtze.exe
2zkpq0m.exe
70dtze3.exe
70xtoo6.exe
9s69e1a.exe
a0b0rns8.exe
aa6mm70tp.exe
avmmhyytkk.exe
bxnnjzzvll.exe
fl870njz.exe
g69so0e3qq.exe
hdttpffb.exe
o9k1gccxoo.exe
ooz83q3ssn.exe
u86bc70dzpf.exe
zvllhxxt.exe
zzvllhxxi3k.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crhcwhpk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gfwctunh]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kujtfczr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\trtnetbs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xorsbsab]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\crhcwhpk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gfwctunh]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\kujtfczr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\trtnetbs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xorsbsab]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\uživatel\Plocha\bulanci.exe"="C:\Documents and Settings\uživatel\Plocha\bulanci.exe:*:Enabled:bulanci"
"D:\Hry\hl.exe"="D:\Hry\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\hltv.exe"="D:\Hry\hltv.exe:*:Disabled:HLTV Launcher"
"D:\cod\iw3mp.exe"="D:\cod\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"D:\MARTIM\koš\hry\bulanci.exe"="D:\MARTIM\koš\hry\bulanci.exe:*:Enabled:bulanci"
"D:\Hry\nfs_undergroun_2\speed2.exe"="D:\Hry\nfs_undergroun_2\speed2.exe:*:Enabled:speed2"
"D:\Hry\Counter-Strike Source\hl2.exe"="D:\Hry\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\MARTIM\koš\dirt2_game.exe"="D:\MARTIM\koš\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"D:\Hry\cod\iw3mp.exe"="D:\Hry\cod\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\vafy.exe"="C:\WINDOWS\system32\vafy.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\gefasojys.exe"="C:\WINDOWS\system32\gefasojys.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\zoonehoum.exe"="C:\WINDOWS\system32\zoonehoum.exe:*:Enabled:joorin64"
"D:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="D:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe"="C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe:*:Disabled:vafy"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"
"C:\Documents and Settings\užvatel\Data aplikací\lsass.exe"="C:\Documents and Settings\užvatel\Data aplikací\lsass.exe:*:Disabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-13 16:01:12 ----D---- C:\rsit
2010-12-13 16:01:12 ----D---- C:\Program Files\trend micro
2010-12-13 15:53:47 ----A---- C:\WINDOWS\system32\drivers\zcvsxnap.sys
2010-12-05 11:23:12 ----A---- C:\WINDOWS\system32\drivers\vtwmfzao.sys
2010-11-28 12:37:25 ----A---- C:\WINDOWS\system32\drivers\kujtfczr.sys
2010-11-26 04:29:47 ----A---- C:\pen.exe
2010-11-26 04:25:09 ----N---- C:\kmedia.exe
2010-11-26 02:20:50 ----N---- C:\bejewled.exe
2010-11-25 19:21:59 ----A---- C:\psp.exe
2010-11-25 18:05:22 ----A---- C:\WINDOWS\system32\drivers\ipnrnerj.sys
2010-11-25 17:43:38 ----A---- C:\WINDOWS\system32\drivers\hkqzsabn.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys
2010-11-25 17:09:31 ----D---- C:\Program Files\NewSoft
2010-11-25 17:09:31 ----A---- C:\WINDOWS\system32\RTKFMSOURCE.dll
2010-11-25 16:56:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-11-25 16:52:31 ----A---- C:\WINDOWS\system32\unicows.dll
2010-11-24 20:07:53 ----D---- C:\Program Files\Common Files\ArcSoft
2010-11-21 23:10:23 ----RA---- C:\Documents and Settings\uživatel\Data aplikací\BG0Ai.txt
2010-11-21 23:09:11 ----RSH---- C:\Documents and Settings\uživatel\Data aplikací\juzjf.exe
2010-11-21 23:09:10 ----A---- C:\HDTV.exe
2010-11-17 12:20:14 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-11-17 12:20:04 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-11-17 12:19:53 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-11-17 12:19:43 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-11-17 12:19:42 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-11-14 21:49:47 ----A---- C:\t6.exe
2010-11-14 09:41:10 ----RSH---- C:\WINDOWS\nvsvc32.exe

======List of files/folders modified in the last 1 months======

2010-12-13 16:01:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-13 16:01:12 ----RD---- C:\Program Files
2010-12-13 15:54:58 ----AD---- C:\WINDOWS\Temp
2010-12-13 15:53:47 ----D---- C:\WINDOWS\system32\drivers
2010-12-13 15:53:37 ----D---- C:\Program Files\Crawler
2010-12-13 15:52:59 ----D---- C:\Program Files\Mozilla Firefox
2010-12-13 15:52:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 22:56:01 ----D---- C:\Program Files\Spyware Terminator
2010-12-08 16:13:36 ----D---- C:\Program Files\TrackMania Nations ESWC
2010-12-06 19:25:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-12-06 05:43:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-12-06 00:00:28 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Spyware Terminator
2010-12-05 15:05:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-03 18:58:46 ----D---- C:\Documents and Settings\uživatel\Data aplikací\dvdcss
2010-12-02 16:27:47 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-11-30 17:03:54 ----SHD---- C:\WINDOWS\Installer
2010-11-30 00:16:28 ----D---- C:\WINDOWS\Prefetch
2010-11-28 16:04:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-26 18:19:29 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ICQ
2010-11-26 18:19:05 ----D---- C:\Program Files\ICQ7.0
2010-11-26 17:08:52 ----RSHD---- C:\RECYCLER
2010-11-26 17:00:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 15:04:59 ----D---- C:\WINDOWS
2010-11-26 15:04:13 ----D---- C:\WINDOWS\system32
2010-11-25 17:12:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-25 17:11:27 ----HD---- C:\WINDOWS\inf
2010-11-25 16:56:33 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ArcSoft
2010-11-24 20:07:53 ----D---- C:\Program Files\Common Files
2010-11-24 19:54:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-20 13:01:21 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-11-17 12:20:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-03 717296]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 9216]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-02-03 4474368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 kujtfczr;kujtfczr; C:\WINDOWS\system32\drivers\kujtfczr.sys [2010-11-28 82944]
S3 aewhqeml;aewhqeml; C:\WINDOWS\system32\drivers\aewhqeml.sys []
S3 anlhltyi;anlhltyi; \??\C:\WINDOWS\System32\Drivers\anlhltyi.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmqklrsk;cmqklrsk; \??\C:\WINDOWS\System32\Drivers\cmqklrsk.sys []
S3 dlckeors;dlckeors; \??\C:\WINDOWS\System32\Drivers\dlckeors.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ecbzrioj;ecbzrioj; \??\C:\WINDOWS\System32\Drivers\ecbzrioj.sys []
S3 eeibohyo;eeibohyo; \??\C:\WINDOWS\System32\Drivers\eeibohyo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fpndnmck;fpndnmck; \??\C:\WINDOWS\System32\Drivers\fpndnmck.sys []
S3 gewtffud;gewtffud; \??\C:\WINDOWS\System32\Drivers\gewtffud.sys []
S3 gtmihavu;gtmihavu; \??\C:\WINDOWS\System32\Drivers\gtmihavu.sys []
S3 gvfnzodb;gvfnzodb; \??\C:\WINDOWS\System32\Drivers\gvfnzodb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 iuzjcxli;iuzjcxli; \??\C:\WINDOWS\System32\Drivers\iuzjcxli.sys []
S3 jdiotjfh;jdiotjfh; \??\C:\WINDOWS\System32\Drivers\jdiotjfh.sys []
S3 kvxqhzyc;kvxqhzyc; \??\C:\WINDOWS\System32\Drivers\kvxqhzyc.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nzfrikij;nzfrikij; \??\C:\WINDOWS\System32\Drivers\nzfrikij.sys []
S3 nzqvahpo;nzqvahpo; \??\C:\WINDOWS\System32\Drivers\nzqvahpo.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
S3 sdbiemqa;sdbiemqa; \??\C:\WINDOWS\System32\Drivers\sdbiemqa.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tvjjdavm;tvjjdavm; \??\C:\WINDOWS\System32\Drivers\tvjjdavm.sys []
S3 ughwdinq;ughwdinq; \??\C:\WINDOWS\System32\Drivers\ughwdinq.sys []
S3 ujoorlbo;ujoorlbo; \??\C:\WINDOWS\System32\Drivers\ujoorlbo.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vtwmfzao;vtwmfzao; \??\C:\WINDOWS\System32\Drivers\vtwmfzao.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 wzndoylh;wzndoylh; \??\C:\WINDOWS\System32\Drivers\wzndoylh.sys []
S3 xjwlnzku;xjwlnzku; \??\C:\WINDOWS\System32\Drivers\xjwlnzku.sys []
S3 yqqolonw;yqqolonw; \??\C:\WINDOWS\System32\Drivers\yqqolonw.sys []
S3 zvykjxdv;zvykjxdv; \??\C:\WINDOWS\System32\Drivers\zvykjxdv.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 DistributedAgentServices;DistributedAgentServices; C:\WINDOWS\system32\spool\drivers\Distributed.exe [2010-12-04 117732]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-14 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-07 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-15 570880]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 gupdate1ca3f42ddb1aee2;Služba Google Update (gupdate1ca3f42ddb1aee2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
S2 y6ajoaoakfxs;ASUSKeyboardService; C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-05 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

diky za pomoc

Zdravim a pekny den preji

Vypnu Vam rezindetni stit u Spyware Terminatora, at neni v kolizi s Avastem = ST tak budeme mit pouze na obcasny rucni sken

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Služba Google Update
Google Software Updater
Nero BackItUp Scheduler 3
Nero BackItUp Scheduler 4.0
Spyware Terminator Realtime Shield Service
U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

Tam teda te haveti je

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

zdravim a omlouvam se za zpozdeni se kterym reaguji na vasi pomoc (byl sem par dni mimo)....

zde vkladam log z combofixu a doufam ze se jeste najde pro me nejaka rada....dekuji...

ComboFix 10-12-21.03 - uživatel 22.12.2010 10:00:56.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.631 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uživatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\quukou.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
c:\documents and settings\užvatel\Data aplikací\lsass.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\dovogig.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\vafy.exe
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\jllrtrmc.sys
c:\windows\System32\Drivers\vtwmfzao.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jllrtrmc
-------\Service_jllrtrmc
-------\Service_vtwmfzao

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-22 do 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- C:\rsit
2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- c:\program files\trend micro
2010-11-28 11:37 . 2010-11-28 11:37 82944 ----a-w- c:\windows\system32\drivers\kujtfczr.sys
2010-11-27 08:35 . 2010-11-27 08:35 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GRETECH
2010-11-26 16:59 . 2010-11-26 16:59 -------- d-----w- c:\documents and settings\užvatel\Local Settings\Data aplikací\ArcSoft
2010-11-26 03:29 . 2010-11-26 03:29 184951 ----a-w- C:\pen.exe
2010-11-26 03:25 . 2010-11-26 03:25 194560 ------w- C:\kmedia.exe
2010-11-26 01:20 . 2010-11-26 01:42 194560 ------w- C:\bejewled.exe
2010-11-25 18:21 . 2010-11-26 03:27 184951 ----a-w- C:\psp.exe
2010-11-25 17:05 . 2010-11-25 17:05 0 ----a-w- c:\windows\system32\drivers\ipnrnerj.sys
2010-11-25 16:43 . 2010-11-25 16:43 0 ----a-w- c:\windows\system32\drivers\hkqzsabn.sys
2010-11-25 16:09 . 2009-07-13 14:46 37280 ----a-w- c:\windows\system32\drivers\RTL2832U_IRHID.sys
2010-11-25 16:09 . 2009-07-06 16:37 32800 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-11-25 16:09 . 2009-07-06 16:36 91168 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\program files\NewSoft
2010-11-25 16:09 . 2009-04-02 13:22 127085 ----a-w- c:\windows\system32\RTKFMSOURCE.dll
2010-11-25 15:56 . 2010-11-25 15:56 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ArcSoft
2010-11-25 15:56 . 2010-11-26 16:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ArcSoft
2010-11-25 15:52 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-11-24 19:07 . 2010-11-25 15:55 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-11-24 18:33 . 2010-11-24 18:33 18432 ---ha-w- c:\documents and settings\uživatel\mqf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 18:26 . 2008-06-26 12:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 18:25 . 2008-06-26 12:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-30 16:02 . 2010-11-21 21:34 97792 --sh--r- c:\documents and settings\užvatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 --sh--r- c:\documents and settings\uživatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 ----a-w- C:\HDTV.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-03 14:00 . 2010-11-03 06:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-03 14:00 . 2010-11-03 06:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-14 19:05 . 2010-10-14 19:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-14 19:05 . 2010-10-14 19:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-02-15 111928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\u§vatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0tjjpq6.exe [2010-11-30 50688]
1a2hcco.exe [2010-12-4 42496]
1okkflh.exe [2010-12-1 50688]
1yjkflg.exe [2010-11-28 50688]
3o6v6wc.exe [2010-11-27 50688]
5r5nde0.exe [2010-11-21 43008]
6d19u1q.exe [2010-11-25 50688]
6d8p58x.exe [2010-11-25 42496]
6iiuupv.exe [2010-11-25 50688]
6s81pkv.exe [2010-11-28 50688]
6wrms5t.exe [2010-11-22 43008]
70y6kk1.exe [2010-12-1 42496]
9ejfvvr.exe [2010-12-2 50688]
9y2p3wh.exe [2010-11-29 50688]
bssneezqqlc.exe [2010-11-22 43008]
c1yzzvlr.exe [2010-11-30 42496]
cc6ejfaqg.exe [2010-11-25 50688]
cnnjzpplbb.exe [2010-12-1 50688]
cxytz60gbs.exe [2010-11-28 50688]
djzkg0h1so.exe [2010-11-27 50688]
epak769xtt.exe [2010-11-29 50688]
fggbsidopp.exe [2010-11-30 42496]
fvvrhhs3.exe [2010-12-2 42496]
hsoojffgw6.exe [2010-11-27 42496]
hyytkkfl.exe [2010-12-1 50688]
i9j60llwhi.exe [2010-11-30 50688]
ju3wccxooj.exe [2010-11-26 50688]
lr5nde0u3.exe [2010-11-21 43008]
m6yy6kk6.exe [2010-11-22 43008]
miidzppggr.exe [2010-11-27 42496]
mmhyytkkfw.exe [2010-11-22 43008]
n1o21a9cc.exe [2010-11-29 50688]
nt66k6lm.exe [2010-11-28 42496]
oju3wccxooj.exe [2010-11-26 50688]
okffwccxoo.exe [2010-11-26 50688]
okkfwwrii9.exe [2010-12-1 42496]
pu30rrc0.exe [2010-11-30 50688]
qmmhyytkkf.exe [2010-12-10 43008]
qw5sdjo3.exe [2010-11-21 43008]
qw9c1yzzv.exe [2010-11-30 50688]
r2too6ag.exe [2010-11-30 50688]
s3o3f0lhccy.exe [2010-12-2 50688]
toupl2hcco.exe [2010-12-4 50688]
tppl2hccooj.exe [2010-12-4 50688]
tukk6ww6.exe [2010-12-4 50688]
uka9ccn8.exe [2010-11-29 42496]
vmmhyytk.exe [2010-12-10 43008]
vmmhyytkkfw.exe [2010-12-10 42496]
w5sdjo3aa3.exe [2010-11-21 43008]
w765j1uq.exe [2010-12-1 50688]
ww9c1yzzvl.exe [2010-11-30 50688]
xyj1uqql.exe [2010-12-1 50688]
y2zqqlccn3.exe [2010-12-2 50688]
y69k1r5x0dz.exe [2010-11-26 42496]
yy6kk1wrs.exe [2010-12-1 50688]

c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0uupllh.exe [2010-11-24 43008]
0vrmm70.exe [2010-11-22 43008]
2xidtze.exe [2010-11-22 43008]
2zkpq0m.exe [2010-11-24 43008]
70dtze3.exe [2010-11-22 43008]
70xtoo6.exe [2010-11-22 43008]
9s69e1a.exe [2010-11-22 43008]
a0b0rns8.exe [2010-11-21 43008]
aa6mm70tp.exe [2010-11-22 43008]
avmmhyytkk.exe [2010-11-22 43008]
bxnnjzzvll.exe [2010-11-22 43008]
fl870njz.exe [2010-11-21 43008]
g69so0e3qq.exe [2010-11-22 43008]
hdttpffb.exe [2010-11-22 43008]
o9k1gccxoo.exe [2010-11-22 43008]
ooz83q3ssn.exe [2010-11-24 43008]
u86bc70dzpf.exe [2010-11-21 43008]
zvllhxxt.exe [2010-11-22 43008]
zzvllhxxi3k.exe [2010-11-24 43008]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-25 258048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\MARTIM\\koš\\hry\\bulanci.exe"=
"d:\\Hry\\nfs_undergroun_2\\speed2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\MARTIM\\koš\\dirt2_game.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"d:\\Hry\\cod\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20030:TCP"= 20030:TCP:BitComet 20030 TCP
"20030:UDP"= 20030:UDP:BitComet 20030 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2008 12:42 717296]
R2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [4.12.2010 11:21 117732]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.1.2009 13:19 246520]
S2 gupdate1ca3f42ddb1aee2;Služba Google Update (gupdate1ca3f42ddb1aee2);c:\program files\Google\Update\GoogleUpdate.exe [27.9.2009 8:19 133104]
S2 kujtfczr;kujtfczr;c:\windows\system32\drivers\kujtfczr.sys [28.11.2010 12:37 82944]
S2 y6ajoaoakfxs;ASUSKeyboardService;c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe --> c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe [?]
S3 anlhltyi;anlhltyi;\??\c:\windows\System32\Drivers\anlhltyi.sys --> c:\windows\System32\Drivers\anlhltyi.sys [?]
S3 cmqklrsk;cmqklrsk;\??\c:\windows\System32\Drivers\cmqklrsk.sys --> c:\windows\System32\Drivers\cmqklrsk.sys [?]
S3 dlckeors;dlckeors;\??\c:\windows\System32\Drivers\dlckeors.sys --> c:\windows\System32\Drivers\dlckeors.sys [?]
S3 ecbzrioj;ecbzrioj;\??\c:\windows\System32\Drivers\ecbzrioj.sys --> c:\windows\System32\Drivers\ecbzrioj.sys [?]
S3 eeibohyo;eeibohyo;\??\c:\windows\System32\Drivers\eeibohyo.sys --> c:\windows\System32\Drivers\eeibohyo.sys [?]
S3 fpndnmck;fpndnmck;\??\c:\windows\System32\Drivers\fpndnmck.sys --> c:\windows\System32\Drivers\fpndnmck.sys [?]
S3 gewtffud;gewtffud;\??\c:\windows\System32\Drivers\gewtffud.sys --> c:\windows\System32\Drivers\gewtffud.sys [?]
S3 gtmihavu;gtmihavu;\??\c:\windows\System32\Drivers\gtmihavu.sys --> c:\windows\System32\Drivers\gtmihavu.sys [?]
S3 gvfnzodb;gvfnzodb;\??\c:\windows\System32\Drivers\gvfnzodb.sys --> c:\windows\System32\Drivers\gvfnzodb.sys [?]
S3 iuzjcxli;iuzjcxli;\??\c:\windows\System32\Drivers\iuzjcxli.sys --> c:\windows\System32\Drivers\iuzjcxli.sys [?]
S3 jdiotjfh;jdiotjfh;\??\c:\windows\System32\Drivers\jdiotjfh.sys --> c:\windows\System32\Drivers\jdiotjfh.sys [?]
S3 kvxqhzyc;kvxqhzyc;\??\c:\windows\System32\Drivers\kvxqhzyc.sys --> c:\windows\System32\Drivers\kvxqhzyc.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 nzfrikij;nzfrikij;\??\c:\windows\System32\Drivers\nzfrikij.sys --> c:\windows\System32\Drivers\nzfrikij.sys [?]
S3 nzqvahpo;nzqvahpo;\??\c:\windows\System32\Drivers\nzqvahpo.sys --> c:\windows\System32\Drivers\nzqvahpo.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 11:29 162176]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [25.11.2010 17:09 37280]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [25.11.2010 17:09 91168]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [25.11.2010 17:09 32800]
S3 sdbiemqa;sdbiemqa;\??\c:\windows\System32\Drivers\sdbiemqa.sys --> c:\windows\System32\Drivers\sdbiemqa.sys [?]
S3 tvjjdavm;tvjjdavm;\??\c:\windows\System32\Drivers\tvjjdavm.sys --> c:\windows\System32\Drivers\tvjjdavm.sys [?]
S3 ughwdinq;ughwdinq;\??\c:\windows\System32\Drivers\ughwdinq.sys --> c:\windows\System32\Drivers\ughwdinq.sys [?]
S3 ujoorlbo;ujoorlbo;\??\c:\windows\System32\Drivers\ujoorlbo.sys --> c:\windows\System32\Drivers\ujoorlbo.sys [?]
S3 wzndoylh;wzndoylh;\??\c:\windows\System32\Drivers\wzndoylh.sys --> c:\windows\System32\Drivers\wzndoylh.sys [?]
S3 xjwlnzku;xjwlnzku;\??\c:\windows\System32\Drivers\xjwlnzku.sys --> c:\windows\System32\Drivers\xjwlnzku.sys [?]
S3 yqqolonw;yqqolonw;\??\c:\windows\System32\Drivers\yqqolonw.sys --> c:\windows\System32\Drivers\yqqolonw.sys [?]
S3 zvykjxdv;zvykjxdv;\??\c:\windows\System32\Drivers\zvykjxdv.sys --> c:\windows\System32\Drivers\zvykjxdv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]

2010-12-09 c:\windows\Tasks\Norton Security Scan for uživatel.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\vf6f5zm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - %profile%\extensions\{f592709f-ff4a-4862-b659-4afabda56312}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-coudef - c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
SafeBoot-crhcwhpk
SafeBoot-gfwctunh
SafeBoot-jllrtrmc.sys
SafeBoot-kujtfczr
SafeBoot-trtnetbs
SafeBoot-xorsbsab
AddRemove-Counter-Strike 1.6 - d:\hry\Uninstal.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 10:09
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-12-22 10:12:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-22 09:12

Před spuštěním: 7 917 101 056
Po spuštění: Volných bajtů: 14 924 161 024

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 1B4E387C49F8693C74FC0034BD829ADD

Omlouvam se za zpozdeni, ale pracovni povinnosti me k tomu drive nepustily

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe"=-
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe"=-
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe"=-
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe"=-
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe"=-
"C:\WINDOWS\system32\vafy.exe"=-
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe"=-
"C:\WINDOWS\system32\gefasojys.exe"=-
"C:\WINDOWS\system32\zoonehoum.exe"=-
"C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe"=-
"C:\Documents and Settings\užvatel\Data aplikací\lsass.exe"=-

:files
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe
C:\WINDOWS\system32\vafy.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe
C:\WINDOWS\system32\gefasojys.exe
C:\WINDOWS\system32\zoonehoum.exe
C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe
C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe
C:\Documents and Settings\užvatel\Data aplikací\lsass.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe
C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[ClearAllRestorePoints]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
c:\windows\system32\drivers\kujtfczr.sys
C:\pen.exe
C:\kmedia.exe
C:\bejewled.exe
C:\psp.exe
c:\windows\system32\drivers\ipnrnerj.sys
c:\windows\system32\drivers\hkqzsabn.sys
c:\documents and settings\uživatel\mqf.exe
c:\documents and settings\užvatel\Data aplikací\juzjf.exe
c:\documents and settings\uživatel\Data aplikací\juzjf.exe
c:\documents and settings\užvatel\jwyad.exe
c:\documents and settings\užvatel\jwyad.exe
c:\windows\system32\drivers\kujtfczr.sys
c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe 
c:\windows\System32\Drivers\anlhltyi.sys 
c:\windows\System32\Drivers\cmqklrsk.sys 
c:\windows\System32\Drivers\dlckeors.sys 
c:\windows\System32\Drivers\ecbzrioj.sys 
c:\windows\System32\Drivers\eeibohyo.sys 
c:\windows\System32\Drivers\fpndnmck.sys 
c:\windows\System32\Drivers\gewtffud.sys 
c:\windows\System32\Drivers\gtmihavu.sys 
c:\windows\System32\Drivers\gvfnzodb.sys 
c:\windows\System32\Drivers\iuzjcxli.sys 
c:\windows\System32\Drivers\jdiotjfh.sys 
c:\windows\System32\Drivers\kvxqhzyc.sys 
c:\windows\System32\Drivers\nzfrikij.sys 
c:\windows\System32\Drivers\nzqvahpo.sys 
c:\windows\System32\Drivers\sdbiemqa.sys 
c:\windows\System32\Drivers\tvjjdavm.sys 
c:\windows\System32\Drivers\ughwdinq.sys 
c:\windows\System32\Drivers\ujoorlbo.sys 
c:\windows\System32\Drivers\wzndoylh.sys 
c:\windows\System32\Drivers\xjwlnzku.sys 
c:\windows\System32\Drivers\yqqolonw.sys 
c:\windows\System32\Drivers\zvykjxdv.sys 

Folder::
c:\program files\SweetIM
c:\program files\ICQ6Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"swg"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"TkBellExe"=-
"NeroFilterCheck"=-
"NBKeyScan"=-
"SweetIM"=-
"DivXUpdate"=-
"SunJavaUpdateSched"=-

Driver::
ICQ Service
kujtfczr
y6ajoaoakfxs
anlhltyi
cmqklrsk
dlckeors
ecbzrioj
eeibohyo
fpndnmck
gewtffud
gtmihavu
gvfnzodb
iuzjcxli
jdiotjfh
kvxqhzyc
nzfrikij
nzqvahpo
sdbiemqa
tvjjdavm
ughwdinq
ujoorlbo
wzndoylh
xjwlnzku
yqqolonw
zvykjxdv

DDS::
uStart Page = hxxp://googleure.com
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu

Firefox::
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\vf6f5zm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.1&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

RegLock::
[HKEY_USERS\S-1-5-21-823518204-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

nakazene PC

nakazene PC

Re: nakazene PC

Re: nakazene PC

Re: nakazene PC