VIRY.CZ

Pc ide pomaly a na FB mi chat samo od seba posiela zavírené linky..
Ďakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sergei Juri amiGo at 2011-06-28 19:04:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 112 GB (47%) free of 238 GB
Total RAM: 2047 MB (70% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll []
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
{F3FEE66E-E034-436a-86E4-9690573BEE8A}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-01-18 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-05-06 532320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"Nptctp"=C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\Nptctp.exe []
"4ECYTQ9SIC"=C:\DOCUME~1\SERGEI~1\LOCALS~1\Temp\No0.exe [2011-06-23 238080]
"MSConfig"=C:\Documents and Settings\Sergei Juri amiGo\rewdhe.exe [2011-06-28 18944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\EA GAMES\Dead Space 2\deadspace2.exe"="C:\Program Files\EA GAMES\Dead Space 2\deadspace2.exe:*:Enabled:Dead Space™ 2"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-06-28 19:04:51 ----D---- C:\Program Files\trend micro
2011-06-28 19:04:50 ----D---- C:\rsit
2011-06-26 13:14:58 ----A---- C:\WINDOWS\Nquxig.exe
2011-06-26 11:57:33 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\13.tmp
2011-06-26 11:57:31 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\12.exe
2011-06-26 10:02:02 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\B.tmp
2011-06-26 10:02:00 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\A.exe
2011-06-25 17:47:08 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\158.exe
2011-06-24 18:23:54 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\83.exe
2011-06-24 17:13:02 ----A---- C:\WINDOWS\ScanSpyware.INI
2011-06-24 16:32:56 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\ScanSpyware
2011-06-24 16:32:56 ----A---- C:\WINDOWS\system32\ssbtsr.exe
2011-06-24 16:32:55 ----D---- C:\Program Files\ScanSpyware
2011-06-24 15:46:13 ----A---- C:\WINDOWS\Nquxif.exe
2011-06-23 20:28:42 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\16.exe
2011-06-23 20:09:58 ----A---- C:\WINDOWS\Nquxie.exe
2011-06-23 19:48:18 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\18.exe
2011-06-23 19:39:12 ----A---- C:\WINDOWS\Nquxid.exe
2011-06-23 15:15:28 ----A---- C:\WINDOWS\Nquxic.exe
2011-06-23 15:15:22 ----A---- C:\WINDOWS\system32\sshnas21.dll
2011-06-23 13:42:22 ----A---- C:\WINDOWS\Nquxib.exe
2011-06-23 13:16:29 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\Malwarebytes
2011-06-23 13:16:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-23 13:16:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-06-23 13:16:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-23 13:16:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-23 13:05:01 ----A---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\4.tmp
2011-06-22 18:57:33 ----A---- C:\WINDOWS\Nquxia.exe
2011-06-12 15:08:54 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\Search Settings
2011-06-12 15:08:52 ----D---- C:\Program Files\YouTube Downloader Toolbar
2011-06-12 15:08:52 ----D---- C:\Program Files\Application Updater
2011-06-05 13:00:03 ----D---- C:\Program Files\Conduit
2011-06-05 12:59:55 ----D---- C:\Program Files\DVDVideoSoft
2011-06-05 12:59:55 ----D---- C:\Program Files\Common Files\DVDVideoSoft

======List of files/folders modified in the last 1 months======

2011-06-28 19:04:51 ----RD---- C:\Program Files
2011-06-28 19:03:49 ----SD---- C:\WINDOWS\Tasks
2011-06-28 19:01:33 ----AD---- C:\WINDOWS\Temp
2011-06-28 18:45:09 ----D---- C:\WINDOWS\Prefetch
2011-06-28 17:48:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-27 21:46:07 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-27 20:04:13 ----D---- C:\WINDOWS\system32
2011-06-27 16:22:41 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-26 13:14:58 ----D---- C:\WINDOWS
2011-06-23 20:47:12 ----D---- C:\Program Files\Mozilla Firefox
2011-06-23 15:14:35 ----D---- C:\WINDOWS\system32\drivers
2011-06-23 15:14:35 ----D---- C:\WINDOWS\AppPatch
2011-06-21 14:21:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2011-06-19 16:52:55 ----D---- C:\Program Files\Windows Media Player
2011-06-18 10:54:14 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\ICQ
2011-06-12 15:08:55 ----SHD---- C:\WINDOWS\Installer
2011-06-12 15:08:52 ----D---- C:\WINDOWS\WinSxS
2011-06-12 15:08:52 ----D---- C:\Program Files\Common Files\Spigot
2011-06-09 22:19:57 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\Skype
2011-06-09 21:00:34 ----D---- C:\Documents and Settings\Sergei Juri amiGo\Data aplikací\skypePM
2011-06-05 12:59:55 ----D---- C:\Program Files\Common Files
2011-06-04 11:49:27 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-29 691696]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 a30cmfbc;a30cmfbc; C:\WINDOWS\system32\drivers\a30cmfbc.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-06-28 19:04:52

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP260 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series /L0x0005
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Crash Bandicoot 3-->C:\Program Files\Crash Bandicoot 3\Uninstal.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVideoSoft\UNWISE.EXE /U C:\PROGRA~1\DVDVideoSoft\INSTALL.LOG
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Lišta Centrum.cz Toolbar 1.203.023.002-->"C:\Program Files\CentrumczToolbar\unins000.exe"
Malwarebytes' Anti-Malware verze 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office PowerPoint Viewer 2007 (Czech)-->MsiExec.exe /X{95120000-00AF-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox 5.0 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{2B04D44F-1D1B-4E0E-8431-D04F87C21029}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
PC Camer@ -->C:\Program Files\InstallShield Installation Information\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}\setup.exe -runfromtemp -l0x0005 -removeonly
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registrace uživatele zařízení Canon MP260 series-->C:\Program Files\Canon\IJEREG\MP260 series\UNINST.EXE
ScanSpyware 3.9.2.2-->"C:\Program Files\ScanSpyware\3.9.2.2\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
The Sims™ 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VDownloader 2.10.509-->"C:\Program Files\VDownloader\unins000.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR 4.00 beta 3 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.6.5-->"C:\Program Files\YouTube Downloader\uninstall.exe"
YouTube Downloader Toolbar v4.4-->MsiExec.exe /X{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}

======System event log======

Computer Name: AMIGO-1D3316E01
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Spuštěno

Record Number: 4297
Source Name: Service Control Manager
Time Written: 20110425220155.000000+120
Event Type: Informace
User:

Computer Name: AMIGO-1D3316E01
Event Code: 7036
Message: Stav služby Sledování umístění v síti (NLA) byl změněn na: Spuštěno

Record Number: 4296
Source Name: Service Control Manager
Time Written: 20110425220155.000000+120
Event Type: Informace
User:

Computer Name: AMIGO-1D3316E01
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Sledování umístění v síti (NLA) úspěšně odeslán.

Record Number: 4295
Source Name: Service Control Manager
Time Written: 20110425220155.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: AMIGO-1D3316E01
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba modelu COM pro zápis na disk CD (IMAPI) úspěšně odeslán.

Record Number: 4294
Source Name: Service Control Manager
Time Written: 20110425220152.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: AMIGO-1D3316E01
Event Code: 7036
Message: Stav služby Služba inteligentního přenosu na pozadí byl změněn na: Spuštěno

Record Number: 4293
Source Name: Service Control Manager
Time Written: 20110425220152.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: AMIGO-1D3316E01
Event Code: 100
Message: wuauclt (1008) Databázový stroj 5.01.2600.2180 byl spuštěn.

Record Number: 295
Source Name: ESENT
Time Written: 20110117194718.000000+060
Event Type: Informace
User:

Computer Name: AMIGO-1D3316E01
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 294
Source Name: SecurityCenter
Time Written: 20110117194633.000000+060
Event Type: Informace
User:

Computer Name: AMIGO-1D3316E01
Event Code: 0
Message:
Record Number: 293
Source Name: ICQ Service
Time Written: 20110117194629.000000+060
Event Type: Informace
User:

Computer Name: AMIGO-1D3316E01
Event Code: 1000
Message: Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul icqtoolbar.dll, verze 3.1.0.0, adresa chyby 0x0003fd33.

Record Number: 292
Source Name: Application Error
Time Written: 20110117194459.000000+060
Event Type: Chyba
User:

Computer Name: AMIGO-1D3316E01
Event Code: 1000
Message: Chybující aplikace chrome.exe, verze 0.0.0.0, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Record Number: 291
Source Name: Application Error
Time Written: 20110117194441.000000+060
Event Type: Chyba
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Dobrý den

Odinstalovat všechny nepotřebné toolbary,hlavně ICQ toolbar

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

Stáhneme si Combofix
Program uložíme nejlépe na Plochu
Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
(Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

ComboFix 11-07-02.03 - Sergei Juri amiGo 03.07.2011 11:03:29.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1526 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sergei Juri amiGo\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sergei Juri amiGo\Data aplikací\12.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\158.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\16.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\18.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\3C.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\83.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\9.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\A.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\Nptctp.exe
c:\documents and settings\Sergei Juri amiGo\secupdat.dat
c:\windows\system32\secupdat.dat
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-03 do 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 08:58 . 2011-07-03 08:57 389632 ----a-w- c:\windows\system32\CF28526.exe
2011-07-03 08:39 . 2011-07-03 08:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2011-06-30 15:20 . 2011-06-30 15:20 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\C54B.exe
2011-06-30 12:26 . 2011-06-30 12:26 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\D55B.exe
2011-06-30 12:11 . 2011-06-30 12:11 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\A104.exe
2011-06-29 15:09 . 2011-06-29 15:09 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Local Settings\Data aplikací\ESET
2011-06-29 15:09 . 2011-06-29 15:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-06-29 15:06 . 2011-06-29 15:06 -------- d-----w- c:\program files\ESET
2011-06-29 15:06 . 2011-06-29 15:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-06-28 17:04 . 2011-06-28 17:04 -------- d-----w- c:\program files\trend micro
2011-06-28 17:04 . 2011-07-02 06:28 -------- d-----w- C:\rsit
2011-06-24 14:32 . 2011-06-24 14:32 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\ScanSpyware
2011-06-24 14:32 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2011-06-24 14:32 . 2011-06-24 14:32 -------- d-----w- c:\program files\ScanSpyware
2011-06-23 18:46 . 2011-06-23 18:46 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 18:46 . 2011-06-23 18:46 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\Malwarebytes
2011-06-23 11:16 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 11:16 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 11:00 . 2011-06-05 11:00 -------- d-----w- c:\program files\Conduit
2011-06-05 11:00 . 2011-06-05 11:00 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Local Settings\Data aplikací\Conduit
2011-06-05 10:59 . 2011-06-05 11:04 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 03:18 . 2011-01-13 07:22 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-06-23 18:46 . 2011-05-14 20:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2010 10:23 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.6.2011 13:16 39984]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
TCP: DhcpNameServer = 192.168.1.1
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} -
FF - ProfilePath - c:\documents and settings\Sergei Juri amiGo\Data aplikací\Mozilla\Firefox\Profiles\672u7guk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 11:07
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4032)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2011-07-03 11:09:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-03 09:09
.
Před spuštěním: Volných bajtů: 115 982 159 872
Po spuštění: Volných bajtů: 116 442 914 816
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 28C3195F260A2241397D9E182782E892

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše

KillAll::

Collect::
c:\documents and settings\Sergei Juri amiGo\Data aplikací\C54B.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\D55B.exe
c:\documents and settings\Sergei Juri amiGo\Data aplikací\A104.exe

File::
c:\program files\Common Files\AskToolbarInstaller.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"NeroFilterCheck"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050

Firefox::
FF - ProfilePath - c:\documents and settings\Sergei Juri amiGo\Data aplikací\Mozilla\Firefox\Profiles\672u7guk.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=

Reboot::

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

ComboFix 11-07-04.02 - Sergei Juri amiGo 05.07.2011 12:22:39.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1481 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sergei Juri amiGo\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Sergei Juri amiGo\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-05 do 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-03 08:58 . 2011-07-03 08:57 389632 ----a-w- c:\windows\system32\CF28526.exe
2011-07-03 08:39 . 2011-07-03 08:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2011-06-30 15:20 . 2011-06-30 15:20 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\C54B.exe
2011-06-30 12:26 . 2011-06-30 12:26 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\D55B.exe
2011-06-30 12:11 . 2011-06-30 12:11 2340 ----a-w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\A104.exe
2011-06-29 15:09 . 2011-06-29 15:09 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Local Settings\Data aplikací\ESET
2011-06-29 15:09 . 2011-06-29 15:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-06-29 15:06 . 2011-06-29 15:06 -------- d-----w- c:\program files\ESET
2011-06-29 15:06 . 2011-06-29 15:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-06-28 17:04 . 2011-06-28 17:04 -------- d-----w- c:\program files\trend micro
2011-06-28 17:04 . 2011-07-02 06:28 -------- d-----w- C:\rsit
2011-06-24 14:32 . 2011-06-24 14:32 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\ScanSpyware
2011-06-24 14:32 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2011-06-24 14:32 . 2011-06-24 14:32 -------- d-----w- c:\program files\ScanSpyware
2011-06-23 18:46 . 2011-06-23 18:46 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 18:46 . 2011-06-23 18:46 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Data aplikací\Malwarebytes
2011-06-23 11:16 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-23 11:16 . 2011-06-23 11:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 11:16 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 11:00 . 2011-06-05 11:00 -------- d-----w- c:\program files\Conduit
2011-06-05 11:00 . 2011-06-05 11:00 -------- d-----w- c:\documents and settings\Sergei Juri amiGo\Local Settings\Data aplikací\Conduit
2011-06-05 10:59 . 2011-06-05 11:04 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 03:18 . 2011-01-13 07:22 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-06-23 18:46 . 2011-05-14 20:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2010 10:23 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.6.2011 13:16 39984]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} -
FF - ProfilePath - c:\documents and settings\Sergei Juri amiGo\Data aplikací\Mozilla\Firefox\Profiles\672u7guk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 12:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3056)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2011-07-05 12:29:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-05 10:29
ComboFix2.txt 2011-07-03 09:09
.
Před spuštěním: Volných bajtů: 112 398 102 528
Po spuštění: Volných bajtů: 112 387 829 760
.
- - End Of File - - 1D0BB4E94DC20DA42C25A6D16B249D86

Zkuste ten samý script aplikovat v nouzovém režimu ( při startu počítače mačkejte F8)

Jinak jak se chová PC

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu