VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Olda at 2010-12-29 11:06:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 88 GB (77%) free of 114 GB
Total RAM: 895 MB (77% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-15 7573504]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-21 16845312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-11-14 1410304]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NodLogin"=C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-03-02 1347496]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]
"VW100 Connection Manager"= []
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"bFdFf01804"=C:\Documents and Settings\All Users\Data aplikací\bFdFf01804\bFdFf01804 [2010-12-29 94]

C:\Documents and Settings\Olda\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-29 11:06:29 ----D---- C:\Program Files\trend micro
2010-12-29 11:06:28 ----D---- C:\rsit
2010-12-29 11:04:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-29 10:58:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-29 10:09:40 ----D---- C:\Program Files\CCleaner
2010-12-29 10:09:28 ----D---- C:\Program Files\Google
2010-12-26 10:59:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\bFdFf01804
2010-12-19 18:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-19 18:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-19 18:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-19 18:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-19 18:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-19 18:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-19 12:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

======List of files/folders modified in the last 1 months======

2010-12-29 11:06:29 ----RD---- C:\Program Files
2010-12-29 11:04:26 ----D---- C:\WINDOWS
2010-12-29 10:59:41 ----D---- C:\WINDOWS\Temp
2010-12-29 10:58:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-29 10:54:25 ----D---- C:\Program Files\Seekeen
2010-12-29 10:54:04 ----D---- C:\WINDOWS\system32
2010-12-29 10:54:03 ----D---- C:\WINDOWS\system32\drivers
2010-12-29 10:52:30 ----SD---- C:\WINDOWS\Tasks
2010-12-29 10:23:24 ----D---- C:\WINDOWS\Prefetch
2010-12-29 10:12:35 ----D---- C:\WINDOWS\Debug
2010-12-29 10:12:32 ----D---- C:\WINDOWS\Minidump
2010-12-29 10:12:30 ----SHD---- C:\RECYCLER
2010-12-29 10:05:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-29 09:52:33 ----HD---- C:\WINDOWS\inf
2010-12-26 11:10:11 ----A---- C:\WINDOWS\ModemLog_Vertex Wireless CDC Modem #2.txt
2010-12-26 10:35:47 ----D---- C:\Documents and Settings\Olda\Data aplikací\Skype
2010-12-26 10:35:40 ----D---- C:\Documents and Settings\Olda\Data aplikací\ICQ
2010-12-25 19:29:24 ----A---- C:\WINDOWS\ModemLog_Vertex Wireless CDC Modem #3.txt
2010-12-25 10:25:51 ----A---- C:\WINDOWS\ModemLog_Vertex Wireless CDC Modem.txt
2010-12-20 21:10:53 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-19 18:05:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-19 18:05:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-19 18:04:37 ----D---- C:\WINDOWS\system32\cs-cz
2010-12-19 18:04:37 ----D---- C:\Program Files\Internet Explorer
2010-12-19 18:00:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-19 17:19:47 ----D---- C:\Documents and Settings\Olda\Data aplikací\vlc
2010-12-19 17:19:11 ----D---- C:\Documents and Settings\Olda\Data aplikací\dvdcss
2010-12-19 12:18:00 ----D---- C:\Program Files\Outlook Express
2010-12-16 21:30:04 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-08-18 36576]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-21 29184]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-22 639224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-14 27656]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-11-14 53768]
S2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-14 33800]
S2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-11-14 50696]
S2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
S3 aigvasdl;aigvasdl; C:\WINDOWS\system32\drivers\aigvasdl.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-27 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-11-14 30728]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-07-30 101120]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-26 4610048]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-27 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-15 3660672]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-04 34176]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-04 13056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-09-07 385280]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TridVid;TM6000 TV Service; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vwmfbus;Vertex Wireless Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfbus.sys [2009-11-11 98560]
S3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfdiag.sys [2009-11-11 100224]
S3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~; C:\WINDOWS\system32\DRIVERS\vwmfmdfl.sys [2009-11-11 14848]
S3 vwmfmdm;Vertex Wireless CDC Modem Driver; C:\WINDOWS\system32\DRIVERS\vwmfmdm.sys [2009-11-11 123776]
S3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfserd.sys [2009-11-11 100224]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-04-27 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-10-11 110080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-03-02 67312]
S2 COMSysAppAudioSrv;Systémové aplikace modelu COM+ COMSysAppAudioSrv; C:\WINDOWS\system32\apcupso.exe srv []
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-11-14 455936]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-15 143427]
S2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-11-14 18176]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Děkuji Mates

zdravim

odinstalovat
"NodLogin"=C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []

restart do nudzoveho rezimu s pracou v sieti:
Stiahnes rkill
na plochu-spustis, ak dostanes hlasku ze je to vir, ignorovat je to falosna hlaska od malware, takto sa brani, cakat aby ukoncil Malware procesy.
Ked program prebehne otvori sa notepad, ze ukoncil malware procesy, mozes notepad zatvorit ,odteraz nesmies restartovat pocitac, nakolko malware procesy sa obnovia.
Ak program neprebehne, nechat hlasku na ploche a spusti RKILL-znova.
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit sken.
Spravit Uplny sken, co najde daj zmazat, ak bude treba restart, uz mozes povolit.
Log vloz sem.
Restart do windows a spravit znova UPLNY sken, co najde daj zmazat log vloz sem
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Díky uz je fuč

hm, nuz ako myslis.
Nemas zaco.

Ty jo normalne jsem dostal strach myslis ze to jeste neni pryc ?
Udelal jsem vse jak jsi psal do nouzaku pustit mbam odstranit pak zase do win to a znova pustit mbam odstranit a hotovo ne ??????

stell píše:hm, nuz ako myslis.
Nemas zaco.

hotovo, ako hotovo,

precitaj si este raz co som napisal, vloz sem log
Takze potrebujem vidiet ze co Malwarebytes nasiel, takze spust malwarebytes a najdi logy, a vloz ich sem.

stell píše:zdravim
odinstalovat
"NodLogin"=C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []
restart do nudzoveho rezimu s pracou v sieti:
Stiahnes rkill
na plochu-spustis, ak dostanes hlasku ze je to vir, ignorovat je to falosna hlaska od malware, takto sa brani, cakat aby ukoncil Malware procesy.
Ked program prebehne otvori sa notepad, ze ukoncil malware procesy, mozes notepad zatvorit ,odteraz nesmies restartovat pocitac, nakolko malware procesy sa obnovia.
Ak program neprebehne, nechat hlasku na ploche a spusti RKILL-znova.
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit sken.
Spravit Uplny sken, co najde daj zmazat, ak bude treba restart, uz mozes povolit.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

29.12.2010 14:53:17
mbam-log-2010-12-29 (14-52-52).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 188380
Uplynulý čas: 49 minut, 23 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE (PUP.Zwangi) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bFdFf01804 (Rogue.SystemTool) -> Value: bFdFf01804 -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\Seekeen (Trojan.Agent) -> No action taken.

Infikované soubory:
c:\documents and settings\all users\data aplikací\bfdff01804\bfdff01804.exe (Rogue.SystemTool) -> No action taken.
c:\documents and settings\Olda\dokumenty\stažené soubory\video1363.exe (Rogue.SystemTool) -> No action taken.
c:\program files\daemon tools\setupdtsb.exe (Adware.WhenU) -> No action taken.
c:\documents and settings\Olda\Plocha\system tool 2011.lnk (Rogue.SystemTool) -> No action taken.
c:\program files\Seekeen\seekeen.exe (Trojan.Agent) -> No action taken.

Restart do windows a spravit znova UPLNY sken, co najde daj zmazat Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

29.12.2010 15:19:15
mbam-log-2010-12-29 (15-19-15).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 189909
Uplynulý čas: 21 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE (PUP.Zwangi) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{b2d0a9f9-70cc-4e1f-bb35-c4491f63306a}\RP462\A0185533.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b2d0a9f9-70cc-4e1f-bb35-c4491f63306a}\RP462\A0185534.exe (Adware.WhenU) -> Quarantined and deleted successfully.

Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

VIRY.CZ

System Tool 2010 Kontrola logu

System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu

Re: System Tool 2010 Kontrola logu