VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

trojský kůň Cryptic.BQU

https://forum.viry.cz:443/viewtopic.php?t=108176

Stránka 1 z 1

trojský kůň Cryptic.BQU

Napsal: 05 led 2011 14:12
od Aramon
Zdravím a moc prosím o radu a pomoc.
Residentní štít mi hlásí Trosjký kůň Cryptic.BQU Nalezeno při otvírání a jméno souboru, který ovšem v daném umístění nemohu najít a odstranit. Nejde odstranit ani pomocí antivirusu (tedy mě jako osobě to nejde). Dál mi při spuštění PC hlásí systém toto: Windows detected a hard drive problem. A hard drive error occurred while starting the apliccation. Dále naskočí Windows No Disk, Exception Processing Message 0x0000012 atd.....Počítač pokud nekliknu na OK normálně funguje, pokud kliknu na OK restartuje se. Předem děkuji za pomoc.

log
Logfile of random's system information tool 1.08 (written by random/random)
Run by Lucie at 2011-01-05 13:07:10
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (27%) free of 45 GB
Total RAM: 1982 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:07:48, on 5.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Calc\calc.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Wyzo\wyzo.exe
D:\1optimagrata\www\psi\nathan\RSIT.exe
C:\Program Files\trend micro\Lucie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lucieskopalova.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DTHAR_Calc] C:\Calc\calc.exe MIN
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Save] C:\Documents and Settings\Lucie\Data aplikací\Save\Save.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [tnjpHMjVwEJfO.exe] C:\Documents and Settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\dk1jswf1.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles/dk1jswf1.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Documents and Settings\Lucie\AppData\LocalLow\Microńoft\redir.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Lucie/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

--
End of file - 14971 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ACER-Lucie.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\tbu1\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-09-05 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2009-10-22 1171760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{D5D47440-0750-463D-BAEF-A47D02414806} - Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2009-10-22 1171760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-10 15969280]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-08-24 53248]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-07 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-07 692315]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
""= []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-31 471040]
"ImageItEncrypt"=C:\WINDOWS\system32\ImageItEncrypt.exe [2005-12-30 40960]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"DTHAR_Calc"=C:\Calc\calc.exe [2007-07-22 354816]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-05 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-27 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-11-04 2087424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"WhenUSave"=C:\Program Files\Save\Save.exe []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Save"=C:\Documents and Settings\Lucie\Data aplikací\Save\Save.exe []
"TomTomHOME.exe"=D:\TomTom HOME 2\TomTomHOMERunner.exe []
"AdobeBridge"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"tnjpHMjVwEJfO.exe"=C:\Documents and Settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe [2011-01-04 477184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"=C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\dk1jswf1.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles/dk1jswf1.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Documents and Settings\Lucie\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
Jabbim.lnk - C:\Program Files\Jabbim\jabbim.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Wyzo\wyzo.exe"="C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:CLI Application (Command Line Interface)"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.js - open -
.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 months======

2011-01-05 13:07:10 ----D---- C:\rsit
2011-01-05 13:07:10 ----D---- C:\Program Files\trend micro
2011-01-05 12:53:59 ----A---- C:\Documents and Settings\All Users\Data aplikací\cbIO1xlnkfT.exe
2011-01-05 10:22:44 ----SHD---- C:\FOUND.009
2011-01-04 23:55:57 ----A---- C:\Documents and Settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
2011-01-04 23:55:56 ----A---- C:\Documents and Settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe
2010-12-18 16:39:12 ----D---- C:\WINDOWS\ie8updates
2010-12-18 16:38:25 ----D---- C:\WINDOWS\WBEM
2010-12-18 16:36:59 ----HD---- C:\WINDOWS\ie8
2010-12-18 16:36:59 ----D---- C:\WINDOWS\system32\cs-CZ
2010-12-18 16:36:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
2010-12-18 16:36:33 ----D---- C:\Program Files\CentrumczToolbar
2010-12-18 16:36:00 ----HD---- C:\WINDOWS\msdownld.tmp
2010-12-17 21:33:24 ----RA---- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys
2010-12-17 21:33:21 ----RA---- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys
2010-12-17 21:33:15 ----RA---- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys
2010-12-17 21:32:58 ----RA---- C:\WINDOWS\system32\drivers\ZTEusbnet.sys
2010-12-17 21:32:50 ----D---- C:\Documents and Settings\Lucie\Data aplikací\Vodafone
2010-12-17 21:32:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2010-12-17 21:32:34 ----RA---- C:\WINDOWS\system32\drivers\massfilter.sys
2010-12-17 21:32:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Vodafone
2010-12-17 21:32:06 ----D---- C:\Program Files\Vodafone
2010-12-12 09:59:34 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2011-01-05 12:52:58 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2011-01-05 12:50:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-19 10:32:44 ----A---- C:\WINDOWS\imsins.BAK
2010-12-08 21:34:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
R0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
R0 Imagedrv;Imagedrv; C:\WINDOWS\system32\DRIVERS\imagedrv.sys [2002-10-09 80864]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-04 108552]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-21 1522688]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-03-30 576000]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-16 4156416]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2003-01-15 6144]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-03-09 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-11-09 243328]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-12-13 547904]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 ipw_bus;IPWireless; C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter; C:\WINDOWS\system32\DRIVERS\ipwpnet.sys [2005-07-30 43184]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-18 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-18 15360]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-12-08 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-12-08 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-12-08 104960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-21 405504]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-18 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: trojský kůň Cryptic.BQU

Napsal: 05 led 2011 17:31
od vyosek
Zdravim a pekny den preji :)

:arrow: Zaliskane to mate jak jetel :arcisit:

:arrow: Odinstalujte AVG, nepatri mezi nase oblibence a hada se s ComboFixem. Doporucuji nainstalovat Avast nebo Aviru. Kdyby AVG neslo dobrovolne, tak zde je remover http://download.avg.com/filedir/util/su ... 1_1184.exe

:arrow: Jinak je mozne ze ta hlaska je zpusobena nejakym HW problemem - uvidime az zbavime PC haveti

:arrow: Pri stahovani ComboFixu - navod nize - jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: trojský kůň Cryptic.BQU

Napsal: 06 led 2011 00:24
od Aramon
Děkuji za postup. Učinila jsem snad vše dobře a vkládám log.

ComboFix 11-01-05.01 - Lucie 06.01.2011 0:16.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1982.1436 [GMT 1:00]
Spuštěný z: d:\1optimagrata\www\psi\nathan\Beruska.com.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\Customer Support.lnk
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\Learn More About WhenU Save.url
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\Learn More About WhenU SaveNow.url
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\Uninstall Instructions.lnk
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\Uninstall.lnk
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\WhenU Help Desk.lnk
c:\documents and settings\Lucie\Nabídka Start\Programy\WhenU\WhenU.com Website.url
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\ST6UNST.000
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\detoured.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-05 do 2011-01-05 )))))))))))))))))))))))))))))))
.

2011-01-05 23:01 . 2011-01-05 23:01 383488 ----a-w- c:\documents and settings\All Users\Data aplikací\jpKwhDt2nsblu.exe
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- C:\rsit
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- c:\program files\trend micro
2011-01-05 09:22 . 2011-01-05 09:22 -------- d-----w- C:\FOUND.009
2011-01-04 22:55 . 2011-01-05 23:01 425984 ----a-w- c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
2011-01-04 22:55 . 2011-01-04 22:55 477184 ----a-w- c:\documents and settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe
2010-12-25 18:14 . 2010-12-25 18:14 -------- d-----w- c:\documents and settings\Lucie\dwhelper
2010-12-24 19:28 . 2010-12-24 19:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-18 20:05 . 2010-12-18 20:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-18 20:00 . 2010-12-18 20:00 -------- d-sh--w- c:\documents and settings\Lucie\IETldCache
2010-12-18 15:36 . 2010-12-18 15:37 -------- d--h--w- c:\windows\ie8
2010-12-18 15:36 . 2010-12-18 15:37 -------- d-----w- c:\windows\system32\cs-CZ
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-18 15:27 . 2010-05-06 10:35 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-18 15:27 . 2010-05-06 10:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-18 15:27 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-12-18 15:27 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-18 15:27 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-18 15:27 . 2010-05-06 10:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-12-18 15:27 . 2010-05-06 10:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-17 20:33 . 2008-12-08 16:21 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-17 20:32 . 2008-12-08 16:21 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Vodafone
2010-12-17 20:32 . 2008-12-08 16:21 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\program files\Vodafone
2010-12-17 20:31 . 2010-12-17 20:31 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikací\{A51078CA-7A85-4433-8D2D-35FB5D9A9609}
2010-12-12 08:59 . 2010-12-12 08:59 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-30 13:50 . 2007-03-30 13:50 133120 ----a-w- c:\program files\WnASPI32.dll
2007-03-30 13:50 . 2007-03-30 13:50 876032 ----a-w- c:\program files\DevIL.dll
2007-03-30 13:50 . 2007-03-30 13:50 77824 ----a-w- c:\program files\ILU.dll
2007-03-30 13:50 . 2007-03-30 13:50 368640 ----a-w- c:\program files\GalerieFX2.exe
2007-03-30 13:50 . 2007-03-30 13:50 32768 ----a-w- c:\program files\ILUT.dll
2007-03-30 13:50 . 2007-03-30 13:50 624640 ----a-w- c:\program files\StarBurn.dll
2006-10-28 22:39 . 2006-10-28 22:39 5711824 ----a-w- c:\program files\Firefox Setup 2.0.exe
2006-08-17 22:08 . 2006-09-30 17:52 58 ----a-w- c:\program files\install.bat
2006-08-17 19:44 . 2006-09-30 17:52 425984 ----a-w- c:\program files\DB_E_shop.exe
2009-03-21 08:22 . 2009-03-21 08:22 222720 ----a-w- c:\program files\mozilla firefox\components\SaveComponent.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 08:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-12-12 11:52 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"tnjpHMjVwEJfO.exe"="c:\documents and settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe" [2011-01-04 477184]
"jpKwhDt2nsblu"="c:\documents and settings\All Users\Data aplikací\jpKwhDt2nsblu.exe" [2011-01-05 383488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 53248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-31 471040]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DTHAR_Calc"="c:\calc\calc.exe" [2007-07-22 354816]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-04 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-27 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-3-4 520192]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Wyzo\\wyzo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8.6.2009 2:48 28544]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [29.11.2006 12:16 9728]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.11.2010 14:01 247096]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [18.1.2007 14:20 24120]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 11:39 14336]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [29.11.2006 12:16 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [29.11.2006 12:16 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [29.11.2006 12:16 95440]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [29.11.2006 12:16 43184]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.12.2010 21:32 7680]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.12.2010 21:32 110080]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-01-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-ACER-Lucie.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-27 18:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lucieskopalova.com/
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-WhenUSave - c:\program files\Save\Save.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Save - c:\documents and settings\Lucie\Data aplikací\Save\Save.exe
HKCU-Run-TomTomHOME.exe - d:\tomtom home 2\TomTomHOMERunner.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-BSPlayer1 - c:\program files\Webteh\BSplayer\uninstall.exe
AddRemove-Manual - c:\program files\H-Knofliczek\Manual\uninstall.exe
AddRemove-Pinnacle HFX Volume 1 - c:\windows\unvise32.exe \unvol1log



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 00:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background??s?s

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-01-06 00:22:35
ComboFix-quarantined-files.txt 2011-01-05 23:22

Před spuštěním: Volných bajtů: 13 677 002 752
Po spuštění: Volných bajtů: 14 374 305 792

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 770DEDDFA2AAB15B42AEDF13A2189D27

Re: trojský kůň Cryptic.BQU

Napsal: 06 led 2011 00:56
od Aramon
Vypadá to, že problém byl odstraněn, neb noťas normálně funguje. Mockrát děkuji! :worship: :worship: :worship:

Re: trojský kůň Cryptic.BQU

Napsal: 06 led 2011 08:22
od vyosek
:arrow: Jeste tam toho je spousty, proto je treba log dolustit

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    File::
c:\documents and settings\All Users\Data aplikací\jpKwhDt2nsblu.exe
c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
c:\windows\Tasks\AdobeAAMUpdater-1.0-ACER-Lucie.job
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\documents and settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tnjpHMjVwEJfO.exe"=-
"jpKwhDt2nsblu"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"HP Software Update"=-
"SunJavaUpdateSched"=-
"TkBellExe"=--
"Adobe ARM"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"Adobe Reader Speed Launcher"=-

Driver::
ICQ Service

Folder::
c:\program files\ICQ6Toolbar\

DDS::
uStart Page = hxxp://start.icq.com/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML

Firefox::
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: trojský kůň Cryptic.BQU

Napsal: 06 led 2011 17:11
od Aramon
Eště, že se najdou lidi, kteří rádi pomohou.
Ještě než to udělám mám dotaz: nainstalovala jsem si tam mezitím Aviru, mám ji oddělat a vypnout taktéž všechnu ostatní ochranu, jako když jsem to dělala poprvé?

Re: trojský kůň Cryptic.BQU

Napsal: 06 led 2011 18:17
od vyosek
Jen u ni vypnete rezidentni stit, jinak ji tam nechte, teda pokud tam uz nemate nejaky jiny antivir - dva antiviry se v systemu perou...A provedte krok s CFkem...

Re: trojský kůň Cryptic.BQU

Napsal: 07 led 2011 12:05
od Aramon
Zasílám log.

ComboFix 11-01-05.01 - Lucie 07.01.2011 11:47:08.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1982.1269 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucie\Plocha\Beruska.com.exe
Použité ovládací přepínače :: c:\documents and settings\Lucie\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\documents and settings\All Users\Data aplikací\jpKwhDt2nsblu.exe"
"c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll"
"c:\documents and settings\All Users\Data aplikací\tnjpHMjVwEJfO.exe"
"c:\windows\Tasks\AdobeAAMUpdater-1.0-ACER-Lucie.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\program files\ICQ6Toolbar\
c:\program files\ICQ6Toolbar\\config.xml
c:\program files\ICQ6Toolbar\\Icons.bmp
c:\program files\ICQ6Toolbar\\ICQ Service.exe
c:\program files\ICQ6Toolbar\\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\\ICQToolBar.dll
c:\program files\ICQ6Toolbar\\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\\logo_small.gif
c:\program files\ICQ6Toolbar\\ServiceStarter.exe
c:\program files\ICQ6Toolbar\\short.wav
c:\program files\ICQ6Toolbar\\Version.txt
c:\program files\ICQ6Toolbar\\voucher.bmp
c:\program files\ICQ6Toolbar\\voucher2.bmp
c:\windows\Tasks\AdobeAAMUpdater-1.0-ACER-Lucie.job
c:\windows\Tasks\AppleSoftwareUpdate.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-06 09:23 . 2011-01-06 09:23 1409 ----a-w- c:\windows\QTFont.for
2011-01-05 23:43 . 2011-01-05 23:43 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\Avira
2011-01-05 23:38 . 2011-01-06 23:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-05 23:38 . 2011-01-06 23:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-05 23:38 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-05 23:38 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-05 23:38 . 2011-01-05 23:38 -------- d-----w- c:\program files\Avira
2011-01-05 23:38 . 2011-01-05 23:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- C:\rsit
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- c:\program files\trend micro
2011-01-05 09:22 . 2011-01-05 09:22 -------- d-----w- C:\FOUND.009
2011-01-04 22:55 . 2011-01-05 23:01 425984 ----a-w- c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
2010-12-25 18:14 . 2010-12-25 18:14 -------- d-----w- c:\documents and settings\Lucie\dwhelper
2010-12-24 19:28 . 2010-12-24 19:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-18 20:05 . 2010-12-18 20:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-18 20:00 . 2010-12-18 20:00 -------- d-sh--w- c:\documents and settings\Lucie\IETldCache
2010-12-18 15:36 . 2010-12-18 15:37 -------- d--h--w- c:\windows\ie8
2010-12-18 15:36 . 2010-12-18 15:37 -------- d-----w- c:\windows\system32\cs-CZ
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-18 15:27 . 2010-05-06 10:35 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-18 15:27 . 2010-05-06 10:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-18 15:27 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-12-18 15:27 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-18 15:27 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-18 15:27 . 2010-05-06 10:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-12-18 15:27 . 2010-05-06 10:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-17 20:33 . 2008-12-08 16:21 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-17 20:32 . 2008-12-08 16:21 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Vodafone
2010-12-17 20:32 . 2008-12-08 16:21 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\program files\Vodafone
2010-12-17 20:31 . 2010-12-17 20:31 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikací\{A51078CA-7A85-4433-8D2D-35FB5D9A9609}
2010-12-12 08:59 . 2010-12-12 08:59 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-30 13:50 . 2007-03-30 13:50 133120 ----a-w- c:\program files\WnASPI32.dll
2007-03-30 13:50 . 2007-03-30 13:50 876032 ----a-w- c:\program files\DevIL.dll
2007-03-30 13:50 . 2007-03-30 13:50 77824 ----a-w- c:\program files\ILU.dll
2007-03-30 13:50 . 2007-03-30 13:50 368640 ----a-w- c:\program files\GalerieFX2.exe
2007-03-30 13:50 . 2007-03-30 13:50 32768 ----a-w- c:\program files\ILUT.dll
2007-03-30 13:50 . 2007-03-30 13:50 624640 ----a-w- c:\program files\StarBurn.dll
2006-10-28 22:39 . 2006-10-28 22:39 5711824 ----a-w- c:\program files\Firefox Setup 2.0.exe
2006-08-17 22:08 . 2006-09-30 17:52 58 ----a-w- c:\program files\install.bat
2006-08-17 19:44 . 2006-09-30 17:52 425984 ----a-w- c:\program files\DB_E_shop.exe
2009-03-21 08:22 . 2009-03-21 08:22 222720 ----a-w- c:\program files\mozilla firefox\components\SaveComponent.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 08:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-12-12 11:52 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 53248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-31 471040]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"DTHAR_Calc"="c:\calc\calc.exe" [2007-07-22 354816]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-04 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-3-4 520192]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Wyzo\\wyzo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8.6.2009 2:48 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6.1.2011 0:38 135336]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [29.11.2006 12:16 9728]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [18.1.2007 14:20 24120]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 11:39 14336]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [29.11.2006 12:16 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [29.11.2006 12:16 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [29.11.2006 12:16 95440]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [29.11.2006 12:16 43184]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.12.2010 21:32 7680]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.12.2010 21:32 110080]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lucieskopalova.com/
uInternet Settings,ProxyOverride = *.local
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 11:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-01-07 12:02:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 11:02
ComboFix2.txt 2011-01-05 23:22

Před spuštěním: Volných bajtů: 14 069 563 392
Po spuštění: Volných bajtů: 13 940 195 328

- - End Of File - - D1FDFA6449858655C469C94A8A3F7851

Re: trojský kůň Cryptic.BQU

Napsal: 07 led 2011 20:17
od vyosek
:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\windows\system32\drivers\pavboot.sys
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: trojský kůň Cryptic.BQU

Napsal: 07 led 2011 21:42
od Aramon
http://www.virustotal.com/file-scan/rep ... 1294432788

Re: trojský kůň Cryptic.BQU

Napsal: 07 led 2011 21:51
od vyosek
:arrow: Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

Collect::
c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll

File::
c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
c:\windows\msdownld.tmp

Folder::
c:\program files\Get Styles

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-
"TkBellExe"=-

DDS::
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm

Firefox::
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}

Re: trojský kůň Cryptic.BQU

Napsal: 07 led 2011 23:58
od Aramon
oki, vkládám log (tedy nevím, zda je ještě třeba...)

ComboFix 11-01-05.01 - Lucie 07.01.2011 23:46:32.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1982.1182 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucie\Plocha\Beruska.com.exe
Použité ovládací přepínače :: c:\documents and settings\Lucie\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll"
"c:\windows\msdownld.tmp"

file zipped: c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome.manifest
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\processw.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\spapi.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\spmain.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.css
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.ico
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.xul
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\sup.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\install.rdf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
c:\program files\Get Styles
c:\program files\Get Styles\ct.htm
c:\program files\Get Styles\enlbrdr.dll
c:\program files\Get Styles\hoticon.ico
c:\program files\Get Styles\tomapi.js
c:\program files\Get Styles\tommain.js
c:\program files\Get Styles\uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-06 09:23 . 2011-01-06 09:23 1409 ----a-w- c:\windows\QTFont.for
2011-01-05 23:43 . 2011-01-05 23:43 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\Avira
2011-01-05 23:38 . 2011-01-06 23:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-05 23:38 . 2011-01-06 23:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-05 23:38 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-05 23:38 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-05 23:38 . 2011-01-05 23:38 -------- d-----w- c:\program files\Avira
2011-01-05 23:38 . 2011-01-05 23:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- C:\rsit
2011-01-05 12:07 . 2011-01-05 12:07 -------- d-----w- c:\program files\trend micro
2011-01-05 09:22 . 2011-01-05 09:22 -------- d-----w- C:\FOUND.009
2011-01-04 22:55 . 2011-01-05 23:01 425984 ----a-w- c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
2010-12-25 18:14 . 2010-12-25 18:14 -------- d-----w- c:\documents and settings\Lucie\dwhelper
2010-12-24 19:28 . 2010-12-24 19:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-18 20:05 . 2010-12-18 20:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-18 20:00 . 2010-12-18 20:00 -------- d-sh--w- c:\documents and settings\Lucie\IETldCache
2010-12-18 15:36 . 2010-12-18 15:37 -------- d--h--w- c:\windows\ie8
2010-12-18 15:36 . 2010-12-18 15:37 -------- d-----w- c:\windows\system32\cs-CZ
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d-----w- c:\program files\CentrumczToolbar
2010-12-18 15:36 . 2010-12-18 15:36 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-18 15:27 . 2010-05-06 10:35 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-18 15:27 . 2010-05-06 10:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-18 15:27 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-12-18 15:27 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-18 15:27 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-18 15:27 . 2010-05-06 10:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-12-18 15:27 . 2010-05-06 10:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-17 20:33 . 2008-12-08 16:21 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-17 20:33 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-17 20:32 . 2008-12-08 16:21 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Vodafone
2010-12-17 20:32 . 2008-12-08 16:21 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Vodafone
2010-12-17 20:32 . 2010-12-17 20:32 -------- d-----w- c:\program files\Vodafone
2010-12-17 20:31 . 2010-12-17 20:31 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikací\{A51078CA-7A85-4433-8D2D-35FB5D9A9609}
2010-12-12 08:59 . 2010-12-12 08:59 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-03-30 13:50 . 2007-03-30 13:50 133120 ----a-w- c:\program files\WnASPI32.dll
2007-03-30 13:50 . 2007-03-30 13:50 876032 ----a-w- c:\program files\DevIL.dll
2007-03-30 13:50 . 2007-03-30 13:50 77824 ----a-w- c:\program files\ILU.dll
2007-03-30 13:50 . 2007-03-30 13:50 368640 ----a-w- c:\program files\GalerieFX2.exe
2007-03-30 13:50 . 2007-03-30 13:50 32768 ----a-w- c:\program files\ILUT.dll
2007-03-30 13:50 . 2007-03-30 13:50 624640 ----a-w- c:\program files\StarBurn.dll
2006-10-28 22:39 . 2006-10-28 22:39 5711824 ----a-w- c:\program files\Firefox Setup 2.0.exe
2006-08-17 22:08 . 2006-09-30 17:52 58 ----a-w- c:\program files\install.bat
2006-08-17 19:44 . 2006-09-30 17:52 425984 ----a-w- c:\program files\DB_E_shop.exe
2009-03-21 08:22 . 2009-03-21 08:22 222720 ----a-w- c:\program files\mozilla firefox\components\SaveComponent.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-12-12 11:52 73728 ------w- c:\windows\system32\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 53248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-31 471040]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"DTHAR_Calc"="c:\calc\calc.exe" [2007-07-22 354816]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2007-3-4 520192]

c:\documents and settings\Lucie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-9-28 393216]
Jabbim.lnk - c:\program files\Jabbim\jabbim.exe [2008-7-3 185856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Wyzo\\wyzo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8.6.2009 2:48 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6.1.2011 0:38 135336]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [29.11.2006 12:16 9728]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [18.1.2007 14:20 24120]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 11:39 14336]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [29.11.2006 12:16 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [29.11.2006 12:16 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [29.11.2006 12:16 95440]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [29.11.2006 12:16 43184]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.12.2010 21:32 7680]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.12.2010 21:32 110080]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lucieskopalova.com/
uInternet Settings,ProxyOverride = *.local
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\7pokpuwv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Get Styles - c:\program files\Get Styles\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 23:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-01-07 23:54:18
ComboFix-quarantined-files.txt 2011-01-07 22:54
ComboFix2.txt 2011-01-07 11:03
ComboFix3.txt 2011-01-05 23:22

Před spuštěním: Volných bajtů: 13 873 872 896
Po spuštění: Volných bajtů: 13 871 480 832

- - End Of File - - 1709EBBB13622907190C7DA0832F06C2

Re: trojský kůň Cryptic.BQU

Napsal: 08 led 2011 00:02
od vyosek
:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :files
c:\documents and settings\All Users\Data aplikací\JsQNPSblOGbUT.dll
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz