VIRY.CZ

USBéčka určitě jsou OK , v nouzovém režimu jedou
Měl jsme tam nějakého vira , smazal jsme to přes MKS online .
Protože USBéčka nejely dál tak jsme spustil ComboFix , ale nejsem si jistý ,že to byl ten správný ...
To jsou viry co mi našel MKS ... poprvé a pak podruhé ...
ROXIO MyDVD Basicv9\VideoUI 9\VUIProdataMMPlugIn.dll
Backdoor.Small.hzm Worm.Sobig.f.dam
*********************************
comboFix\PV.cfxxe Trojan .Agent.xeh
comboFix\PV.com Trojan .Agent.xeh

Ted už žáden antivirák nic nenašel . Kaspersky , MKS apod...
Tady je log , plís ... :
Logfile of random's system information tool 1.08 (written by random/random)
Run by LUBO at 2011-04-29 22:01:15
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 14 GB (14%) free of 106 GB
Total RAM: 2039 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:01:35, on 29.4.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TeViiRC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\LUBO\Desktop\RSIT.exe
C:\Program Files\trend micro\LUBO.exe
C:\Windows\System32\wsqmcons.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-zones.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TeViiRC] C:\Windows\TeViiRC.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.mks.com.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB563E3A-8491-4F67-A63E-0CCAC84482B6}: NameServer = 93.153.117.1,62.141.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0F~\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1.0F~\kloehk.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\System32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 9115 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-30 198160]
"TeViiRC"=C:\Windows\TeViiRC.exe [2010-04-21 328056]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-13 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-13 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-13 129560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-03-12 311680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-01-29 888120]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-01-29 3372856]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-04-28 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
c:\Windows\system32\ifxspmgt.exe [2007-07-24 677144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay]
C:\Windows\system32\MSTMON_Q.EXE [2004-11-26 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeViiRC]
C:\Windows\TeViiRC.exe [2010-04-21 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoViewer]
C:\Program Files\VideoViewer\VideoViewer.exe [2010-03-17 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2007-05-23 192512]

C:\Users\LUBO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\System32\APSHook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0F~\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1.0F~\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\Windows\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
"NoDriveTypeAutoRun_KL_notset"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-04-29 21:29:42 ----D---- C:\Program Files\trend micro
2011-04-29 21:29:41 ----D---- C:\rsit
2011-04-28 23:25:44 ----D---- C:\Windows\temp
2011-04-28 23:25:43 ----A---- C:\ComboFix.txt
2011-04-28 23:25:12 ----SHD---- C:\$RECYCLE.BIN
2011-04-28 23:14:09 ----D---- C:\ComboFix
2011-04-28 23:13:33 ----A---- C:\Windows\SWXCACLS.exe
2011-04-28 21:10:11 ----D---- C:\Program Files\Crawler
2011-04-28 21:10:06 ----D---- C:\Users\LUBO\AppData\Roaming\Spyware Terminator
2011-04-28 21:10:06 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-04-28 21:09:54 ----D---- C:\ProgramData\Spyware Terminator
2011-04-28 21:09:47 ----D---- C:\Program Files\Spyware Terminator
2011-04-27 22:54:44 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-04-27 22:54:43 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-27 22:54:37 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-26 23:51:50 ----A---- C:\Windows\system32\drivers\klif.sys
2011-04-26 22:40:25 ----D---- C:\KAV
2011-04-26 20:40:39 ----A---- C:\Windows\system32\CF27801.exe
2011-04-26 20:27:35 ----A---- C:\Windows\system32\CF25136.exe
2011-04-26 18:44:03 ----A---- C:\Windows\system32\wininet.dll
2011-04-26 18:44:03 ----A---- C:\Windows\system32\msls31.dll
2011-04-26 18:44:03 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-26 18:44:03 ----A---- C:\Windows\system32\iertutil.dll
2011-04-26 18:44:02 ----A---- C:\Windows\system32\urlmon.dll
2011-04-26 18:44:02 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-26 18:44:02 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-26 18:44:02 ----A---- C:\Windows\system32\msrating.dll
2011-04-26 18:44:02 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-26 18:44:02 ----A---- C:\Windows\system32\ieui.dll
2011-04-26 18:44:02 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-26 18:44:01 ----A---- C:\Windows\system32\ieframe.dll
2011-04-26 18:44:01 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-26 18:44:01 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\url.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\iesetup.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\iernonce.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-26 18:44:00 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-26 18:44:00 ----A---- C:\Windows\system32\icardie.dll
2011-04-26 18:43:59 ----A---- C:\Windows\system32\webcheck.dll
2011-04-26 18:43:59 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-26 18:43:59 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-26 18:43:59 ----A---- C:\Windows\system32\inseng.dll
2011-04-26 18:43:58 ----A---- C:\Windows\system32\wextract.exe
2011-04-26 18:43:58 ----A---- C:\Windows\system32\vbscript.dll
2011-04-26 18:43:58 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-26 18:43:58 ----A---- C:\Windows\system32\iexpress.exe
2011-04-26 18:43:57 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-26 18:43:57 ----A---- C:\Windows\system32\occache.dll
2011-04-26 18:43:57 ----A---- C:\Windows\system32\mshtml.dll
2011-04-26 18:43:57 ----A---- C:\Windows\system32\mshta.exe
2011-04-26 18:43:57 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-26 18:43:57 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-26 18:43:57 ----A---- C:\Windows\system32\admparse.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\jscript9.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\jscript.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\imgutil.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\iepeers.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\ieakui.dll
2011-04-26 18:43:56 ----A---- C:\Windows\system32\advpack.dll
2011-04-26 18:43:55 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-26 18:43:55 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-26 18:43:55 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-26 18:43:55 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-26 00:23:41 ----D---- C:\Users\LUBO\AppData\Roaming\InstallShield
2011-04-25 23:38:16 ----A---- C:\Windows\MBR.exe
2011-04-25 23:38:15 ----A---- C:\Windows\zip.exe
2011-04-25 23:38:15 ----A---- C:\Windows\SWSC.exe
2011-04-25 23:38:15 ----A---- C:\Windows\SWREG.exe
2011-04-25 23:38:15 ----A---- C:\Windows\sed.exe
2011-04-25 23:38:15 ----A---- C:\Windows\PEV.exe
2011-04-25 23:38:15 ----A---- C:\Windows\NIRCMD.exe
2011-04-25 23:38:15 ----A---- C:\Windows\grep.exe
2011-04-25 23:38:07 ----D---- C:\Windows\ERDNT
2011-04-25 23:37:31 ----D---- C:\Qoobox
2011-04-25 21:34:23 ----A---- C:\Windows\system32\Redemption.dll
2011-04-25 21:33:44 ----D---- C:\Program Files\MarkAny
2011-04-25 21:33:44 ----A---- C:\Windows\system32\drivers\dgderdrv.sys
2011-04-25 21:33:44 ----A---- C:\Windows\system32\dgderapi.dll
2011-04-25 21:32:06 ----D---- C:\Users\LUBO\AppData\Roaming\Samsung
2011-04-25 21:32:00 ----D---- C:\ProgramData\Samsung
2011-04-25 21:32:00 ----D---- C:\Program Files\Samsung
2011-04-25 19:20:53 ----A---- C:\Windows\system32\javaws.exe
2011-04-25 19:20:53 ----A---- C:\Windows\system32\javaw.exe
2011-04-25 19:20:53 ----A---- C:\Windows\system32\java.exe
2011-04-24 20:45:20 ----A---- C:\Windows\system32\WDMBW_2NC.dll
2011-04-13 21:44:31 ----A---- C:\Windows\system32\atmfd.dll
2011-04-13 21:44:29 ----A---- C:\Windows\system32\atmlib.dll
2011-04-13 21:44:18 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-13 21:44:17 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-13 21:44:17 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-13 21:44:17 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-13 21:44:16 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-13 21:44:15 ----A---- C:\Windows\system32\mfc42.dll
2011-04-13 21:44:12 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-13 21:44:11 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-13 21:44:11 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-13 21:44:09 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-13 21:44:09 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-13 21:44:09 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-13 21:44:06 ----A---- C:\Windows\system32\win32k.sys
2011-04-13 21:44:03 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-13 21:43:55 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-07 14:15:07 ----D---- C:\ProgramData\WindowsSearch
2011-04-02 22:03:46 ----D---- C:\Users\LUBO\AppData\Roaming\DVD Flick
2011-04-02 22:03:28 ----A---- C:\Windows\system32\ssubtmr6.dll
2011-04-02 22:03:27 ----D---- C:\Program Files\DVD Flick

======List of files/folders modified in the last 1 months======

2011-04-29 22:01:27 ----D---- C:\Windows\Prefetch
2011-04-29 21:57:54 ----D---- C:\Windows\System32
2011-04-29 21:57:54 ----D---- C:\Windows\inf
2011-04-29 21:57:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-29 21:55:27 ----D---- C:\Users\LUBO\AppData\Roaming\Skype
2011-04-29 21:55:14 ----D---- C:\Windows\Minidump
2011-04-29 21:55:14 ----D---- C:\WINDOWS
2011-04-29 21:54:18 ----D---- C:\Program Files
2011-04-29 21:53:00 ----D---- C:\ProgramData\Kaspersky Lab
2011-04-29 21:46:27 ----D---- C:\Program Files\ScreenVCR
2011-04-29 21:46:11 ----D---- C:\Program Files\ProgDVB
2011-04-29 21:45:40 ----SHD---- C:\Windows\Installer
2011-04-29 21:44:57 ----D---- C:\ProgramData
2011-04-29 21:44:31 ----D---- C:\Program Files\Hewlett-Packard
2011-04-29 21:42:59 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 23:25:45 ----D---- C:\Windows\system32\drivers
2011-04-28 23:23:55 ----N---- C:\Windows\system.ini
2011-04-28 23:21:45 ----D---- C:\Windows\AppPatch
2011-04-28 23:21:44 ----D---- C:\Program Files\Common Files
2011-04-28 22:51:51 ----D---- C:\Windows\system32\drivers\etc
2011-04-28 22:14:06 ----D---- C:\Program Files\Advanced IP Scanner
2011-04-28 21:22:00 ----SHD---- C:\System Volume Information
2011-04-28 20:30:15 ----D---- C:\Users\LUBO\AppData\Roaming\FileZilla
2011-04-28 20:29:56 ----D---- C:\Windows\Debug
2011-04-28 20:28:49 ----D---- C:\Program Files\CCleaner
2011-04-28 18:24:06 ----D---- C:\Users\LUBO\AppData\Roaming\skypePM
2011-04-28 14:17:21 ----D---- C:\Windows\system32\catroot2
2011-04-28 00:57:03 ----D---- C:\Windows\winsxs
2011-04-27 22:54:19 ----D---- C:\Windows\system32\catroot
2011-04-26 23:52:17 ----D---- C:\Program Files\Kaspersky Lab
2011-04-26 22:43:33 ----D---- C:\Program Files\TrustPort Personal Firewall
2011-04-26 22:43:32 ----D---- C:\Program Files\Common Files\TrustPort
2011-04-26 22:34:08 ----D---- C:\MOJE
2011-04-26 22:11:27 ----D---- C:\Program Files\stb_Editor
2011-04-26 22:10:49 ----D---- C:\ProgramData\Installations
2011-04-26 22:10:38 ----D---- C:\Program Files\Nokia
2011-04-26 22:10:38 ----D---- C:\Program Files\Common Files\Nokia
2011-04-26 22:09:05 ----D---- C:\ProgramData\Nokia
2011-04-26 22:03:53 ----D---- C:\Users\LUBO\AppData\Roaming\Nokia Ovi Suite
2011-04-26 22:03:53 ----D---- C:\Users\LUBO\AppData\Roaming\Nokia
2011-04-26 21:59:03 ----D---- C:\Program Files\DrEditHD
2011-04-26 20:40:38 ----D---- C:\Windows\system32\cs-CZ
2011-04-26 20:28:18 ----D---- C:\Windows\rescache
2011-04-26 20:08:45 ----D---- C:\SAT
2011-04-26 19:56:47 ----D---- C:\Windows\system32\Tasks
2011-04-26 19:38:13 ----RD---- C:\Windows\Offline Web Pages
2011-04-26 19:38:13 ----D---- C:\Windows\system32\wbem
2011-04-26 19:38:13 ----D---- C:\Windows\system32\migration
2011-04-26 19:38:13 ----D---- C:\Windows\system32\en-US
2011-04-26 19:38:13 ----D---- C:\Windows\PolicyDefinitions
2011-04-26 19:38:13 ----D---- C:\Program Files\Internet Explorer
2011-04-26 19:38:11 ----SD---- C:\Windows\Downloaded Program Files
2011-04-26 18:44:24 ----D---- C:\Windows\Logs
2011-04-26 00:23:39 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-26 00:23:38 ----D---- C:\Program Files\InterVideo
2011-04-25 23:51:52 ----D---- C:\Windows\system32\config
2011-04-25 23:50:41 ----D---- C:\audiograbber
2011-04-25 19:21:07 ----D---- C:\Program Files\Common Files\Java
2011-04-25 19:20:51 ----D---- C:\Program Files\Java
2011-04-25 16:35:10 ----D---- C:\Program Files\SkanerOnline
2011-04-22 11:12:44 ----SD---- C:\Users\LUBO\AppData\Roaming\Microsoft
2011-04-21 09:47:01 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-18 15:46:44 ----A---- C:\Windows\system32\mrt.exe
2011-04-14 15:36:14 ----D---- C:\Windows\Microsoft.NET
2011-04-14 15:36:12 ----RSD---- C:\Windows\assembly
2011-04-14 15:22:34 ----D---- C:\Program Files\Windows Mail
2011-04-13 16:53:51 ----D---- C:\ProgramData\VideoViewer
2011-04-13 16:44:41 ----D---- C:\tempvideo
2011-04-07 14:37:09 ----D---- C:\ProgramData\Roxio
2011-04-06 21:08:03 ----D---- C:\Program Files\FileZilla FTP Client
2011-04-02 21:39:24 ----D---- C:\Users\LUBO\AppData\Roaming\vlc
2011-03-30 14:52:09 ----D---- C:\Alena
2011-03-30 13:23:17 ----D---- C:\ProgramData\Adobe
2011-03-30 00:24:05 ----D---- C:\Program Files\Microsoft SQL Server
2011-03-30 00:23:42 ----D---- C:\Windows\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2007-01-05 18944]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-21 304920]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 SafeBoot;SafeBoot; C:\Windows\system32\drivers\SafeBoot.sys [2007-08-14 101167]
R0 SbAlg;SbAlg; C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock; C:\Windows\system32\drivers\SbFsLock.sys [2007-06-14 13184]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888]
R1 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys [2008-08-28 60352]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-04-27 233560]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-04-27 22104]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-07-24 38816]
R1 RsvLock;RsvLock; C:\Windows\system32\drivers\RsvLock.sys [2007-08-14 5840]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-04-28 142592]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\Windows\system32\MLPTDR_Q.SYS [2003-07-22 18848]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2007-01-05 27136]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-18 45624]
R3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S1 MpKsl088fbb29;MpKsl088fbb29; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl088fbb29.sys []
S1 MpKsl0a701cdf;MpKsl0a701cdf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl0a701cdf.sys []
S1 MpKsl0c4b8ebf;MpKsl0c4b8ebf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94F82F68-73B2-4549-B434-E0DFD7B93A9C}\MpKsl0c4b8ebf.sys []
S1 MpKsl0cc0ccd4;MpKsl0cc0ccd4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl0cc0ccd4.sys []
S1 MpKsl202e7d1f;MpKsl202e7d1f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl202e7d1f.sys []
S1 MpKsl3b177701;MpKsl3b177701; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl3b177701.sys []
S1 MpKsl414798c2;MpKsl414798c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD77DB08-9583-4117-B572-41F2D1BB8744}\MpKsl414798c2.sys []
S1 MpKsl42c9b9a2;MpKsl42c9b9a2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl42c9b9a2.sys []
S1 MpKsl45639320;MpKsl45639320; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl45639320.sys []
S1 MpKsl61ea7fe8;MpKsl61ea7fe8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl61ea7fe8.sys []
S1 MpKsl63741754;MpKsl63741754; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl63741754.sys []
S1 MpKsl65a71a43;MpKsl65a71a43; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D23CBA01-5A92-460F-A034-1A0BB16032CA}\MpKsl65a71a43.sys []
S1 MpKsl6c67ecb8;MpKsl6c67ecb8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6c67ecb8.sys []
S1 MpKsl6e230a6b;MpKsl6e230a6b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6e230a6b.sys []
S1 MpKsl76ca5831;MpKsl76ca5831; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl76ca5831.sys []
S1 MpKsl8037ba0c;MpKsl8037ba0c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl8037ba0c.sys []
S1 MpKsla8ec16c4;MpKsla8ec16c4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsla8ec16c4.sys []
S1 MpKslb0fc0a25;MpKslb0fc0a25; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKslb0fc0a25.sys []
S1 MpKsld1eb1ecc;MpKsld1eb1ecc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsld1eb1ecc.sys []
S1 MpKsldbbb9365;MpKsldbbb9365; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsldbbb9365.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 534016]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 534016]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 catchme;catchme; \??\C:\Users\LUBO\AppData\Local\Temp\catchme.sys []
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-29 20032]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2009-10-22 72520]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2008-04-11 51040]
S3 MPEVirtual;TeViiData Network Adapter Driver; C:\Windows\system32\DRIVERS\TeViiData.sys [2009-11-12 18272]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SAllBDA;TeVii DVB-S/S2 Receiver; C:\Windows\System32\Drivers\TeViiSAll.sys [2010-04-21 229752]
S3 Ser2pl;ATEN USB to Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 USBCCID;Čtecí zařízení čipových karet USB; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-11 30208]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-04-16 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-03-12 311680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2007-01-05 18944]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\Windows\system32\ifxspmgt.exe [2007-07-24 677144]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\System32\IFXTCS.exe [2007-07-24 886040]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 PersonalSecureDriveService;Personal Secure Drive service; c:\Windows\system32\IfxPsdSv.exe [2007-07-24 140568]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-04-28 496128]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Trvalo to asi 30min ....

ComboFix 11-04-29.03 - LUBO 30.04.2011 9:49.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2039.859 [GMT 2:00]
Spuštěný z: c:\users\LUBO\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LUBO\Documents\cc_20110429_215845.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 08:05 . 2011-04-30 08:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-30 08:05 . 2011-04-30 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-29 19:29 . 2011-04-29 20:01 -------- d-----w- c:\program files\trend micro
2011-04-29 19:29 . 2011-04-29 19:33 -------- d-----w- C:\rsit
2011-04-29 14:27 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{592EC5FB-AADF-470A-B466-2E0C57D23B26}\mpengine.dll
2011-04-28 21:25 . 2011-04-30 08:06 -------- d-----w- c:\users\LUBO\AppData\Local\temp
2011-04-28 19:10 . 2011-04-29 19:43 -------- d-----w- c:\program files\Crawler
2011-04-28 19:10 . 2011-04-28 19:13 -------- d-----w- c:\users\LUBO\AppData\Roaming\Spyware Terminator
2011-04-28 19:10 . 2011-04-28 19:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-28 19:09 . 2011-04-29 14:23 -------- d-----w- c:\programdata\Spyware Terminator
2011-04-28 19:09 . 2011-04-28 20:14 -------- d-----w- c:\program files\Spyware Terminator
2011-04-27 20:54 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 20:54 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 20:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:54 . 2011-04-26 22:28 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-26 21:54 . 2011-04-26 22:28 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-26 20:40 . 2011-04-26 20:40 -------- d-----w- C:\KAV
2011-04-26 18:40 . 2011-04-26 18:40 318976 ----a-w- c:\windows\system32\CF27801.exe
2011-04-26 18:27 . 2011-04-26 18:26 318976 ----a-w- c:\windows\system32\CF25136.exe
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\LUBO\AppData\Roaming\InstallShield
2011-04-25 19:42 . 2011-04-25 21:21 -------- d-----w- c:\users\LUBO\AppData\Local\Samsung
2011-04-25 19:34 . 2011-01-29 15:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-04-25 19:33 . 2011-04-25 19:33 -------- d-----w- c:\program files\MarkAny
2011-04-25 19:33 . 2011-01-29 15:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-04-25 19:33 . 2011-01-29 15:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-04-25 19:32 . 2011-04-25 19:32 -------- d-----w- c:\users\LUBO\AppData\Roaming\Samsung
2011-04-25 19:32 . 2011-04-25 19:37 -------- d-----w- c:\program files\Samsung
2011-04-25 19:32 . 2011-04-25 19:36 -------- d-----w- c:\programdata\Samsung
2011-04-25 19:30 . 2011-04-25 19:30 -------- d-----w- c:\users\LUBO\AppData\Local\Downloaded Installations
2011-04-24 18:45 . 2009-01-21 01:40 381440 ----a-w- c:\windows\system32\WDMBW_2NC.dll
2011-04-13 19:43 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-07 12:15 . 2011-04-07 12:15 -------- d-----w- c:\programdata\WindowsSearch
2011-04-05 14:06 . 2011-04-05 14:07 -------- d-----w- c:\users\LUBO\fotto
2011-04-02 20:03 . 2011-04-03 08:31 -------- d-----w- c:\users\LUBO\AppData\Roaming\DVD Flick
2011-04-02 20:03 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-04-02 20:03 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-04-02 20:03 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-04-02 20:03 . 2011-04-02 20:03 -------- d-----w- c:\program files\DVD Flick
2011-04-02 20:03 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 22:28 . 2009-09-14 12:46 22104 ----a-w- c:\windows\system32\drivers\klim6.sys
2011-03-03 15:40 . 2011-04-27 20:54 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 20:54 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 20:54 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 20:54 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 13:54 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 13:54 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 13:54 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-07-14 20:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 13:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-24 21:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-04-28 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-30 198160]
"TeViiRC"="c:\windows\TeViiRC.exe" [2010-04-21 328056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-13 129560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
.
c:\users\LUBO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\KASPER~1\KASPER~1.0F~\adialhk.dll c:\progra~1\KASPER~1\KASPER~1.0F~\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 16:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-07-24 06:21 677144 ----a-w- c:\windows\System32\IFXSPMGT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay]
2004-11-26 17:21 167936 ----a-w- c:\windows\System32\MSTMON_Q.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 16:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeViiRC]
2010-04-21 14:07 328056 ----a-w- c:\windows\TeViiRC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoViewer]
2010-03-17 18:54 274432 ------w- c:\program files\VideoViewer\VideoViewer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl088fbb29;MpKsl088fbb29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl088fbb29.sys [x]
R1 MpKsl0a701cdf;MpKsl0a701cdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl0a701cdf.sys [x]
R1 MpKsl0c4b8ebf;MpKsl0c4b8ebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94F82F68-73B2-4549-B434-E0DFD7B93A9C}\MpKsl0c4b8ebf.sys [x]
R1 MpKsl0cc0ccd4;MpKsl0cc0ccd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl0cc0ccd4.sys [x]
R1 MpKsl202e7d1f;MpKsl202e7d1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl202e7d1f.sys [x]
R1 MpKsl3b177701;MpKsl3b177701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl3b177701.sys [x]
R1 MpKsl414798c2;MpKsl414798c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD77DB08-9583-4117-B572-41F2D1BB8744}\MpKsl414798c2.sys [x]
R1 MpKsl42c9b9a2;MpKsl42c9b9a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl42c9b9a2.sys [x]
R1 MpKsl45639320;MpKsl45639320;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl45639320.sys [x]
R1 MpKsl61ea7fe8;MpKsl61ea7fe8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl61ea7fe8.sys [x]
R1 MpKsl63741754;MpKsl63741754;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl63741754.sys [x]
R1 MpKsl65a71a43;MpKsl65a71a43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23CBA01-5A92-460F-A034-1A0BB16032CA}\MpKsl65a71a43.sys [x]
R1 MpKsl6c67ecb8;MpKsl6c67ecb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6c67ecb8.sys [x]
R1 MpKsl6e230a6b;MpKsl6e230a6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6e230a6b.sys [x]
R1 MpKsl76ca5831;MpKsl76ca5831;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl76ca5831.sys [x]
R1 MpKsl8037ba0c;MpKsl8037ba0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl8037ba0c.sys [x]
R1 MpKsla8ec16c4;MpKsla8ec16c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsla8ec16c4.sys [x]
R1 MpKslb0fc0a25;MpKslb0fc0a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKslb0fc0a25.sys [x]
R1 MpKsld1eb1ecc;MpKsld1eb1ecc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsld1eb1ecc.sys [x]
R1 MpKsldbbb9365;MpKsldbbb9365;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsldbbb9365.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-04-10 51040]
R3 MPEVirtual;TeViiData Network Adapter Driver;c:\windows\system32\DRIVERS\TeViiData.sys [2009-11-12 18272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiSAll.sys [2010-04-21 229752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 60352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-04-26 22104]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-04-28 142592]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2003-07-22 18848]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006Core.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006UA.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60327
mStart Page = hxxp://www.t-zones.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
Trusted Zone: mks.com.pl\www
TCP: {EB563E3A-8491-4F67-A63E-0CCAC84482B6} = 93.153.117.1,62.141.0.2
FF - ProfilePath - c:\users\LUBO\AppData\Roaming\Mozilla\Firefox\Profiles\hs9xwops.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 10:06
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-04-30 10:18:19
ComboFix-quarantined-files.txt 2011-04-30 08:18
ComboFix2.txt 2011-04-28 21:25
ComboFix3.txt 2011-04-28 20:57
ComboFix4.txt 2011-04-26 19:07
.
Před spuštěním: Volných bajtů: 15 115 304 960
Po spuštění: Volných bajtů: 15 090 532 352
.
- - End Of File - - 59F32DC0A225BBD5FCDDAEF69E4CAE61

Něco bylo smazáno. Nastala nějaká změna? Dále jsem se všiml, že v PC máte antivir KAV a zároveň MSE. Jeden z nich odinstalujte, může docházet k sw kolizi.

Zkusil jsem vypnout co se dalo a udělat nový log :

ComboFix 11-04-29.03 - LUBO 01.05.2011 12:43:30.6.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2039.723 [GMT 2:00]
Spuštěný z: c:\users\LUBO\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 10:57 . 2011-05-01 10:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-01 10:57 . 2011-05-01 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 10:19 . 2007-09-13 20:13 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-04-29 19:29 . 2011-04-29 20:01 -------- d-----w- c:\program files\trend micro
2011-04-29 19:29 . 2011-04-29 19:33 -------- d-----w- C:\rsit
2011-04-29 14:27 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{592EC5FB-AADF-470A-B466-2E0C57D23B26}\mpengine.dll
2011-04-28 21:25 . 2011-05-01 10:57 -------- d-----w- c:\users\LUBO\AppData\Local\temp
2011-04-28 19:10 . 2011-04-29 19:43 -------- d-----w- c:\program files\Crawler
2011-04-27 20:54 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 20:54 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 20:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:54 . 2011-04-26 22:28 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-26 21:54 . 2011-04-26 22:28 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-26 20:40 . 2011-04-26 20:40 -------- d-----w- C:\KAV
2011-04-26 18:40 . 2011-04-26 18:40 318976 ----a-w- c:\windows\system32\CF27801.exe
2011-04-26 18:27 . 2011-04-26 18:26 318976 ----a-w- c:\windows\system32\CF25136.exe
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\LUBO\AppData\Roaming\InstallShield
2011-04-25 19:42 . 2011-04-25 21:21 -------- d-----w- c:\users\LUBO\AppData\Local\Samsung
2011-04-25 19:34 . 2011-01-29 15:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-04-25 19:33 . 2011-04-25 19:33 -------- d-----w- c:\program files\MarkAny
2011-04-25 19:33 . 2011-01-29 15:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-04-25 19:33 . 2011-01-29 15:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-04-25 19:32 . 2011-04-25 19:32 -------- d-----w- c:\users\LUBO\AppData\Roaming\Samsung
2011-04-25 19:32 . 2011-04-25 19:37 -------- d-----w- c:\program files\Samsung
2011-04-25 19:32 . 2011-04-25 19:36 -------- d-----w- c:\programdata\Samsung
2011-04-25 19:30 . 2011-04-25 19:30 -------- d-----w- c:\users\LUBO\AppData\Local\Downloaded Installations
2011-04-24 18:45 . 2009-01-21 01:40 381440 ----a-w- c:\windows\system32\WDMBW_2NC.dll
2011-04-13 19:43 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-07 12:15 . 2011-04-07 12:15 -------- d-----w- c:\programdata\WindowsSearch
2011-04-05 14:06 . 2011-04-05 14:07 -------- d-----w- c:\users\LUBO\fotto
2011-04-02 20:03 . 2011-04-03 08:31 -------- d-----w- c:\users\LUBO\AppData\Roaming\DVD Flick
2011-04-02 20:03 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-04-02 20:03 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-04-02 20:03 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-04-02 20:03 . 2011-04-02 20:03 -------- d-----w- c:\program files\DVD Flick
2011-04-02 20:03 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 22:28 . 2009-09-14 12:46 22104 ----a-w- c:\windows\system32\drivers\klim6.sys
2011-03-03 15:40 . 2011-04-27 20:54 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 20:54 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 20:54 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 20:54 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 13:54 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 13:54 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 13:54 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-07-14 20:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 13:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-24 21:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-30 198160]
"TeViiRC"="c:\windows\TeViiRC.exe" [2010-04-21 328056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-13 129560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
.
c:\users\LUBO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\KASPER~1\KASPER~1.0F~\adialhk.dll c:\progra~1\KASPER~1\KASPER~1.0F~\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 16:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-07-24 06:21 677144 ----a-w- c:\windows\System32\IFXSPMGT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay]
2004-11-26 17:21 167936 ----a-w- c:\windows\System32\MSTMON_Q.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 16:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeViiRC]
2010-04-21 14:07 328056 ----a-w- c:\windows\TeViiRC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoViewer]
2010-03-17 18:54 274432 ------w- c:\program files\VideoViewer\VideoViewer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl088fbb29;MpKsl088fbb29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl088fbb29.sys [x]
R1 MpKsl0a701cdf;MpKsl0a701cdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl0a701cdf.sys [x]
R1 MpKsl0c4b8ebf;MpKsl0c4b8ebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94F82F68-73B2-4549-B434-E0DFD7B93A9C}\MpKsl0c4b8ebf.sys [x]
R1 MpKsl0cc0ccd4;MpKsl0cc0ccd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl0cc0ccd4.sys [x]
R1 MpKsl202e7d1f;MpKsl202e7d1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl202e7d1f.sys [x]
R1 MpKsl3b177701;MpKsl3b177701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl3b177701.sys [x]
R1 MpKsl414798c2;MpKsl414798c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD77DB08-9583-4117-B572-41F2D1BB8744}\MpKsl414798c2.sys [x]
R1 MpKsl42c9b9a2;MpKsl42c9b9a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl42c9b9a2.sys [x]
R1 MpKsl45639320;MpKsl45639320;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl45639320.sys [x]
R1 MpKsl61ea7fe8;MpKsl61ea7fe8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl61ea7fe8.sys [x]
R1 MpKsl63741754;MpKsl63741754;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl63741754.sys [x]
R1 MpKsl65a71a43;MpKsl65a71a43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23CBA01-5A92-460F-A034-1A0BB16032CA}\MpKsl65a71a43.sys [x]
R1 MpKsl6c67ecb8;MpKsl6c67ecb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6c67ecb8.sys [x]
R1 MpKsl6e230a6b;MpKsl6e230a6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6e230a6b.sys [x]
R1 MpKsl76ca5831;MpKsl76ca5831;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl76ca5831.sys [x]
R1 MpKsl8037ba0c;MpKsl8037ba0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl8037ba0c.sys [x]
R1 MpKsla8ec16c4;MpKsla8ec16c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsla8ec16c4.sys [x]
R1 MpKslb0fc0a25;MpKslb0fc0a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKslb0fc0a25.sys [x]
R1 MpKsld1eb1ecc;MpKsld1eb1ecc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsld1eb1ecc.sys [x]
R1 MpKsldbbb9365;MpKsldbbb9365;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsldbbb9365.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-04-10 51040]
R3 MPEVirtual;TeViiData Network Adapter Driver;c:\windows\system32\DRIVERS\TeViiData.sys [2009-11-12 18272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiSAll.sys [2010-04-21 229752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-04-26 22104]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2003-07-22 18848]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006Core.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006UA.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60327
mStart Page = hxxp://www.t-zones.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
Trusted Zone: mks.com.pl\www
TCP: {EB563E3A-8491-4F67-A63E-0CCAC84482B6} = 93.153.117.1,62.141.0.2
FF - ProfilePath - c:\users\LUBO\AppData\Roaming\Mozilla\Firefox\Profiles\hs9xwops.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 12:57
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5372)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
.
Celkový čas: 2011-05-01 13:02:41
ComboFix-quarantined-files.txt 2011-05-01 11:02
ComboFix2.txt 2011-04-30 10:39
ComboFix3.txt 2011-04-30 08:18
ComboFix4.txt 2011-04-28 21:25
ComboFix5.txt 2011-05-01 10:42
.
Před spuštěním: Volných bajtů: 14 948 061 184
Po spuštění: Volných bajtů: 14 908 641 280
.
- - End Of File - - 69A8F2632B5F83B573AF2E2BE476F474

Otevřte poznámový blok a zkopírujte do něj:

Folder::
c:\programdata\Microsoft\Microsoft Antimalware

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Udělal jsem to dle popisu , tady je log :

ComboFix 11-04-30.06 - LUBO 01.05.2011 16:39:14.7.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2039.892 [GMT 2:00]
Spuštěný z: c:\users\LUBO\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\LUBO\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 15:00 . 2011-05-01 15:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-01 15:00 . 2011-05-01 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 10:19 . 2007-09-13 20:13 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-04-29 19:29 . 2011-04-29 20:01 -------- d-----w- c:\program files\trend micro
2011-04-29 19:29 . 2011-04-29 19:33 -------- d-----w- C:\rsit
2011-04-29 14:27 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{592EC5FB-AADF-470A-B466-2E0C57D23B26}\mpengine.dll
2011-04-28 21:25 . 2011-05-01 16:16 -------- d-----w- c:\users\LUBO\AppData\Local\temp
2011-04-28 19:10 . 2011-04-29 19:43 -------- d-----w- c:\program files\Crawler
2011-04-27 20:54 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 20:54 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 20:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:54 . 2011-04-26 22:28 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-26 21:54 . 2011-04-26 22:28 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-26 20:40 . 2011-04-26 20:40 -------- d-----w- C:\KAV
2011-04-26 18:40 . 2011-04-26 18:40 318976 ----a-w- c:\windows\system32\CF27801.exe
2011-04-26 18:27 . 2011-04-26 18:26 318976 ----a-w- c:\windows\system32\CF25136.exe
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\LUBO\AppData\Roaming\InstallShield
2011-04-25 19:42 . 2011-04-25 21:21 -------- d-----w- c:\users\LUBO\AppData\Local\Samsung
2011-04-25 19:34 . 2011-01-29 15:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-04-25 19:33 . 2011-04-25 19:33 -------- d-----w- c:\program files\MarkAny
2011-04-25 19:33 . 2011-01-29 15:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-04-25 19:33 . 2011-01-29 15:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-04-25 19:32 . 2011-04-25 19:32 -------- d-----w- c:\users\LUBO\AppData\Roaming\Samsung
2011-04-25 19:32 . 2011-04-25 19:37 -------- d-----w- c:\program files\Samsung
2011-04-25 19:32 . 2011-04-25 19:36 -------- d-----w- c:\programdata\Samsung
2011-04-25 19:30 . 2011-04-25 19:30 -------- d-----w- c:\users\LUBO\AppData\Local\Downloaded Installations
2011-04-24 18:45 . 2009-01-21 01:40 381440 ----a-w- c:\windows\system32\WDMBW_2NC.dll
2011-04-13 19:43 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-07 12:15 . 2011-04-07 12:15 -------- d-----w- c:\programdata\WindowsSearch
2011-04-05 14:06 . 2011-04-05 14:07 -------- d-----w- c:\users\LUBO\fotto
2011-04-02 20:03 . 2011-04-03 08:31 -------- d-----w- c:\users\LUBO\AppData\Roaming\DVD Flick
2011-04-02 20:03 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-04-02 20:03 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-04-02 20:03 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-04-02 20:03 . 2011-04-02 20:03 -------- d-----w- c:\program files\DVD Flick
2011-04-02 20:03 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 22:28 . 2009-09-14 12:46 22104 ----a-w- c:\windows\system32\drivers\klim6.sys
2011-03-03 15:40 . 2011-04-27 20:54 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 20:54 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 20:54 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 20:54 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 13:54 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 13:54 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 13:54 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-07-14 20:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 13:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-24 21:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-30 198160]
"TeViiRC"="c:\windows\TeViiRC.exe" [2010-04-21 328056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-13 129560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
.
c:\users\LUBO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\KASPER~1\KASPER~1.0F~\adialhk.dll c:\progra~1\KASPER~1\KASPER~1.0F~\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 16:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-07-24 06:21 677144 ----a-w- c:\windows\System32\IFXSPMGT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay]
2004-11-26 17:21 167936 ----a-w- c:\windows\System32\MSTMON_Q.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 16:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeViiRC]
2010-04-21 14:07 328056 ----a-w- c:\windows\TeViiRC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoViewer]
2010-03-17 18:54 274432 ------w- c:\program files\VideoViewer\VideoViewer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl088fbb29;MpKsl088fbb29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl088fbb29.sys [x]
R1 MpKsl0a701cdf;MpKsl0a701cdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl0a701cdf.sys [x]
R1 MpKsl0c4b8ebf;MpKsl0c4b8ebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94F82F68-73B2-4549-B434-E0DFD7B93A9C}\MpKsl0c4b8ebf.sys [x]
R1 MpKsl0cc0ccd4;MpKsl0cc0ccd4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl0cc0ccd4.sys [x]
R1 MpKsl202e7d1f;MpKsl202e7d1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl202e7d1f.sys [x]
R1 MpKsl3b177701;MpKsl3b177701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl3b177701.sys [x]
R1 MpKsl414798c2;MpKsl414798c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD77DB08-9583-4117-B572-41F2D1BB8744}\MpKsl414798c2.sys [x]
R1 MpKsl42c9b9a2;MpKsl42c9b9a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl42c9b9a2.sys [x]
R1 MpKsl45639320;MpKsl45639320;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl45639320.sys [x]
R1 MpKsl61ea7fe8;MpKsl61ea7fe8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl61ea7fe8.sys [x]
R1 MpKsl63741754;MpKsl63741754;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl63741754.sys [x]
R1 MpKsl65a71a43;MpKsl65a71a43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D23CBA01-5A92-460F-A034-1A0BB16032CA}\MpKsl65a71a43.sys [x]
R1 MpKsl6c67ecb8;MpKsl6c67ecb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6c67ecb8.sys [x]
R1 MpKsl6e230a6b;MpKsl6e230a6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl6e230a6b.sys [x]
R1 MpKsl76ca5831;MpKsl76ca5831;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsl76ca5831.sys [x]
R1 MpKsl8037ba0c;MpKsl8037ba0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5385C968-AACC-4A89-BC16-7216A373B0AA}\MpKsl8037ba0c.sys [x]
R1 MpKsla8ec16c4;MpKsla8ec16c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsla8ec16c4.sys [x]
R1 MpKslb0fc0a25;MpKslb0fc0a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKslb0fc0a25.sys [x]
R1 MpKsld1eb1ecc;MpKsld1eb1ecc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsld1eb1ecc.sys [x]
R1 MpKsldbbb9365;MpKsldbbb9365;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2243E1E6-F0D0-4B53-993D-C1CE20FD4C16}\MpKsldbbb9365.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-04-10 51040]
R3 MPEVirtual;TeViiData Network Adapter Driver;c:\windows\system32\DRIVERS\TeViiData.sys [2009-11-12 18272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiSAll.sys [2010-04-21 229752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-04-26 22104]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2003-07-22 18848]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006Core.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835193051-1257182012-3826305291-1006UA.job
- c:\users\LUBO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-20 18:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60327
mStart Page = hxxp://www.t-zones.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
Trusted Zone: mks.com.pl\www
TCP: {EB563E3A-8491-4F67-A63E-0CCAC84482B6} = 93.153.117.1,62.141.0.2
FF - ProfilePath - c:\users\LUBO\AppData\Roaming\Mozilla\Firefox\Profiles\hs9xwops.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 18:15
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3792)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
.
Celkový čas: 2011-05-01 18:40:37
ComboFix-quarantined-files.txt 2011-05-01 16:40
ComboFix2.txt 2011-05-01 11:02
ComboFix3.txt 2011-04-30 10:39
ComboFix4.txt 2011-04-30 08:18
ComboFix5.txt 2011-05-01 14:31
.
Před spuštěním: Volných bajtů: 14 898 806 784
Po spuštění: Volných bajtů: 14 859 218 944
.
- - End Of File - - E30A48E0C26A36448EE076CFB0CFAC1E

OK. Zkuste nyní obnovu systému k datu, kdy korketně fugoval.

Jo , ale žádný bod obnovení není k dispozici , (Poslední bod obnovení : není )
Nástroj pro obnovení byl vypnutý ..
Určitě před problémy byl zapnutý , ale během pokusů o odvirování tak jsme ho asi vypnul.

Pak budete muset zkusit opravu systému z instal. média.

jo zkoušel jsem spustit bod obnovení a napsalo :
Bod obnovení nelze vytvořit z následujících důvodu :
Vypršel časový limit pro vytvoření stínové kopie . Zopakujte operaci.
(0x81000101)
Opakujte akci .


Opravit , OK nějak to zkusím .

Jo , jenom mám obavu že k tomu noťasu žádné CDéčko nebylo , byl předinstalovaný .
Je tam si jenom nálepka s KEY ...

Dá se někde stáhnout windows vista business 32 bit service pack 2 , asi ne že ?
Budu si ho si ho muset asi půjčit od někoho kdo ho má ....

Budu si ho si ho muset asi půjčit od někoho kdo ho má ....

Asi ano, ale musíte ho použít se svým CDKey. Poslední možnost je reinstal systému. Ten se dá provést ze zálohy, kterou máte na disku.

a ještě jeden dotaz , v možnosti obnovení systému je kromě C:
jako další možný disk adresář WinRE-ATC .. co to je ?
Takový adresář na disku nevidím .