VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by magda at 2011-07-26 20:46:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 121 GB (88%) free of 137 GB
Total RAM: 1013 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:46:27, on 26.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Android Manager\iSync.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-14-0\svchost.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\magda\Plocha\RSIT.exe
C:\Program Files\trend micro\magda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4872u839
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4872u839
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4872u839
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [9656283.exe] "C:\DOCUME~1\magda\LOCALS~1\Temp\9656283.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [9295506.exe] "C:\WINDOWS\TEMP\9295506.exe"
O4 - HKLM\..\Run: [2222650.exe] "C:\WINDOWS\TEMP\2222650.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [3158576-loader2.exe] "C:\WINDOWS\TEMP\3158576-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [w_distrib.exe] "C:\WINDOWS\update.3\svchost.exe" stand
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 10335 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{640D68BD-B7C2-4ED0-B78C-6593893B68B5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-06-22 968272]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-06-17 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-06-17 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-06-17 141336]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-12 19521056]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2009-12-11 59936]
"SuiteTray"=C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-05-26 337264]
"EgisUpdate"=C:\Program Files\EgisTec IPS\EgisUpdate.exe [2010-03-10 201584]
"EgisTecPMMUpdate"=C:\Program Files\EgisTec IPS\PmmUpdate.exe [2010-03-10 407920]
"mwlDaemon"=C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-26 349552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"iSyncData"=C:\Program Files\Acer\Android Manager\iSync.exe [2010-01-08 407416]
"AndroidManager"=C:\Program Files\Acer\Android Manager\AML.exe [2010-01-08 508280]
"iPatchData"=C:\Program Files\Acer\Updater\iUpdate.exe [2010-07-21 492096]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-22 1167872]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-14-0\svchost.exe [2011-07-22 1167872]
"tray_ico1"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-22 1167872]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"9656283.exe"=C:\DOCUME~1\magda\LOCALS~1\Temp\9656283.exe [2011-07-22 249344]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-22 249344]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-26 256000]
"9295506.exe"=C:\WINDOWS\TEMP\9295506.exe [2011-07-22 249344]
"2222650.exe"=C:\WINDOWS\TEMP\2222650.exe [2011-07-22 483328]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-22 114176]
"3158576-loader2.exe"=C:\WINDOWS\TEMP\3158576-loader2.exe [2011-07-22 249344]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-22 110592]
"w_distrib.exe"=C:\WINDOWS\update.3\svchost.exe [2011-07-26 272896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-06-29 124216]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-04-25 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Acer\Acer VCM\VC.exe"="C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement"
"C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe"="C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe:*:Enabled:Norton Online Backup Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\magda\Local Settings\Temporary Internet Files\Content.IE5\VHT3L0D3\Flash-Player[1].exe"="C:\Documents and Settings\magda\Local Settings\Temporary Internet Files\Content.IE5\VHT3L0D3\Flash-Player[1].exe:*:Enabled:C:\Documents and Settings\magda\Local Settings\Temporary Internet Files\Content.IE5\VHT3L0D3\Flash-Player[1].exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-14-0\svchost.exe"="C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.3\svchost.exe"="C:\WINDOWS\update.3\svchost.exe:*:Enabled:C:\WINDOWS\update.3\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 20:32:16 ----D---- C:\rsit
2011-07-26 20:32:16 ----D---- C:\Program Files\trend micro
2011-07-26 20:05:06 ----D---- C:\Program Files\CCleaner
2011-07-26 19:54:50 ----ASH---- C:\hiberfil.sys
2011-07-26 19:53:50 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-26 19:53:50 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-26 19:49:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-26 19:49:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-26 19:49:53 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-26 19:49:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-26 19:49:38 ----A---- C:\WINDOWS\avastSS.scr
2011-07-26 19:45:09 ----A---- C:\WINDOWS\w_distrib_iplist.txt
2011-07-26 19:44:37 ----HD---- C:\WINDOWS\update.3
2011-07-22 20:27:35 ----D---- C:\WINDOWS\ufa
2011-07-22 20:27:35 ----D---- C:\WINDOWS\rpcminer
2011-07-22 20:27:35 ----D---- C:\WINDOWS\phoenix
2011-07-22 20:24:01 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-22 20:21:52 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-22 20:21:30 ----A---- C:\WINDOWS\systemup.exe
2011-07-22 20:21:18 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-22 20:21:03 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-22 20:20:52 ----HD---- C:\WINDOWS\update.2
2011-07-22 20:20:41 ----HD---- C:\WINDOWS\update.5.0
2011-07-22 20:16:48 ----A---- C:\WINDOWS\unrar.exe
2011-07-22 20:15:20 ----A---- C:\WINDOWS\iplist.txt
2011-07-22 20:15:05 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-22 20:14:50 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-22 20:14:33 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-22 20:14:21 ----D---- C:\WINDOWS\av_ico
2011-07-22 20:13:05 ----HD---- C:\WINDOWS\update.1
2011-07-22 20:13:03 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-07-22 20:13:03 ----HD---- C:\WINDOWS\update.tray-14-0
2011-07-22 20:02:46 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-22 20:02:46 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-22 20:02:40 ----A---- C:\WINDOWS\services32.exe
2011-07-16 21:53:52 ----D---- C:\Program Files\MSECache
2011-07-16 06:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-16 06:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-04 21:31:47 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-04 21:31:22 ----D---- C:\WINDOWS\SHELLNEW
2011-07-04 21:31:20 ----D---- C:\Program Files\Microsoft.NET
2011-07-04 21:29:12 ----RHD---- C:\MSOCache
2011-07-04 20:58:16 ----A---- C:\WINDOWS\ODBC.INI
2011-07-04 20:58:14 ----A---- C:\WINDOWS\system32\mdimon.dll
2011-06-29 12:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-26 20:46:14 ----D---- C:\Documents and Settings\magda\Data aplikací\ICQ
2011-07-26 20:46:11 ----AD---- C:\WINDOWS\system32
2011-07-26 20:46:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-26 20:46:09 ----D---- C:\Documents and Settings\magda\Data aplikací\Skype
2011-07-26 20:45:49 ----D---- C:\WINDOWS\Prefetch
2011-07-26 20:32:16 ----RD---- C:\Program Files
2011-07-26 20:09:12 ----D---- C:\WINDOWS\Debug
2011-07-26 20:09:12 ----D---- C:\WINDOWS
2011-07-26 20:09:11 ----D---- C:\WINDOWS\Temp
2011-07-26 20:09:11 ----D---- C:\WINDOWS\Minidump
2011-07-26 19:54:04 ----A---- C:\boot.ini
2011-07-26 19:52:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 19:49:55 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 19:49:49 ----SHD---- C:\WINDOWS\Installer
2011-07-26 19:49:48 ----D---- C:\WINDOWS\WinSxS
2011-07-26 19:49:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-26 19:37:00 ----D---- C:\WINDOWS\Network Diagnostic
2011-07-26 19:29:00 ----D---- C:\Program Files\Microsoft Office
2011-07-26 19:28:10 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-26 15:55:26 ----D---- C:\Program Files\Acer
2011-07-26 15:22:47 ----D---- C:\WINDOWS\system32\config
2011-07-26 15:22:23 ----D---- C:\WINDOWS\system32\wbem
2011-07-26 15:22:22 ----D---- C:\WINDOWS\Registration
2011-07-26 14:30:58 ----SD---- C:\WINDOWS\Tasks
2011-07-22 20:25:32 ----D---- C:\Program Files\Microsoft Security Client
2011-07-22 20:25:03 ----SHD---- C:\System Volume Information
2011-07-16 06:39:40 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 06:36:59 ----HD---- C:\WINDOWS\inf
2011-07-16 06:36:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-16 06:29:41 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 15:04:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 20:07:41 ----RD---- C:\Program Files\Skype
2011-07-12 20:07:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-06 20:49:21 ----A---- C:\WINDOWS\win.ini
2011-07-06 07:00:48 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-06 06:58:10 ----RSD---- C:\WINDOWS\assembly
2011-07-06 06:57:11 ----RSD---- C:\WINDOWS\Fonts
2011-07-04 21:34:37 ----SD---- C:\Documents and Settings\magda\Data aplikací\Microsoft
2011-07-04 21:31:47 ----D---- C:\Program Files\Common Files
2011-07-04 21:31:23 ----D---- C:\Program Files\Common Files\System
2011-07-04 21:29:19 ----D---- C:\WINDOWS\system
2011-07-04 21:25:05 ----D---- C:\WINDOWS\SxsCaPendDel
2011-07-04 21:23:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-07-04 21:23:18 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-04 21:23:17 ----D---- C:\Program Files\Microsoft Works
2011-07-04 21:22:42 ----D---- C:\Program Files\MSBuild
2011-07-04 20:14:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2011-07-01 19:30:59 ----D---- C:\Program Files\ICQ7.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-10-13 331288]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 mwlPSDFilter;mwlPSDFilter; C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys [2008-12-02 17840]
R1 mwlPSDNServ;mwlPSDNServ; C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys [2008-12-02 15280]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-02 58800]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-04-25 1754912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-12 5867040]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2010-05-20 61552]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2010-05-31 6608512]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EUCR;EUCR; C:\WINDOWS\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82384]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 S6000KNT;S6000KNT_WebCam Driver; C:\WINDOWS\System32\Drivers\S6000KNT.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-26 305520]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-22 340992]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-22 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-22 249344]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-22 1167872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-09 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 21:07:10.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\grpconv.exe

Rkill completed on 26.07.2011 at 21:07:23.

exeHelper by Raktor
Build 20100414
Run at 21:06:44 on 07/26/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9656283.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9295506.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3158576-loader2.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:07:42 on 07/26/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2222650.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: magda [Admin rights]
Mode: Remove -- Date : 07/26/2011 21:09:29

Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-14-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32_.exe -- c:\windows\sysdriver32_.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0-lnk\svchost.exe -> KILLED

Registry Entries: 10
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: magda [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 21:09:56

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: magda [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 21:10:13

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Vyborne, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 11-07-26.03 - magda 26.07.2011 21:34:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.617 [GMT 2:00]
Spuštěný z: c:\documents and settings\magda\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\LocalCopy\{2CD7EDFD-4BFF-4C7D-ACAE-87DF4E53DA36}-Flash-Player[1].exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\LocalCopy\{5365A834-E644-4266-8EA9-AEC3491BB794}-Flash-Player[1].exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\LocalCopy\{80790C4C-D2B8-4E91-A5CB-7513A505D91E}-Flash-Player[1].exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\LocalCopy\{B5D3F8B0-D874-4465-A45A-64CA28B5A331}-Flash-Player[1].exe
c:\documents and settings\All Users\FullRemove.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.3
c:\windows\update.3\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-14-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 18:32 . 2011-07-26 18:46 -------- d-----w- C:\rsit
2011-07-26 18:32 . 2011-07-26 18:46 -------- d-----w- c:\program files\trend micro
2011-07-26 18:05 . 2011-07-26 18:05 -------- d-----w- c:\program files\CCleaner
2011-07-26 17:53 . 2011-07-26 19:38 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-26 17:53 . 2011-07-26 17:53 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-26 17:49 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-26 17:49 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-26 17:49 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 17:49 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-26 17:49 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-26 17:49 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-26 17:49 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-26 17:49 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-26 17:49 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 17:49 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-26 17:28 . 2011-07-26 17:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-26 13:22 . 2011-07-26 13:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 18:27 . 2011-07-22 18:27 -------- d-----w- c:\windows\rpcminer
2011-07-22 18:27 . 2011-07-22 18:27 -------- d-----w- c:\windows\ufa
2011-07-22 18:27 . 2011-07-22 18:27 -------- d-----w- c:\windows\phoenix
2011-07-22 18:16 . 2011-07-22 18:27 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 18:14 . 2011-07-26 17:55 -------- d-----w- c:\windows\av_ico
2011-07-22 18:13 . 2011-07-26 19:38 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-22 18:13 . 2011-07-22 18:13 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-22 18:02 . 2011-07-22 18:02 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-21 20:11 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E56A43CF-D35B-4E6B-9E00-066EFE95923F}\mpengine.dll
2011-07-16 19:53 . 2011-07-16 19:53 -------- d-----w- c:\program files\MSECache
2011-07-04 19:31 . 2011-07-04 19:31 -------- d-----w- c:\windows\SHELLNEW
2011-07-04 19:31 . 2011-07-04 19:31 -------- d-----w- c:\program files\Microsoft.NET
2011-07-04 19:29 . 2011-07-04 19:29 -------- d-----r- C:\MSOCache
2011-07-04 18:58 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-07-04 18:58 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 07:00 . 2011-06-18 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2011-04-01 17:00 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2011 15:32 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2011 15:32 135664]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:32]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 13:32]
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{640D68BD-B7C2-4ED0-B78C-6593893B68B5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0111k175l0434wuj5w4872u839
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-14-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-w_distrib.exe - c:\windows\update.3\svchost.exe
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2640)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 21:49:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 19:49
.
Před spuštěním: Volných bajtů: 127 280 771 072
Po spuštění: Volných bajtů: 127 495 254 016
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 170B9653BFFA8F20B92F32E57DAACE9D

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\rpcminer
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk

File::
c:\windows\unrar.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{640D68BD-B7C2-4ED0-B78C-6593893B68B5}.job

Collect::
C:\Documents and Settings\magda\Local Settings\Temporary Internet Files\Content.IE5\VHT3L0D3\Flash-Player[1].exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\magda\Local Settings\Temporary Internet Files\Content.IE5\VHT3L0D3\Flash-Player[1].exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\services32.exe"=-
"C:\WINDOWS\update.tray-14-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-
"C:\WINDOWS\update.3\svchost.exe"=-

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-07-26.03 - magda 26.07.2011 22:06:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.624 [GMT 2:00]
Spuštěný z: c:\documents and settings\magda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\magda\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\User_Feed_Synchronization-{640D68BD-B7C2-4ED0-B78C-6593893B68B5}.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\User_Feed_Synchronization-{640D68BD-B7C2-4ED0-B78C-6593893B68B5}.job
c:\windows\TEMP\2471453.exe
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0-lnk\svchost.exe
c:\windows\update.tray-14-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
c:\windows\winsetupapi.log
.
Nakažená kopie c:\windows\system32\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVSYSDRIVER32
-------\Service_srvbtcclient
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 18:32 . 2011-07-26 18:46 -------- d-----w- C:\rsit
2011-07-26 18:32 . 2011-07-26 18:46 -------- d-----w- c:\program files\trend micro
2011-07-26 18:05 . 2011-07-26 18:05 -------- d-----w- c:\program files\CCleaner
2011-07-26 17:49 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-26 17:49 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-26 17:49 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 17:49 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-26 17:49 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-26 17:49 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-26 17:49 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-26 17:49 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-26 17:49 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 17:49 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-26 17:28 . 2011-07-26 17:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-26 13:22 . 2011-07-26 13:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 18:02 . 2011-07-22 18:02 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-21 20:11 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E56A43CF-D35B-4E6B-9E00-066EFE95923F}\mpengine.dll
2011-07-16 19:53 . 2011-07-16 19:53 -------- d-----w- c:\program files\MSECache
2011-07-04 19:31 . 2011-07-04 19:31 -------- d-----w- c:\windows\SHELLNEW
2011-07-04 19:31 . 2011-07-04 19:31 -------- d-----w- c:\program files\Microsoft.NET
2011-07-04 19:29 . 2011-07-04 19:29 -------- d-----r- C:\MSOCache
2011-07-04 18:58 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-07-04 18:58 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 07:00 . 2011-06-18 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2011-04-01 17:00 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_19.43.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-09 18:24 . 2011-07-26 19:46 73394 c:\windows\system32\perfc009.dat
- 2010-08-09 18:24 . 2011-07-26 18:46 73394 c:\windows\system32\perfc009.dat
+ 2010-08-09 18:24 . 2011-07-26 19:46 85260 c:\windows\system32\perfc005.dat
- 2010-08-09 18:24 . 2011-07-26 18:46 85260 c:\windows\system32\perfc005.dat
+ 2010-08-09 18:24 . 2011-07-26 19:46 446188 c:\windows\system32\perfh009.dat
- 2010-08-09 18:24 . 2011-07-26 18:46 446188 c:\windows\system32\perfh009.dat
+ 2010-08-09 18:24 . 2011-07-26 19:46 443128 c:\windows\system32\perfh005.dat
- 2010-08-09 18:24 . 2011-07-26 18:46 443128 c:\windows\system32\perfh005.dat
+ 2010-08-09 18:23 . 2009-03-21 17:33 990208 c:\windows\system32\kernel32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2011 15:32 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2011 15:32 135664]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0111k175l0434wuj5w4872u839
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(188)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 22:16:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 20:16
ComboFix2.txt 2011-07-26 19:49
.
Před spuštěním: Volných bajtů: 127 486 623 744
Po spuštění: Volných bajtů: 127 484 936 192
.
- - End Of File - - 5B7E5EB9213A149B0866822AFD8ACE64

Jak se chova PC

Je rychlejší, nevypadává připojení k netu a načítá již stránku facebooku, kterou předtím vůbec nenačetl. Takže 100% zlepšení.

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Takže uklizeno dle návodu. Děkuji za pomoc, jste borec. Ještě jednou díky a přeji vám dobrou noc. Michal

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

Ale je, sice je to PC ségry, která mě ho donesla, ale tady s tím bych si opravdu rady nevěděl. Díky.

Jeste jednou neni zac, mame to tu jako relax - i kdyz v poslednich dnech docela hekticky

VIRY.CZ

FB vir prosím o pomoc

FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc

Re: FB vir prosím o pomoc