VIRY.CZ

Prosim mohol by mi niekto pomoct? moja priatelka chytila na jej mini book tento virus. Spyboot som nechal prejst ale ten nic viac nenasiel.. pouziva Microsoft esseintal ale ten je zablokovany myslim prave tymto virusom lebo nejde spustit. dakujem za rady


Logfile of random's system information tool 1.09 (written by random/random)
Run by Renuska-mini at 2011-08-21 03:52:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (70%) free of 82 GB
Total RAM: 1015 MB (52% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll [2011-07-23 787744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-07-27 502272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-02 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-02 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]
"StartNowToolbarHelper"=C:\Program Files\StartNow Toolbar\ToolbarHelper.exe []
"wxpdrv"=C:\WINDOWS\services32.exe [2011-08-20 1182208]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-14-0\svchost.exe [2011-08-20 1182208]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"1227810.exe"=C:\DOCUME~1\RENUSK~1\LOCALS~1\Temp\1227810.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-08-20 263680]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-08-20 258048]
"8590173.exe"=C:\WINDOWS\TEMP\8590173.exe []
"7722959.exe"=C:\WINDOWS\TEMP\7722959.exe []
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-08-20 235520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe"="C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-14-0\svchost.exe"="C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-14-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-26 00:27:58 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2013-08-26 00:27:58 ----A---- C:\WINDOWS\SkyTel.exe
2013-08-26 00:27:58 ----A---- C:\WINDOWS\RtlUpd.exe
2013-08-26 00:27:57 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2013-08-26 00:27:57 ----A---- C:\WINDOWS\RTLCPL.EXE
2013-08-26 00:27:55 ----A---- C:\WINDOWS\RTHDCPL.EXE
2013-08-26 00:27:55 ----A---- C:\WINDOWS\MicCal.exe
2013-08-26 00:27:54 ----D---- C:\Program Files\Realtek
2013-08-26 00:27:54 ----A---- C:\WINDOWS\ALCWZRD.EXE
2013-08-26 00:27:54 ----A---- C:\WINDOWS\ALCMTR.EXE
2013-08-26 00:27:39 ----A---- C:\WINDOWS\RtlExUpd.dll
2013-08-17 22:22:50 ----A---- C:\WINDOWS\system32\DetectDevice.txt
2013-08-12 00:14:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2013-08-12 00:13:05 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2013-08-12 00:13:02 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2013-08-12 00:13:01 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2013-08-12 00:12:59 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2013-08-12 00:12:57 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2013-08-12 00:12:55 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2013-08-12 00:12:53 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2013-08-12 00:12:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2013-08-12 00:12:48 ----A---- C:\WINDOWS\system32\drivers\usbvideo.sys
2013-08-12 00:12:46 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\drivers\btwusb.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\drivers\btwdndis.sys
2012-09-18 10:11:00 ----A---- C:\WINDOWS\system32\btw_ci.dll
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btport.sys
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btkrnl.sys
2012-09-18 10:10:59 ----A---- C:\WINDOWS\system32\drivers\btaudio.sys
2012-09-18 10:10:54 ----D---- C:\Program Files\WIDCOMM
2011-09-11 17:59:53 ----D---- C:\Program Files\EeePC
2011-09-11 17:59:53 ----A---- C:\WINDOWS\system32\drivers\ASUSACPI.SYS
2011-09-11 17:17:29 ----D---- C:\Program Files\Elantech
2011-08-21 03:52:36 ----D---- C:\Program Files\trend micro
2011-08-21 03:52:35 ----D---- C:\rsit
2011-08-20 04:34:55 ----A---- C:\WINDOWS\wininit.ini
2011-08-20 03:43:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-20 03:43:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-08-20 03:39:45 ----D---- C:\WINDOWS\ufa
2011-08-20 03:39:45 ----D---- C:\WINDOWS\rpcminer
2011-08-20 03:39:45 ----D---- C:\WINDOWS\phoenix
2011-08-20 03:39:00 ----A---- C:\WINDOWS\l1rezerv.exe
2011-08-20 03:37:15 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-20 03:36:38 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-20 03:32:06 ----HD---- C:\WINDOWS\update.5.0
2011-08-20 03:31:18 ----HD---- C:\WINDOWS\update.2
2011-08-20 03:31:16 ----A---- C:\WINDOWS\unrar.exe
2011-08-20 03:30:52 ----HD---- C:\WINDOWS\update.7.1
2011-08-20 03:30:16 ----A---- C:\WINDOWS\iplist.txt
2011-08-20 03:29:59 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-20 03:29:42 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-20 03:29:21 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-20 03:28:48 ----D---- C:\WINDOWS\av_ico
2011-08-20 03:26:46 ----HD---- C:\WINDOWS\update.1
2011-08-20 03:26:16 ----HD---- C:\WINDOWS\update.tray-14-0
2011-08-20 03:26:15 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-08-20 03:16:51 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-20 03:16:51 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-20 03:16:42 ----A---- C:\WINDOWS\services32.exe
2011-08-18 14:03:13 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\skypePM
2011-08-18 14:03:13 ----A---- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2011-08-12 15:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 15:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 15:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 14:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 14:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-06 02:52:04 ----D---- C:\Program Files\Yontoo Layers Runtime
2011-08-06 02:52:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
2011-08-06 02:51:14 ----D---- C:\Program Files\FoxTabMP3Converter
2011-08-06 02:51:12 ----D---- C:\Program Files\StartNow Toolbar
2011-08-01 03:20:28 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\Apple Computer
2011-08-01 03:19:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2011-08-01 03:19:52 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2011-08-01 03:18:26 ----D---- C:\Program Files\iPod
2011-08-01 03:18:18 ----D---- C:\Program Files\iTunes
2011-08-01 03:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-01 03:16:27 ----D---- C:\Program Files\QuickTime
2011-08-01 03:16:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-08-01 03:15:46 ----D---- C:\Program Files\Apple Software Update
2011-08-01 03:15:19 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2011-08-01 03:15:19 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys
2011-08-01 03:14:43 ----D---- C:\Program Files\Bonjour
2011-08-01 03:14:17 ----D---- C:\Program Files\Common Files\Apple
2011-08-01 03:14:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple

======List of files/folders modified in the last 1 month======

2013-08-26 00:28:10 ----D---- C:\WINDOWS\system32\RTCOM
2013-08-26 00:27:39 ----A---- C:\WINDOWS\HideWin.exe
2013-08-13 04:29:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-09-18 11:32:30 ----D---- C:\WINDOWS\repair
2012-09-18 10:18:16 ----A---- C:\WINDOWS\oemver.txt
2011-08-21 03:53:06 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\ICQ
2011-08-21 03:52:50 ----D---- C:\WINDOWS\Prefetch
2011-08-21 03:52:36 ----RD---- C:\Program Files
2011-08-21 03:51:23 ----D---- C:\WINDOWS\Temp
2011-08-21 03:51:02 ----D---- C:\WINDOWS
2011-08-21 03:50:32 ----D---- C:\WINDOWS\system32\drivers
2011-08-21 03:44:03 ----A---- C:\WINDOWS\ntbtlog.txt
2011-08-21 03:31:42 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-21 03:01:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-20 03:47:51 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-20 03:45:03 ----RSD---- C:\WINDOWS\assembly
2011-08-20 03:45:03 ----D---- C:\WINDOWS\system32
2011-08-20 03:41:42 ----SHD---- C:\System Volume Information
2011-08-20 03:41:42 ----D---- C:\WINDOWS\system32\Restore
2011-08-20 03:34:57 ----A---- C:\boot.ini
2011-08-20 03:34:46 ----D---- C:\Program Files\Microsoft Security Client
2011-08-20 02:57:00 ----SD---- C:\WINDOWS\Tasks
2011-08-18 15:06:01 ----D---- C:\Documents and Settings\Renuska-mini\Data aplikací\Skype
2011-08-12 15:09:42 ----HD---- C:\WINDOWS\inf
2011-08-12 15:09:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-12 15:09:30 ----A---- C:\WINDOWS\imsins.BAK
2011-08-12 15:09:21 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-12 15:01:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-12 15:01:47 ----SHD---- C:\WINDOWS\Installer
2011-08-12 14:59:46 ----D---- C:\Program Files\Internet Explorer
2011-08-03 14:14:05 ----D---- C:\Program Files\ICQ7.5
2011-08-01 03:19:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-01 03:14:17 ----D---- C:\Program Files\Common Files
2011-08-01 03:07:06 ----D---- C:\Program Files\Microsoft Office
2011-07-25 17:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-17 717296]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-25 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 MpKsl22da435c;MpKsl22da435c; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7C217FF1-5711-44BD-9BC3-BE6AB987B14C}\MpKsl22da435c.sys []
S1 MpKsl857a2d02;MpKsl857a2d02; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EED056BD-5ED9-4391-ADAA-31BF8E24C5B7}\MpKsl857a2d02.sys []
S3 7f219258;7f219258; C:\WINDOWS\1485971839:2162060711.exe []
S3 acxo670f;acxo670f; C:\WINDOWS\system32\drivers\acxo670f.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-08-20 386560]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-20 352768]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-20 636928]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-20 263680]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [2011-07-27 267488]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Zdravim a pekny den preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

1 log:

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Renuska-mini [Admin rights]
Mode: Remove -- Date : 08/22/2011 02:57:55

Bad processes: 2
[SUSP PATH] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]
[RESIDUE] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]

Registry Entries: 22
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1227810.exe ("C:\DOCUME~1\RENUSK~1\LOCALS~1\Temp\1227810.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7722959.exe ("C:\WINDOWS\TEMP\7722959.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5556939.exe ("C:\WINDOWS\TEMP\5556939.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

1 log:

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Renuska-mini [Admin rights]
Mode: Remove -- Date : 08/22/2011 02:57:55

Bad processes: 2
[SUSP PATH] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]
[RESIDUE] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]

Registry Entries: 22
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1227810.exe ("C:\DOCUME~1\RENUSK~1\LOCALS~1\Temp\1227810.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7722959.exe ("C:\WINDOWS\TEMP\7722959.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5556939.exe ("C:\WINDOWS\TEMP\5556939.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

2 log:

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Renuska-mini [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 02:58:22

Bad processes: 1
[SUSP PATH] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

3 log:

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Renuska-mini [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 02:58:37

Bad processes: 1
[SUSP PATH] 1485971839:2162060711.exe -- c:\windows\1485971839:2162060711.exe -> KILLED [TermProc]

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Vyborne, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

rad by som ten program nechal prejist ale kazdy program ktory sa snazim pustit na tom pc po cca 20 sekundach vypne a nejde nahodit znova... skusal som vas program a este malwarebytes ale ani ten nejde dlhsie ako pol minuty za ten cas sa nestihne nic preskenovat. spustal som ako admin...

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  "{5911488E-9D1E-40ec-8CBB-06B231CC153F}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "WinampAgent"=-
  "Regedit32"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  "iTunesHelper"=-
  "StartNowToolbarHelper"=-
  "wxpdrv"=-
  "tray_ico"=-
  "tray_ico0"=-
  "tray_ico1"=-
  "tray_ico2"=-
  "tray_ico3"=-
  "tray_ico4"=-
  "1227810.exe"=-
  "sysdriver32.exe"=-
  "sysdriver32_.exe"=-
  "8590173.exe"=-
  "7722959.exe"=-
  "l1rezerv.exe"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "ICQ"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
  [-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe"=-
  "C:\WINDOWS\update.1\svchost.exe"=-
  "C:\WINDOWS\services32.exe"=-
  "C:\WINDOWS\update.tray-14-0\svchost.exe"-
  "C:\WINDOWS\update.2\svchost.exe"=-
  "C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"=-
  
  :files
  \Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe
  C:\WINDOWS\l1rezerv.exe
  C:\WINDOWS\btc_client_iplist.txt
  C:\WINDOWS\iecheck_iplist.txt
  C:\WINDOWS\unrar.exe
  C:\WINDOWS\iplist.txt
  C:\WINDOWS\sysdriver32_.exe
  C:\WINDOWS\sysdriver32.exe
  C:\WINDOWS\front_ip_list.txt
  C:\WINDOWS\winlog-ids.txt
  C:\WINDOWS\winlog-dirs.txt
  C:\WINDOWS\services32.exe
  C:\WINDOWS\HideWin.exe
  C:\WINDOWS\ufa
  C:\WINDOWS\rpcminer
  C:\WINDOWS\phoenix
  C:\WINDOWS\update.5.0
  C:\WINDOWS\update.2
  C:\WINDOWS\update.7.1
  C:\WINDOWS\av_ico
  C:\WINDOWS\update.1
  C:\WINDOWS\update.tray-14-0
  C:\WINDOWS\update.tray-14-0-lnk
  C:\Program Files\StartNow Toolbar
  C:\WINDOWS\update.7.1\
  C:\Program Files\ICQ6Toolbar\
  C:\WINDOWS\update.5.0\
  C:\WINDOWS\update.2\
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\MP Scheduled Scan.job
  C:\WINDOWS\tasks\MpIdleTask.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :services
  MpKsl22da435c
  MpKsl857a2d02
  7f219258
  ddservice
  ICQ Service
  JavaQuickStarterService
  srvbtcclient
  srviecheck
  srvsysdriver32
  Updater Service for StartNow Toolbar
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

ako dlho by prosim malo priblizne trvat to OTM? (Windows XP) lebo uz ide cca 15 min a stale sa iba hodiny presypaju a nejde mi kliknut ani do zeleneho pola. dakujem

skusal som uz viac krat OTM tak isto ako ine programy po minute pouzivania vytuhne cele pc

Mel by probehnout behem par minut, zkuste jej opakovat v nouzovem rezimu. Pokud nepujde, tak napiste

ano nudzovy rezim ma napadol hned, skusal som aj nudzovy rezim v sieti, aj bez siete.. program zostane zaseknuty ako keby zamrzol a neda sa snim nic robit... aj ked cakam dlhu dobu

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  "{5911488E-9D1E-40ec-8CBB-06B231CC153F}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "WinampAgent"=-
  "Regedit32"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  "iTunesHelper"=-
  "StartNowToolbarHelper"=-
  "wxpdrv"=-
  "tray_ico"=-
  "tray_ico0"=-
  "tray_ico1"=-
  "tray_ico2"=-
  "tray_ico3"=-
  "tray_ico4"=-
  "1227810.exe"=-
  "sysdriver32.exe"=-
  "sysdriver32_.exe"=-
  "8590173.exe"=-
  "7722959.exe"=-
  "l1rezerv.exe"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "ICQ"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
  [-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe"=-
  "C:\WINDOWS\update.1\svchost.exe"=-
  "C:\WINDOWS\services32.exe"=-
  "C:\WINDOWS\update.tray-14-0\svchost.exe"-
  "C:\WINDOWS\update.2\svchost.exe"=-
  "C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"=-
  

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad ale vytvoreny soubor nespoustejte
• Soubor oprava.reg ulozte primo na disk c:\ tak aby nebyl v zadne slozce (cesta tedy bude c:\oprava.reg)

Stahnete Avenger (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Files to delete:
  C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe
  C:\WINDOWS\l1rezerv.exe
  C:\WINDOWS\btc_client_iplist.txt
  C:\WINDOWS\iecheck_iplist.txt
  C:\WINDOWS\unrar.exe
  C:\WINDOWS\iplist.txt
  C:\WINDOWS\sysdriver32_.exe
  C:\WINDOWS\sysdriver32.exe
  C:\WINDOWS\front_ip_list.txt
  C:\WINDOWS\winlog-ids.txt
  C:\WINDOWS\winlog-dirs.txt
  C:\WINDOWS\services32.exe
  C:\WINDOWS\HideWin.exe
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\MP Scheduled Scan.job
  C:\WINDOWS\tasks\MpIdleTask.job
  
  Folders to delete:
  C:\WINDOWS\ufa
  C:\WINDOWS\rpcminer
  C:\WINDOWS\phoenix
  C:\WINDOWS\update.5.0
  C:\WINDOWS\update.2
  C:\WINDOWS\update.7.1
  C:\WINDOWS\av_ico
  C:\WINDOWS\update.1
  C:\WINDOWS\update.tray-14-0
  C:\WINDOWS\update.tray-14-0-lnk
  C:\Program Files\StartNow Toolbar
  C:\WINDOWS\update.7.1\
  C:\Program Files\ICQ6Toolbar\
  C:\WINDOWS\update.5.0\
  C:\WINDOWS\update.2\
  
  Drivers to delete:
  MpKsl22da435c
  MpKsl857a2d02
  7f219258
  ddservice
  ICQ Service
  JavaQuickStarterService
  srvbtcclient
  srviecheck
  srvsysdriver32
  Updater Service for StartNow Toolbar
  
  Programs launch on reboot:
  c:\oprava.reg
  

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

dokoncil som:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe" not found!
Deletion of file "C:\Documents and Settings\Renuska-mini\Plocha\Flash-Player.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\l1rezerv.exe" deleted successfully.
File "C:\WINDOWS\btc_client_iplist.txt" deleted successfully.
File "C:\WINDOWS\iecheck_iplist.txt" deleted successfully.
File "C:\WINDOWS\unrar.exe" deleted successfully.
File "C:\WINDOWS\iplist.txt" deleted successfully.
File "C:\WINDOWS\sysdriver32_.exe" deleted successfully.
File "C:\WINDOWS\sysdriver32.exe" deleted successfully.
File "C:\WINDOWS\front_ip_list.txt" deleted successfully.
File "C:\WINDOWS\winlog-ids.txt" deleted successfully.
File "C:\WINDOWS\winlog-dirs.txt" deleted successfully.
File "C:\WINDOWS\services32.exe" deleted successfully.
File "C:\WINDOWS\HideWin.exe" deleted successfully.
File "C:\WINDOWS\tasks\AppleSoftwareUpdate.job" deleted successfully.
File "C:\WINDOWS\tasks\MP Scheduled Scan.job" deleted successfully.
File "C:\WINDOWS\tasks\MpIdleTask.job" deleted successfully.
Folder "C:\WINDOWS\ufa" deleted successfully.
Folder "C:\WINDOWS\rpcminer" deleted successfully.
Folder "C:\WINDOWS\phoenix" deleted successfully.
Folder "C:\WINDOWS\update.5.0" deleted successfully.
Folder "C:\WINDOWS\update.2" deleted successfully.
Folder "C:\WINDOWS\update.7.1" deleted successfully.
Folder "C:\WINDOWS\av_ico" deleted successfully.
Folder "C:\WINDOWS\update.1" deleted successfully.
Folder "C:\WINDOWS\update.tray-14-0" deleted successfully.
Folder "C:\WINDOWS\update.tray-14-0-lnk" deleted successfully.

Error: folder "C:\Program Files\StartNow Toolbar" not found!
Deletion of folder "C:\Program Files\StartNow Toolbar" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\update.7.1" not found!
Deletion of folder "C:\WINDOWS\update.7.1" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\ICQ6Toolbar" deleted successfully.

Error: folder "C:\WINDOWS\update.5.0" not found!
Deletion of folder "C:\WINDOWS\update.5.0" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\update.2" not found!
Deletion of folder "C:\WINDOWS\update.2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "MpKsl22da435c" deleted successfully.
Driver "MpKsl857a2d02" deleted successfully.
Driver "7f219258" deleted successfully.
Driver "ddservice" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ICQ Service" not found!
Deletion of driver "ICQ Service" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "JavaQuickStarterService" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\srvbtcclient" not found!
Deletion of driver "srvbtcclient" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\srviecheck" not found!
Deletion of driver "srviecheck" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\srvsysdriver32" not found!
Deletion of driver "srvsysdriver32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Updater Service for StartNow Toolbar" not found!
Deletion of driver "Updater Service for StartNow Toolbar" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Programs launch on reboot:" not found!
Deletion of driver "Programs launch on reboot:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\oprava.reg" not found!
Deletion of driver "c:\oprava.reg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Zkuste nyni spustit ComboFix