Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Zpráva

Steron · #1 Příspěvek od **Steron** » 25 bře 2011 11:52

Zdravim, prosim o pomoc, NTB rozesila Spam jak o zivot, pri pokusu o nainstalovani NODu32 se ten sam deaktivuje...
Diky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Reditel at 2011-03-25 11:46:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (39%) free of 153 GB
Total RAM: 3071 MB (82% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-09 8470528]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-09 81920]
"nwiz"=nwiz.exe /installquiet /nodetect []
"Adobe_ID0EZEHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-04-27 1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"pdfSaver3"= []
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-08 81920]
"Windows Firewall"=C:\DOCUME~1\Reditel\LOCALS~1\Temp\lsass.exe [2010-11-12 57344]
"wuaucldt"=c:\windows\system32\wuaucldt.exe [2010-11-23 33280]
"kucom"=C:\WINDOWS\system32\looviporu.exe [2010-11-30 461824]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"WEBTRAN"= []
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-08 81920]
"MSConfig"=C:\Documents and Settings\Reditel\dhruf.exe [2010-11-10 19456]
"Windows Firewall"=C:\DOCUME~1\Reditel\LOCALS~1\Temp\lsass.exe [2010-11-12 57344]
"wuaucldt"=c:\documents and settings\reditel\wuaucldt.exe [2010-11-23 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bouvas]
C:\WINDOWS\system32\dessykoot.exe [2010-11-30 461824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-05-21 124512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kucom]
C:\WINDOWS\system32\looviporu.exe [2010-11-30 461824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soovybyqu]
C:\WINDOWS\system32\dessykoot.exe [2010-11-30 461824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-06-26 1238352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-28 68856]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Místní vyhledávání.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Nástroje SMART Board.lnk - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-07 74240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cimsdvve]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zerwcdui.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cimsdvve]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\zerwcdui.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe"="C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Reditel\Dokumenty\Stažené soubory\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\DOCUME~1\Reditel\LOCALS~1\Temp\450816.exe"="C:\DOCUME~1\Reditel\LOCALS~1\Temp\450816.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\Reditel\LOCALS~1\Temp\5097.exe"="C:\DOCUME~1\Reditel\LOCALS~1\Temp\5097.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\Reditel\LOCALS~1\Temp\028.exe"="C:\DOCUME~1\Reditel\LOCALS~1\Temp\028.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\Reditel\LOCALS~1\Temp\8323720.exe"="C:\DOCUME~1\Reditel\LOCALS~1\Temp\8323720.exe:*:Enabled:Microsoft Office"
"C:\WINDOWS\System32\svchost.exe"="C:\WINDOWS\System32\svchost.exe:*:Enabled:Microsoft Office"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

======File associations======

.js - edit - C:\WINDOWS\system32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2011-03-25 11:46:45 ----D---- C:\Program Files\trend micro
2011-03-25 11:46:44 ----D---- C:\rsit
2011-03-25 10:46:51 ----D---- C:\Program Files\ESET
2011-03-25 10:46:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-03-25 10:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-03-24 16:32:05 ----D---- C:\Program Files\CCleaner
2011-03-24 16:00:25 ----D---- C:\WINDOWS\pss
2011-03-24 13:55:55 ----A---- C:\WINDOWS\system32\byquuka.exe

======List of files/folders modified in the last 1 months======

2011-03-25 11:46:45 ----RD---- C:\Program Files
2011-03-25 11:46:06 ----AD---- C:\WINDOWS\Temp
2011-03-25 11:45:35 ----D---- C:\WINDOWS
2011-03-25 11:43:01 ----SHD---- C:\WINDOWS\CSC
2011-03-25 11:29:22 ----SHD---- C:\Config.Msi
2011-03-25 11:28:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-25 11:25:12 ----SHD---- C:\WINDOWS\Installer
2011-03-25 11:25:10 ----HD---- C:\WINDOWS\inf
2011-03-25 11:25:10 ----D---- C:\WINDOWS\system32\drivers
2011-03-25 11:25:07 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-25 11:21:45 ----D---- C:\WINDOWS\system32
2011-03-25 11:14:44 ----D---- C:\WINDOWS\Minidump
2011-03-25 10:35:31 ----D---- C:\Program Files\QueryExplorer
2011-03-25 10:33:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-03-25 10:33:53 ----D---- C:\Documents and Settings\Reditel\Data aplikací\AVGTOOLBAR
2011-03-25 10:32:42 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-25 10:31:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\HBLiteSA
2011-03-25 10:28:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-25 10:28:45 ----D---- C:\Program Files\Outlook Express
2011-03-25 10:23:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\QueryExplorer
2011-03-24 16:40:42 ----D---- C:\WINDOWS\Debug
2011-03-24 16:03:03 ----SH---- C:\boot.ini
2011-03-24 16:03:03 ----A---- C:\WINDOWS\win.ini
2011-03-24 16:03:03 ----A---- C:\WINDOWS\system.ini
2011-03-24 15:58:20 ----D---- C:\Program Files\Steam
2011-03-24 15:08:59 ----D---- C:\Program Files\Hewlett-Packard
2011-03-24 15:00:04 ----D---- C:\Program Files\AnyDATA
2011-03-24 14:40:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2011-03-24 14:13:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-24 14:00:21 ----RSD---- C:\WINDOWS\assembly
2011-03-24 14:00:16 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2006-07-24 17920]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2007-02-12 277784]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 SafeBoot;SafeBoot; C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-26 100095]
R0 SbAlg;SbAlg; C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock; C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 13696]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 zerwcdui;zerwcdui; C:\WINDOWS\System32\Drivers\zerwcdui.sys [2010-11-10 40128]
R1 baf8141;baf8141; C:\WINDOWS\System32\drivers\baf8141.sys [2010-11-26 138272]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 kot11ab;kot11ab; C:\WINDOWS\System32\drivers\kot11ab.sys [2010-11-16 138272]
R1 mrc0f06;mrc0f06; C:\WINDOWS\System32\drivers\mrc0f06.sys [2010-11-27 138272]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-26 5808]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-07-24 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 146824]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-02-14 47907]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-08-02 12160]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-09 6840864]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S1 pteb363;pteb363; C:\WINDOWS\System32\drivers\pteb363.sys [2010-11-26 138272]
S2 cimsdvve;cimsdvve; C:\WINDOWS\system32\drivers\cimsdvve.sys [2010-11-26 82944]
S2 zmgfuvnt;zmgfuvnt; \??\C:\WINDOWS\system32\Drivers\zmgfuvnt.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter; C:\WINDOWS\system32\DRIVERS\ipwpnet.sys [2005-07-30 43184]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2009-05-21 57984]
S3 STI2303X;SMART Board cable; C:\WINDOWS\System32\Drivers\STI2303X.sys [2005-06-03 13440]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aiaderioaqaduaqn;Blue Coat K9 Web Protection; C:\WINDOWS\system32\byquuka.exe [2010-11-30 461824]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP; C:\WINDOWS\system32\Mx-3 B-Cup Service.exe [2008-09-08 124928]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-09 155717]
R2 QueryExplorer Service;QueryExplorer Service; C:\Documents and Settings\All Users\Data aplikací\QueryExplorer\queryexplorer139.exe [2011-03-11 34584]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe [2007-11-02 1283336]
R2 WSearch;Vyhledávání systému Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINDOWS\system32\xmesrv.exe [2009-10-09 34696]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S2 ke3iiqkegafayaye;Winferno Subscription Service; C:\WINDOWS\system32\wuryn.exe []
S2 oka96owne7ukt1;AOL Antivirus Update Service; C:\WINDOWS\system32\jouraguze.exe [2010-11-30 461824]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-04-27 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-19 651720]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-11-02 767240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 25 bře 2011 12:31

Zdravím, no aby ne když tam máš šmejdy.

Nejdříve smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Steron · #3 Příspěvek od **Steron** » 25 bře 2011 13:16

to jsou cely stada smejdu

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6166

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.3.2011 13:15:58
mbam-log-2011-03-25 (13-12-44).txt

Typ kontroly: Rychlý test
Testované objekty: 192720
Uplynulý čas: 8 minut, 54 sekund

Infikované procesy v paměti: 5
Infikované moduly v paměti: 1
Infikované klíče v registru: 128
Infikované hodnoty v registru: 14
Infikované datové položky v registru: 2
Infikované složky: 37
Infikované soubory: 216

Infikované procesy v paměti:
c:\WINDOWS\system32\byquuka.exe (Spyware.Passwords.XGen) -> 1772 -> No action taken.
c:\WINDOWS\system32\wuaucldt.exe (Trojan.Downloader) -> 3788 -> No action taken.
c:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> 5068 -> No action taken.
c:\documents and settings\all users\data aplikací\queryexplorer\queryexplorer139.exe (Adware.QueryExplorer) -> 2428 -> No action taken.
c:\program files\queryexplorer\queryexplorer.exe (Adware.QueryExplorer) -> 2936 -> No action taken.

Infikované moduly v paměti:
c:\program files\queryexplorer\queryexplorer.dll (Adware.Agent.Gen) -> No action taken.

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aiaderioaqaduaqn (Spyware.Passwords.XGen) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zerwcdui (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\baf8141 (BackDoor.Gootkit) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kot11ab (BackDoor.Gootkit) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrc0f06 (BackDoor.Gootkit) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oka96owne7ukt1 (Spyware.Passwords.XGen) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pteb363 (BackDoor.Gootkit) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUERYEXPLORER_SERVICE (Adware.QueryExplorer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Firewall (Trojan.Dropper) -> Value: Windows Firewall -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Firewall (Trojan.Dropper) -> Value: Windows Firewall -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kucom (Spyware.Passwords.XGen) -> Value: kucom -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Trojan.Agent) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Trojan.Agent) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.491.0 (Adware.HotBar) -> Value: ShopperReports 3.0.491.0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790574B2765F5B34A096 (Malware.Trace) -> Value: SRS_IT_E8790574B2765F5B34A096 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-8641345528-7411214675-574603296-6531\nvapbar.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované složky:
c:\documents and settings\all users\data aplikací\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\res2 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\program files\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.536.0 (Adware.ClickPotato) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> No action taken.
c:\program files\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\program files\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin\2.7.27 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports (Adware.ShopperReports) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\byquuka.exe (Spyware.Passwords.XGen) -> No action taken.
c:\program files\queryexplorer\queryexplorer.dll (Adware.Agent.Gen) -> No action taken.
c:\WINDOWS\system32\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\Documents and Settings\Reditel\Local Settings\Temp\lsass.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\looviporu.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Reditel\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\system32\drivers\zerwcdui.sys (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\baf8141.sys (BackDoor.Gootkit) -> No action taken.
c:\WINDOWS\system32\drivers\kot11ab.sys (BackDoor.Gootkit) -> No action taken.
c:\WINDOWS\system32\drivers\mrc0f06.sys (BackDoor.Gootkit) -> No action taken.
c:\WINDOWS\system32\jouraguze.exe (Spyware.Passwords.XGen) -> No action taken.
c:\WINDOWS\system32\drivers\pteb363.sys (BackDoor.Gootkit) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\Pltfrm.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\shopperreports.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\CmndFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\BRNstIE.dll (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\juzjf.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\localservice\data aplikací\microsoft\dessykoot.exe (Trojan.Downloader) -> No action taken.
c:\RECYCLER\s-1-5-21-6406359423-9251304418-998766613-4210\yv8g67.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\081grsn.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0dzuu6g.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0g9c1yu.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0jfvvlr.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0kkfwwr.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0mmhyyt.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0si0eez.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0vrmm6y.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0wrhidt.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\0zvqq6c.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\1awwrii.exe (Worm.Autorun) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\1awwrxt.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\1kggbss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\1qmmhyy.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\1soojaa.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\2dyy6kk.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\2hcc81e.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\2lgg6ss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\2xss6ee.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\3aavmmh.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\3si0eez.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\3uupggb.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\66e3g1w.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\6c91oza.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\6kk6ww6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\6ww6ii6.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\70bxss6.exe (Trojan.Refroso) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\70fbww6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\70xi1ea.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\iduupggbss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\j0plgg6ss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\jze6a8why.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\kk6ww6ii6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\l0rniyuup.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lbbxnnjz.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lbh66y81.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lccxooja.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lccxoojaavm.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lg1cyytkkf.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lgg6ss6ee.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\lhci70jfaa6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\m19y1uqq.exe (Trojan.Refroso) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\m1ieezqq.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\m8ytjkfvwrs.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\mhn60pka0b.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ssneezqqlc.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\tkplbbxnnjz.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\to1kggbssn.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\too6aa6mm6y.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ttjp6bgc.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ttpffbrrndd.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ttu70vrmm6y.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\u3wwriiduup.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\u70vrmm6y.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\u81grsnt66k.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\upggbssn.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\uplbbxnn.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\uu6gg6ss6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\v0bxss1o6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\vqmrsnt5zkg.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\c1yuupgg.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\csi1efk8.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ctju1klq.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\d703kgg9cd.exe (Worm.Autorun) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\defkvghcdte.exe (Trojan.Refroso) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\dezpqlmh0nd.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\dojkf0870x.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\dttpffbr.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\dz2vqq6cc6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ejzf66w86i.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ez03q1mns81.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\vqq6cc6oo6a.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\vw70xtoo6a.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\w70xtoo6a.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\wr03i0jzf66.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\wriiduup.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\wrny1efk3m.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\x86e81qbcxn.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\xoojaal2xss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\xoojaavmmhy.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\xsty86k81w.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\y1ozavb61.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\y1ozavb66.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\y1u9q1mi.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\y5u1klq81c.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\y9u1qmmhyy.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ydop60gh.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\zvllhxxt.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\zvllhxxtjj.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\70zvqq6.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\bxnnjzzvll.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\f0lhcc6oo.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ndezpqlb.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\rxn986971r9.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\njzzvllhxx.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\o1kggbss.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\ojaavmmh.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\oo6aa6mm6.exe (Worm.Autorun) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\oojaavmm.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\oojaavmmhy.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\pafqbcxnojz.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\pggbssne.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\pggbssneezq.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\pgwrhido6.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\plbbxnnj.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\q1mii1ea.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\q1miiduu.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\q1miiduupg.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\qbhxxt2u.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\qmmhyytkkf.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\riiduupg.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\rm1ieezqql.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\rmdte1uva8.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\rsd5uukl.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\75y703q.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\81cnojz.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\81ufghh.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\81yjkfl.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\8wrnddz.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\8x3uzaq.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9c1yuup.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9i1eaav.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9k1gccx.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9m1ieez.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9q1miid.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\9sy9o65.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\a3ccxoojaav.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\a6mm70tp.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\aaqg0hxd.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\aavmmhyytk.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\b0hdyy6kk.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\br2xyt03.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\fbb66s86.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\fvvrhhdt.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\g1cydze3.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\g3iiduupggb.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\h1sdezpqlb.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\h70yjuzkvw.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\hddzppllhcc.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\hxi1oj081.exe (Trojan.Ddox) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\hxytjkfgb0.exe (Trojan.Lethic) -> No action taken.
c:\documents and settings\Reditel\nabídka start\Programy\po spuštění\i70jfaa6m.exe (Trojan.Lethic) -> No action taken.
c:\WINDOWS\system32\08.tmp (Worm.Conficker) -> No action taken.
c:\WINDOWS\system32\dessykoot.exe (Spyware.Passwords.XGen) -> No action taken.
c:\WINDOWS\system32\dobou.exe (Spyware.Passwords.XGen) -> No action taken.
c:\WINDOWS\system32\nabej.exe (Spyware.Passwords.XGen) -> No action taken.
c:\WINDOWS\system32\drivers\wcscd.sys (Rootkit.Agent) -> No action taken.
c:\documents and settings\Reditel\local settings\Temp\NS8.tmp (Rootkit.Agent) -> No action taken.
c:\documents and settings\Reditel\local settings\Temp\NS9.tmp (Rootkit.Agent) -> No action taken.
c:\documents and settings\Reditel\local settings\Temp\NSA.tmp (Rootkit.Agent) -> No action taken.
c:\WINDOWS\Temp\QUEB.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
c:\documents and settings\Reditel\data aplikací\BG0Ai.txt (Malware.Trace) -> No action taken.
c:\WINDOWS\wibrf.jpg (Malware.Trace) -> No action taken.
c:\WINDOWS\wiybr.png (Malware.Trace) -> No action taken.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
c:\documents and settings\localservice\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
c:\documents and settings\Reditel\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
c:\documents and settings\Reditel\secupdat.dat (Worm.Autorun) -> No action taken.
c:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Reditel\dhruf.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\queryexplorer\queryexplorer139.exe (Adware.QueryExplorer) -> No action taken.
c:\documents and settings\all users\data aplikací\queryexplorer\queryexplorer119.exe (Adware.QueryExplorer) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\dwld\whitelist.xip (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\Firefox\cs\res2\whitelist.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Reditel\data aplikací\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> No action taken.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> No action taken.
c:\program files\queryexplorer\queryexplorer.exe (Adware.QueryExplorer) -> No action taken.
c:\program files\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.491.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> No action taken.

#4 Příspěvek od **Roli** » 25 bře 2011 14:51

Noo moc pěkné.

Tak že to co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Steron · #5 Příspěvek od **Steron** » 26 bře 2011 09:10

MBAM OK.

Combofix - nejdriv protestoval kvuli nejakym zbytkum AVG. Nakonec pomohlo AVG znova nainstalovat a pak odinstalovat pomoci AVG Removal Tool. Ted se Combofix uz rozebehne bez protestu, ale skonci kdyz je: Dokoncena faze_2. V ten moment zamrzne a nic se nedeje (30min) Zkouseno 2x, je potreba NTB natvrdo vypnout...

#6 Příspěvek od **Roli** » 26 bře 2011 11:31

No tak jinak, použij nejdříve AVP Tool z mého podpisu.

Steron · #7 Příspěvek od **Steron** » 28 bře 2011 11:43

AVP se zasekne taky, uz pri 1%. NOD32 se mi podarilo nainstalovat, test jim se zasekl na cimsdvve.sys, zkusil jsem ho poslat na virustotal.com v tu chvili zkolaboval Firefox a nakonec jsem ten soubor zkusil zkopirovat v Total Commanderu a ten klekne taky...

#8 Příspěvek od **Roli** » 28 bře 2011 12:21

Jdi do Nouzového režimu a zkus tam spustit nejdříve ComboFix.

Pokud nepůjde zkus totéž s AVP Tool.

Steron · #9 Příspěvek od **Steron** » 28 bře 2011 13:15

Stale to same

ComboFix se sekne u Faze 2 a AVP se zasekne pri kontrole cimsdvve.sys

#10 Příspěvek od **Roli** » 28 bře 2011 13:33

Tak totéž ještě z Cure Item z mého podpisu.

Pokud ani ten nepůjde dej mi sem aktuální log z Rsit.

Steron · #11 Příspěvek od **Steron** » 28 bře 2011 14:20

Cure It bezi, zatim rychly sken pri spusteni. Je zatim cca v pulce, ale v cimsdvve.sys nasel a smazal Trojan.NtRootkit.9868 Mam pak pustit i Kompletni scan, nebo zkusit ComboFix?

#12 Příspěvek od **Roli** » 28 bře 2011 14:34

Pak zkus ten Comboix a když nepůjde dej kompletní skan Cure Item.

Steron · #13 Příspěvek od **Steron** » 28 bře 2011 15:35

ComboFix uz probehl

ComboFix 11-03-27.02 - Reditel 28.03.2011 16:15:58.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2543 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reditel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Reditel\Dokumenty\cc_20110324_163417.reg
c:\windows\ndl.dl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 14:09 . 2011-03-28 14:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-03-28 12:37 . 2011-03-28 12:37 -------- d-----w- c:\documents and settings\Reditel\DoctorWeb
2011-03-28 08:47 . 2011-03-28 08:47 -------- d-----w- c:\program files\ESET
2011-03-28 08:47 . 2011-03-28 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-03-25 14:11 . 2011-03-25 14:11 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-03-25 14:07 . 2011-03-25 14:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\documents and settings\Reditel\Data aplikací\Malwarebytes
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-25 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 11:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 10:46 . 2011-03-25 10:46 -------- d-----w- c:\program files\trend micro
2011-03-25 10:46 . 2011-03-25 10:46 -------- d-----w- C:\rsit
2011-03-25 10:17 . 2011-03-25 10:17 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\ESET
2011-03-25 09:25 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-24 15:32 . 2011-03-24 15:32 -------- d-----w- c:\program files\CCleaner
2011-03-24 13:44 . 2011-03-24 13:44 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\Apple
2011-03-24 12:57 . 2011-03-24 12:57 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\{01A9A77D-6AAA-4910-89DD-AA1CF94D5618}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 09:35 . 2010-04-24 15:05 212992 ----a-r- c:\program files\MSP_Uninstall.exe
2007-04-04 07:24 . 2010-04-24 15:05 90112 ----a-r- c:\program files\axesstel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8470528]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"nwiz"="nwiz.exe" [2007-08-09 1626112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
N stroje SMART Board.lnk - c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-2 4519176]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2008-7-17 159744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 07:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 00:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2007-01-24 13:28 124928 ----a-w- c:\windows\system32\accelerometerST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 16:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-20 23:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-05-19 12:29 385024 ----a-w- c:\program files\PDF\pdfSaver\pdfSaver3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-06-26 07:51 1238352 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9006:TCP"= 9006:TCP:kagwrxra
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [26.4.2007 20:23 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 14:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.3.2007 17:54 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [26.4.2007 20:23 5808]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2.8.2007 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2.8.2007 14:00 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [10.3.2008 23:40 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [27.4.2007 11:58 221184]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [8.9.2008 14:57 124928]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [23.11.2009 11:08 34696]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 20:13 36608]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [26.1.2008 21:15 47616]
S2 cimsdvve;cimsdvve; [x]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 15:44 135664]
S2 ke3iiqkegafayaye;Winferno Subscription Service;c:\windows\system32\wuryn.exe --> c:\windows\system32\wuryn.exe [?]
S2 vtilfjgt;Support Monitor;c:\windows\system32\svchost.exe -k netsvcs [2.8.2007 14:00 14336]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.6.2010 13:51 93440]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [24.4.2010 17:05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [24.4.2010 17:05 40064]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [23.4.2007 14:13 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [30.4.2007 9:28 172131]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.12.2010 15:07 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.12.2010 15:07 100736]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [10.3.2008 23:40 43184]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21.5.2009 8:30 57984]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2.11.2007 5:48 767240]
S3 STI2303X;SMART Board cable;c:\windows\system32\drivers\STI2303X.sys [6.8.2008 13:48 13440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vtilfjgt
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:44]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath - c:\documents and settings\Reditel\Data aplikací\Mozilla\Firefox\Profiles\6273soer.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-pdfSaver3 - (no file)
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-cimsdvve
SafeBoot-zerwcdui.sys
MSConfigStartUp-bouvas - c:\windows\system32\dessykoot.exe
MSConfigStartUp-kucom - c:\windows\system32\looviporu.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-soovybyqu - c:\windows\system32\dessykoot.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 16:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtilfjgt]
"ServiceDll"="c:\windows\system32\kddsiq.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\SMART Technologies Inc\SMART Board Software\Aware.exe
c:\windows\system32\wscntfy.exe
c:\program files\SMART Technologies Inc\SMART Board Software\Marker.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\SoftwareDistribution\Download\dab1ec93dbe040cb2a4b33404292a444\update\update.exe
.
**************************************************************************
.
Celkový čas: 2011-03-28 16:33:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-28 14:33
.
Před spuštěním: Volných bajtů: 76 578 988 032
Po spuštění: Volných bajtů: 76 483 342 336
.
- - End Of File - - 7886762DF12EB9DA0CCA0C664630258C

#14 Příspěvek od **Roli** » 28 bře 2011 20:35

Ještě doladíme.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

KillAll::

File:: 
c:\windows\system32\wuryn.exe
c:\windows\system32\kddsiq.dll

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtilfjgt]
"ServiceDll"=-

Driver::
cimsdvve
ke3iiqkegafayaye
vtilfjgt

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Steron · #15 Příspěvek od **Steron** » 29 bře 2011 09:22

ComboFix 11-03-28.03 - Reditel 29.03.2011 10:06:33.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2453 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reditel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Reditel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\system32\kddsiq.dll"
"c:\windows\system32\wuryn.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CIMSDVVE
-------\Legacy_KE3IIQKEGAFAYAYE
-------\Legacy_VTILFJGT
-------\Service_cimsdvve
-------\Service_ke3iiqkegafayaye
-------\Service_vtilfjgt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-28 14:09 . 2011-03-28 14:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-03-28 12:37 . 2011-03-28 12:37 -------- d-----w- c:\documents and settings\Reditel\DoctorWeb
2011-03-28 08:47 . 2011-03-28 08:47 -------- d-----w- c:\program files\ESET
2011-03-28 08:47 . 2011-03-28 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-03-25 14:11 . 2011-03-25 14:11 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-03-25 14:07 . 2011-03-25 14:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\documents and settings\Reditel\Data aplikací\Malwarebytes
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-25 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 11:59 . 2011-03-25 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 11:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 10:46 . 2011-03-25 10:46 -------- d-----w- c:\program files\trend micro
2011-03-25 10:46 . 2011-03-25 10:46 -------- d-----w- C:\rsit
2011-03-25 10:17 . 2011-03-25 10:17 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\ESET
2011-03-25 09:30 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-25 09:30 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-25 09:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-25 09:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-25 09:25 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-24 15:32 . 2011-03-24 15:32 -------- d-----w- c:\program files\CCleaner
2011-03-24 13:44 . 2011-03-24 13:44 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\Apple
2011-03-24 12:57 . 2011-03-24 12:57 -------- d-----w- c:\documents and settings\Reditel\Local Settings\Data aplikací\{01A9A77D-6AAA-4910-89DD-AA1CF94D5618}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2007-08-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2007-08-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-01-26 18:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-01-26 18:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2007-08-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2007-08-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2007-08-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2008-06-17 09:35 . 2010-04-24 15:05 212992 ----a-r- c:\program files\MSP_Uninstall.exe
2007-04-04 07:24 . 2010-04-24 15:05 90112 ----a-r- c:\program files\axesstel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8470528]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"nwiz"="nwiz.exe" [2007-08-09 1626112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
N stroje SMART Board.lnk - c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-2 4519176]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2008-7-17 159744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 07:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 00:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2007-01-24 13:28 124928 ----a-w- c:\windows\system32\accelerometerST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 16:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-20 23:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-05-19 12:29 385024 ----a-w- c:\program files\PDF\pdfSaver\pdfSaver3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-06-26 07:51 1238352 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9006:TCP"= 9006:TCP:kagwrxra
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [26.4.2007 20:23 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 14:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.3.2007 17:54 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [26.4.2007 20:23 5808]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2.8.2007 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2.8.2007 14:00 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [10.3.2008 23:40 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [27.4.2007 11:58 221184]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [8.9.2008 14:57 124928]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [23.11.2009 11:08 34696]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 20:13 36608]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [26.1.2008 21:15 47616]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 15:44 135664]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.6.2010 13:51 93440]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [24.4.2010 17:05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [24.4.2010 17:05 40064]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [23.4.2007 14:13 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [30.4.2007 9:28 172131]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.12.2010 15:07 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.12.2010 15:07 100736]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [10.3.2008 23:40 43184]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21.5.2009 8:30 57984]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2.11.2007 5:48 767240]
S3 STI2303X;SMART Board cable;c:\windows\system32\drivers\STI2303X.sys [6.8.2008 13:48 13440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:44]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath - c:\documents and settings\Reditel\Data aplikací\Mozilla\Firefox\Profiles\6273soer.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-29 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll
.
- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\SMART Technologies Inc\SMART Board Software\Aware.exe
c:\program files\SMART Technologies Inc\SMART Board Software\Marker.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2011-03-29 10:21:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-29 08:21
ComboFix2.txt 2011-03-28 14:33
.
Před spuštěním: Volných bajtů: 75 950 858 240
Po spuštění: Volných bajtů: 76 814 602 240
.
- - End Of File - - 52A0A08B5BF43C8D615733AC57733C95

VIRY.CZ

Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...

Re: Pls o kontrolu logu, SPAM, nefunguje NOD32 atd...