VIRY.CZ

Dobrý den,
taky patřím do zástupu hi how are you atd...

Navíc jsem nejdřív narazil na jiný návod v angličtině (http://www.squidoo.com/notpropeople), kde bylo uvedeno, abych nainstaloval Malwarebytes´ Antimalware, provedl kontrolu a vše vymazal... Kontrolu jsem nechal běžět a po po nalezení souborů jsem dal vymazat. Pak jsem našel přehledné návody na Vaší stránce...

Počítač jsem po dokončení kontroly ještě nerestartoval, nechal jsem vyjet log:

LOG Z MALLWARE:

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verze databáze: 7035

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.7.2011 7:55:40
mbam-log-2011-07-26 (07-55-40).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 403772
Uplynulý čas: 1 hodin, 58 minut, 20 sekund

Infikované procesy v paměti: 4
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 4
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 14

Infikované procesy v paměti:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2216 -> Unloaded process successfully.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> 2844 -> Unloaded process successfully.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> 2856 -> Unloaded process successfully.
c:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> 3316 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Míša\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\9T1QPR0D\flash-player[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Míša\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\EQYIHXIR\flash-player[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Míša\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\F121VWQI\flash-player[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Míša\AppData\Local\Temp\Low\0.653730643814878.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Míša\AppData\Local\Temp\Low\mgahpohyy.htm (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Windows\update.tray-10-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-15-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\mp3 downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\0708\toolbaru.dll (Trojan.BHO) -> Delete on reboot.

LOG DLE VAŠEHO NÁVODU:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Míša at 2011-07-26 08:08:11
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 6 GB (5%) free of 111 GB
Total RAM: 2046 MB (40% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Internet Security - Prověřit tento počítač - Míša.job
C:\Windows\tasks\Norton Security Scan for Míša.job
C:\Windows\tasks\User_Feed_Synchronization-{0B19E347-E1C2-43E4-84E5-09C478023FD4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll [2008-07-31 558376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTor1.dll [2009-02-20 1882136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-02 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-20 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll []
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTor1.dll [2009-02-20 1882136]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-02 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"fscp"=C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe [2006-11-11 1006592]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2006-11-06 26112]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe []
"osCheck"=c:\Program Files\Norton Internet Security\osCheck.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SMART SNMP Agent"=C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]
"SMART Board Service"=C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe [2008-07-31 2123048]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-10 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-10 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-10 81920]
"wxpdrv"=C:\Windows\services32.exe []
"tray_ico"= []
"tray_ico3"= []
"tray_ico4"= []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-12 39408]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2007-10-25 956296]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-11-10 4240760]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe silent []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
SMART Board Tools.lnk - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
VideoCam Suite 2.0.lnk - C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"vidc.tscc"=tsccvid.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.mp4e"=MPEG4Evfw.dll
"VIDC.FMVC"=fmcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 08:08:12 ----D---- C:\Program Files\trend micro
2011-07-26 08:08:11 ----D---- C:\rsit
2011-07-25 21:04:29 ----D---- C:\Users\Míša\AppData\Roaming\Malwarebytes
2011-07-25 21:04:16 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-25 21:04:14 ----D---- C:\ProgramData\Malwarebytes
2011-07-25 21:04:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-25 21:04:11 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-25 19:15:00 ----D---- C:\Program Files\ESET
2011-07-25 17:17:02 ----ASH---- C:\hiberfil.sys
2011-07-25 16:51:28 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-25 16:51:28 ----HD---- C:\Windows\update.tray-15-0
2011-07-25 16:12:16 ----D---- C:\Windows\av_ico
2011-07-25 16:06:08 ----HD---- C:\Windows\update.1
2011-07-25 16:06:02 ----HD---- C:\Windows\update.tray-9-0-lnk
2011-07-25 16:06:02 ----HD---- C:\Windows\update.tray-9-0
2011-07-25 16:06:02 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-07-25 16:06:02 ----HD---- C:\Windows\update.tray-10-0
2011-07-25 15:52:25 ----A---- C:\Windows\winlog-ids.txt
2011-07-25 15:52:25 ----A---- C:\Windows\winlog-dirs.txt
2011-07-14 20:38:22 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 20:38:19 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 20:38:16 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 20:38:16 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-01 18:12:11 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 month======

2011-07-26 08:08:12 ----RD---- C:\Program Files
2011-07-26 08:08:05 ----D---- C:\Windows\Prefetch
2011-07-25 23:36:48 ----SHD---- C:\System Volume Information
2011-07-25 21:04:16 ----D---- C:\Windows\system32\drivers
2011-07-25 21:04:14 ----HD---- C:\ProgramData
2011-07-25 19:15:03 ----SD---- C:\Windows\Downloaded Program Files
2011-07-25 17:27:32 ----D---- C:\Windows\Temp
2011-07-25 16:51:28 ----SHD---- C:\$Recycle.Bin
2011-07-25 16:51:28 ----D---- C:\Windows
2011-07-25 16:31:47 ----D---- C:\Program Files\Symantec
2011-07-25 16:31:47 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-25 16:18:13 ----D---- C:\Windows\System32
2011-07-25 16:18:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 16:18:12 ----D---- C:\Windows\inf
2011-07-22 23:05:59 ----D---- C:\Users\Míša\AppData\Roaming\Skype
2011-07-22 12:21:16 ----SHD---- C:\Windows\Installer
2011-07-22 12:20:43 ----D---- C:\Windows\system32\Tasks
2011-07-22 12:20:26 ----RD---- C:\Program Files\Skype
2011-07-22 12:20:04 ----D---- C:\ProgramData\Skype
2011-07-22 12:19:48 ----D---- C:\Program Files\Common Files
2011-07-22 12:18:38 ----D---- C:\Users\Míša\AppData\Roaming\skypePM
2011-07-22 00:07:52 ----D---- C:\Users\Míša\AppData\Roaming\ICQ
2011-07-21 18:45:19 ----D---- C:\ProgramData\Skype Extras
2011-07-18 23:11:04 ----D---- C:\Windows\system32\catroot2
2011-07-15 23:30:33 ----D---- C:\Windows\system32\WDI
2011-07-15 21:21:37 ----D---- C:\Windows\winsxs
2011-07-15 21:01:25 ----D---- C:\Windows\system32\catroot
2011-07-15 10:02:50 ----A---- C:\Windows\system32\mrt.exe
2011-07-15 10:02:08 ----A---- C:\Windows\win.ini
2011-07-06 17:08:14 ----D---- C:\fotky
2011-07-02 15:35:48 ----D---- C:\Windows\Microsoft.NET
2011-07-02 15:34:19 ----RSD---- C:\Windows\assembly
2011-07-02 14:38:29 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2006-12-11 97576]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2007-09-29 685816]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-11-06 180272]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 504832]
R3 fspad_wlh32;AVC Finger-sensing Pad Driver for Windows 2000/XP/Vista_wlh32; C:\Windows\system32\DRIVERS\fspad_wlh32.sys [2006-11-10 22528]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-10 4445120]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
R3 SMARTMouseFilterx86;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-31 11048]
R3 SMARTVHidMini2000x86;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-31 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-31 16808]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-12-05 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 and6z1v8;and6z1v8; C:\Windows\system32\drivers\and6z1v8.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\Windows\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2008-08-04 33808]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071219.007\NAVENG.SYS [2007-11-14 81232]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071219.007\NAVEX15.SYS [2007-11-14 865904]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:\Windows\system32\DRIVERS\SE31bus.sys [2006-11-10 61600]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\Windowssunkfilt.sys []
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FspadSvc;FspadSvc; C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe [2006-11-10 522752]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 204800]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe []
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

MOC DĚKUJU ZA POMOC!!

Ještě tam pár položek zbylo. Udělejte sken ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Posílám log:

ComboFix 11-07-26.02 - Míša 26.07.2011 9:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1122 [GMT 2:00]
Spuštěný z: c:\users\MÝÜa\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\windows\update.1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 07:52 . 2011-07-26 07:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 06:08 . 2011-07-26 06:08 -------- d-----w- c:\program files\trend micro
2011-07-26 06:08 . 2011-07-26 06:08 -------- d-----w- C:\rsit
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\users\Míša\AppData\Roaming\Malwarebytes
2011-07-25 19:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 19:04 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 17:15 . 2011-07-25 17:15 -------- d-----w- c:\program files\ESET
2011-07-25 14:51 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-25 14:51 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-25 14:12 . 2011-07-25 14:55 -------- d-----w- c:\windows\av_ico
2011-07-25 14:06 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-25 14:06 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-07-25 14:06 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-25 14:06 . 2011-07-26 05:55 -------- d--h--w- c:\windows\update.tray-10-0
2011-07-25 08:35 . 2011-07-25 08:36 -------- d-----w- c:\users\Míša\AppData\Local\{FBB8D7DF-C48A-4DAA-AA41-8A06771683B9}
2011-07-24 08:35 . 2011-07-24 20:35 -------- d-----w- c:\users\Míša\AppData\Local\{7518FB91-DFA7-4526-9DEF-ACC6B1B2F196}
2011-07-23 07:04 . 2011-07-23 07:04 -------- d-----w- c:\users\Míša\AppData\Local\{DC534843-D597-4735-B03D-ED96453D7BD9}
2011-07-22 07:03 . 2011-07-22 19:03 -------- d-----w- c:\users\Míša\AppData\Local\{9CBCE958-B6EB-4BCB-80CA-DA7CA1B96950}
2011-07-21 08:48 . 2011-07-21 08:49 -------- d-----w- c:\users\Míša\AppData\Local\{FB44C6BF-0A55-4485-A17D-A67D64ABB437}
2011-07-20 10:02 . 2011-07-20 10:02 -------- d-----w- c:\users\Míša\AppData\Local\{A337B00D-9920-4E35-B720-5650947E92C0}
2011-07-19 07:29 . 2011-07-19 07:29 -------- d-----w- c:\users\Míša\AppData\Local\{0C8AFB00-C53D-4CE5-AEF3-50066F56D19B}
2011-07-18 09:33 . 2011-07-18 09:33 -------- d-----w- c:\users\Míša\AppData\Local\{0F44A2EF-293D-4129-B152-F883A4B29F52}
2011-07-17 15:08 . 2011-07-17 15:08 -------- d-----w- c:\users\Míša\AppData\Local\{517D5E5F-B86A-4AC9-8C05-B3348E1250FA}
2011-07-16 07:56 . 2011-07-16 07:56 -------- d-----w- c:\users\Míša\AppData\Local\{DF3E3D91-0483-41A7-B390-0AAABB26E059}
2011-07-15 19:56 . 2011-07-15 19:56 -------- d-----w- c:\users\Míša\AppData\Local\{644C0369-682D-4955-9D76-2CE4C6CD8BC4}
2011-07-15 07:55 . 2011-07-15 07:56 -------- d-----w- c:\users\Míša\AppData\Local\{A95FA303-FD7E-4FAB-9776-ED5BFF607AD4}
2011-07-14 18:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-14 18:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-14 18:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-14 18:27 . 2011-07-14 18:27 -------- d-----w- c:\users\Míša\AppData\Local\{E085A758-CF14-43E7-A271-87E4AB4B4AE5}
2011-07-11 18:36 . 2011-07-11 18:36 -------- d-----w- c:\users\Míša\AppData\Local\{8C365848-1D5B-4E55-AAA7-78BB883D696E}
2011-07-09 09:13 . 2011-07-09 09:13 -------- d-----w- c:\users\Míša\AppData\Local\{A6F31A4F-19DB-4037-AC67-38B5F4C28CBF}
2011-07-08 09:00 . 2011-07-08 21:00 -------- d-----w- c:\users\Míša\AppData\Local\{846F1D41-D5EF-4DF2-A420-CAAD4E56E832}
2011-07-07 08:02 . 2011-07-07 08:02 -------- d-----w- c:\users\Míša\AppData\Local\{6BDD5F4C-C0C8-497E-BEC3-51ABB4D6F1F6}
2011-07-06 08:02 . 2011-07-06 08:02 -------- d-----w- c:\users\Míša\AppData\Local\{F3BB3392-6149-4C55-85E1-D03DDE2EC7ED}
2011-07-05 08:19 . 2011-07-05 08:20 -------- d-----w- c:\users\Míša\AppData\Local\{5911EF61-4DF0-47E7-BFD4-DC09FED8F03C}
2011-07-04 06:59 . 2011-07-04 18:59 -------- d-----w- c:\users\Míša\AppData\Local\{901550A8-D72D-4C21-8D68-EBBDD396AAAA}
2011-07-03 07:08 . 2011-07-03 07:08 -------- d-----w- c:\users\Míša\AppData\Local\{DD9CF5E6-B5BC-43E3-8317-6E4ADFD72C7E}
2011-07-02 08:00 . 2011-07-02 08:00 -------- d-----w- c:\users\Míša\AppData\Local\{4D512119-76EE-427D-B9A9-467ED2CA48FE}
2011-07-01 16:12 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-01 15:58 . 2011-07-01 15:58 -------- d-----w- c:\users\Míša\AppData\Local\{BB3D450A-3D51-42F5-9A93-92E454B27A29}
2011-06-27 08:47 . 2011-06-27 08:47 -------- d-----w- c:\users\Míša\AppData\Local\{7332D578-6E8E-4184-899E-82EC942C3853}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 18:35 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-22 08:59 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-22 08:59 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-19 08:16 . 2011-06-09 06:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 17:16 . 2011-06-22 14:11 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-22 14:54 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-22 14:54 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-22 11:40 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-22 11:40 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-22 11:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-02-20 14:38 1882136 ----a-w- c:\program files\TorrentMan\tbTor1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 956296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"fscp"="c:\program files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-11-11 1006592]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2006-11-06 26112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2008-07-31 1037608]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2008-07-31 2123048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-10 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-10 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-7-31 9618728]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2010-1-31 185688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
R3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\DRIVERS\SE31bus.sys [2006-11-10 61600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-09-29 685816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-11-06 180272]
S2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\FspadSvr.exe [2006-11-10 522752]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 fspad_wlh32;AVC Finger-sensing Pad Driver for Windows 2000/XP/Vista_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2006-11-10 22528]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-30 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-30 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-30 16808]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:57]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:57]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{0B19E347-E1C2-43E4-84E5-09C478023FD4}.job
- c:\windows\system32\msfeedssync.exe [2009-07-03 07:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Míša\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-osCheck - c:\program files\Norton Internet Security\osCheck.exe
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768} - c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe
AddRemove-SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} - c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 09:53
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-26 10:00:07
ComboFix-quarantined-files.txt 2011-07-26 07:59
.
Před spuštěním: Volných bajtů: 12 263 821 312
Po spuštění: Volných bajtů: 15 078 162 432
.
- - End Of File - - 04036D20B0173D9D5BFBACF9690CBCC1

DĚKUJU!

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0
c:\windows\av_ico
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-9-0
c:\windows\update.tray-10-0

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Posílám nový log:

ComboFix 11-07-26.02 - Míša 26.07.2011 10:17:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.800 [GMT 2:00]
Spuštěný z: c:\users\Míša\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Míša\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 08:30 . 2011-07-26 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 08:14 . 2011-07-26 08:14 -------- d-----w- C:\32788R22FWJFW
2011-07-26 08:07 . 2011-07-26 08:07 54016 ----a-w- c:\windows\system32\drivers\uhvcx.sys
2011-07-26 06:08 . 2011-07-26 06:08 -------- d-----w- c:\program files\trend micro
2011-07-26 06:08 . 2011-07-26 06:08 -------- d-----w- C:\rsit
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\users\Míša\AppData\Roaming\Malwarebytes
2011-07-25 19:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 19:04 . 2011-07-25 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 19:04 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 17:15 . 2011-07-25 17:15 -------- d-----w- c:\program files\ESET
2011-07-25 08:35 . 2011-07-25 08:36 -------- d-----w- c:\users\Míša\AppData\Local\{FBB8D7DF-C48A-4DAA-AA41-8A06771683B9}
2011-07-24 08:35 . 2011-07-24 20:35 -------- d-----w- c:\users\Míša\AppData\Local\{7518FB91-DFA7-4526-9DEF-ACC6B1B2F196}
2011-07-23 07:04 . 2011-07-23 07:04 -------- d-----w- c:\users\Míša\AppData\Local\{DC534843-D597-4735-B03D-ED96453D7BD9}
2011-07-22 07:03 . 2011-07-22 19:03 -------- d-----w- c:\users\Míša\AppData\Local\{9CBCE958-B6EB-4BCB-80CA-DA7CA1B96950}
2011-07-21 08:48 . 2011-07-21 08:49 -------- d-----w- c:\users\Míša\AppData\Local\{FB44C6BF-0A55-4485-A17D-A67D64ABB437}
2011-07-20 10:02 . 2011-07-20 10:02 -------- d-----w- c:\users\Míša\AppData\Local\{A337B00D-9920-4E35-B720-5650947E92C0}
2011-07-19 07:29 . 2011-07-19 07:29 -------- d-----w- c:\users\Míša\AppData\Local\{0C8AFB00-C53D-4CE5-AEF3-50066F56D19B}
2011-07-18 09:33 . 2011-07-18 09:33 -------- d-----w- c:\users\Míša\AppData\Local\{0F44A2EF-293D-4129-B152-F883A4B29F52}
2011-07-17 15:08 . 2011-07-17 15:08 -------- d-----w- c:\users\Míša\AppData\Local\{517D5E5F-B86A-4AC9-8C05-B3348E1250FA}
2011-07-16 07:56 . 2011-07-16 07:56 -------- d-----w- c:\users\Míša\AppData\Local\{DF3E3D91-0483-41A7-B390-0AAABB26E059}
2011-07-15 19:56 . 2011-07-15 19:56 -------- d-----w- c:\users\Míša\AppData\Local\{644C0369-682D-4955-9D76-2CE4C6CD8BC4}
2011-07-15 07:55 . 2011-07-15 07:56 -------- d-----w- c:\users\Míša\AppData\Local\{A95FA303-FD7E-4FAB-9776-ED5BFF607AD4}
2011-07-14 18:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-14 18:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-14 18:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-14 18:27 . 2011-07-14 18:27 -------- d-----w- c:\users\Míša\AppData\Local\{E085A758-CF14-43E7-A271-87E4AB4B4AE5}
2011-07-11 18:36 . 2011-07-11 18:36 -------- d-----w- c:\users\Míša\AppData\Local\{8C365848-1D5B-4E55-AAA7-78BB883D696E}
2011-07-09 09:13 . 2011-07-09 09:13 -------- d-----w- c:\users\Míša\AppData\Local\{A6F31A4F-19DB-4037-AC67-38B5F4C28CBF}
2011-07-08 09:00 . 2011-07-08 21:00 -------- d-----w- c:\users\Míša\AppData\Local\{846F1D41-D5EF-4DF2-A420-CAAD4E56E832}
2011-07-07 08:02 . 2011-07-07 08:02 -------- d-----w- c:\users\Míša\AppData\Local\{6BDD5F4C-C0C8-497E-BEC3-51ABB4D6F1F6}
2011-07-06 08:02 . 2011-07-06 08:02 -------- d-----w- c:\users\Míša\AppData\Local\{F3BB3392-6149-4C55-85E1-D03DDE2EC7ED}
2011-07-05 08:19 . 2011-07-05 08:20 -------- d-----w- c:\users\Míša\AppData\Local\{5911EF61-4DF0-47E7-BFD4-DC09FED8F03C}
2011-07-04 06:59 . 2011-07-04 18:59 -------- d-----w- c:\users\Míša\AppData\Local\{901550A8-D72D-4C21-8D68-EBBDD396AAAA}
2011-07-03 07:08 . 2011-07-03 07:08 -------- d-----w- c:\users\Míša\AppData\Local\{DD9CF5E6-B5BC-43E3-8317-6E4ADFD72C7E}
2011-07-02 08:00 . 2011-07-02 08:00 -------- d-----w- c:\users\Míša\AppData\Local\{4D512119-76EE-427D-B9A9-467ED2CA48FE}
2011-07-01 16:12 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-01 15:58 . 2011-07-01 15:58 -------- d-----w- c:\users\Míša\AppData\Local\{BB3D450A-3D51-42F5-9A93-92E454B27A29}
2011-06-27 08:47 . 2011-06-27 08:47 -------- d-----w- c:\users\Míša\AppData\Local\{7332D578-6E8E-4184-899E-82EC942C3853}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 18:35 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-22 08:59 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-22 08:59 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-19 08:16 . 2011-06-09 06:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 17:16 . 2011-06-22 14:11 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-22 14:54 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-22 14:54 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-22 11:40 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-22 11:40 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-22 11:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-02-20 14:38 1882136 ----a-w- c:\program files\TorrentMan\tbTor1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-20 1882136]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 956296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"fscp"="c:\program files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-11-11 1006592]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2006-11-06 26112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2008-07-31 1037608]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2008-07-31 2123048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-10 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-10 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-7-31 9618728]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2010-1-31 185688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
R3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\DRIVERS\SE31bus.sys [2006-11-10 61600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-09-29 685816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071218.003\IDSvix86.sys [2007-11-06 180272]
S2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\FspadSvr.exe [2006-11-10 522752]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 fspad_wlh32;AVC Finger-sensing Pad Driver for Windows 2000/XP/Vista_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2006-11-10 22528]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-30 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-30 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-30 16808]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:57]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:57]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{0B19E347-E1C2-43E4-84E5-09C478023FD4}.job
- c:\windows\system32\msfeedssync.exe [2009-07-03 07:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Míša\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-26 10:35:21
ComboFix-quarantined-files.txt 2011-07-26 08:35
ComboFix2.txt 2011-07-26 08:00
.
Před spuštěním: Volných bajtů: 17 047 298 048
Po spuštění: Volných bajtů: 17 020 604 416
.
- - End Of File - - 5327D70C8C2DB902FA368F3ABCB6DC99

Mělo by to už být v pořádku?
Ještě se zeptám.. V logu je záznam "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
- nedávno jsem četl o hackování webkamer. Může to s tímto nějak souviset?

DĚKUJU MOC ZA POMOC! Sám bych se těch virů asi nikdy nezbavil.

MS LifeCam je program k webové kameře. Rozhodně to není hackovací utilita. Logi již vypadá čistý. Nemáte zač!

Ještě jednou moc děkuju, Váš web je super!

Rádo se stalo!

VIRY.CZ

Další blbec s FB virem..

Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..

Re: Další blbec s FB virem..