Kontrola Logu

[Tbb.Mills]

Prosím o kontrolu logu nějakým obětavým odborníkem, který ani nespí. Vir stažen jako všichni okolo z fb, flash player..

Logfile of random's system information tool 1.09 (written by random/random)
Run by Olča at 2011-10-31 19:35:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (19%) free of 153 GB
Total RAM: 959 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:12, on 31.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\update.tray-14-0\svchost.exe
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\sysdriver32_.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQ7.6\ICQ.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
c:\program files\teamviewer\version5\TeamViewer_Desktop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Olča\Plocha\RSIT.exe
C:\Program Files\trend micro\Olča.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [7909251.exe] "C:\DOCUME~1\OLA~1\LOCALS~1\Temp\7909251.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2583664.exe] "C:\WINDOWS\TEMP\2583664.exe"
O4 - HKLM\..\Run: [4848045.exe] "C:\WINDOWS\TEMP\4848045.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9385 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-03-18 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-02-28 1048888]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2007-05-16 269632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2009-03-08 73728]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-01-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-19 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-19 217088]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"tray_ico0"=C:\WINDOWS\update.tray-14-0\svchost.exe [2011-10-30 1109504]
"tray_ico1"=C:\WINDOWS\update.tray-9-0\svchost.exe [2011-10-30 1109504]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"7909251.exe"=C:\DOCUME~1\OLA~1\LOCALS~1\Temp\7909251.exe [2011-10-30 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe rezerv []
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-10-30 258048]
"2583664.exe"=C:\WINDOWS\TEMP\2583664.exe [2011-10-30 1942528]
"4848045.exe"=C:\WINDOWS\TEMP\4848045.exe [2011-10-30 258048]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\WINDOWS\update.tray-14-0\svchost.exe"="C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe"
"C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-14-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Disabled:metin2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Disabled:metin2client"
"C:\WINDOWS\update.tray-9-0\svchost.exe"="C:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-9-0\svchost.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Disabled:FlatOut2"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Disabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\sysdriver32_.exe"="C:\WINDOWS\sysdriver32_.exe:*:Disabled:sysdriver32_"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.FMVC"=fmcodec.dll
"MSVideo"=vfwwdm32.dll

======List of files/folders created in the last 1 month======

2011-10-31 19:35:10 ----D---- C:\Program Files\trend micro
2011-10-31 19:35:09 ----D---- C:\rsit
2011-10-31 19:03:50 ----D---- C:\Program Files\hijackthis
2011-10-31 18:57:48 ----D---- C:\Documents and Settings\Olča\Data aplikací\InstallShield
2011-10-30 22:26:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2011-10-30 20:26:35 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2011-10-30 20:19:22 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2011-10-30 20:19:13 ----D---- C:\Program Files\Lavasoft
2011-10-30 20:19:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2011-10-30 20:18:13 ----SHD---- C:\RECYCLER
2011-10-30 19:04:29 ----D---- C:\WINDOWS\rpcminer
2011-10-30 19:04:29 ----D---- C:\WINDOWS\phoenix
2011-10-30 18:57:42 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-30 18:57:15 ----HD---- C:\WINDOWS\update.5.0
2011-10-30 18:57:06 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-30 18:56:37 ----HD---- C:\WINDOWS\update.2
2011-10-30 18:56:37 ----A---- C:\WINDOWS\iplist.txt
2011-10-30 18:55:30 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-10-30 18:55:03 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-30 18:50:11 ----A---- C:\ComboFix.txt
2011-10-30 17:15:23 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-30 17:15:23 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-30 17:15:23 ----A---- C:\WINDOWS\system32\java.exe
2011-10-30 16:56:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\STOPzilla!
2011-10-30 11:35:27 ----A---- C:\Boot.bak
2011-10-30 11:35:22 ----RASHD---- C:\cmdcons
2011-10-30 11:32:26 ----A---- C:\WINDOWS\zip.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\SWSC.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\SWREG.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\sed.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\PEV.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\MBR.exe
2011-10-30 11:32:26 ----A---- C:\WINDOWS\grep.exe
2011-10-30 11:32:18 ----D---- C:\WINDOWS\ERDNT
2011-10-30 11:32:14 ----D---- C:\Qoobox
2011-10-30 11:06:55 ----HD---- C:\WINDOWS\update.tray-9-0-lnk
2011-10-30 11:06:55 ----HD---- C:\WINDOWS\update.tray-9-0
2011-10-30 11:05:50 ----D---- C:\Program Files\McAfee Security Scan
2011-10-30 10:16:43 ----A---- C:\WINDOWS\unrar.exe
2011-10-30 10:15:15 ----D---- C:\WINDOWS\av_ico
2011-10-30 10:14:01 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-10-30 10:14:01 ----HD---- C:\WINDOWS\update.tray-14-0
2011-10-12 15:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-12 15:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-12 15:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-04 19:38:48 ----D---- C:\Program Files\ICQ7.6

======List of files/folders modified in the last 1 month======

2011-10-31 19:35:12 ----D---- C:\WINDOWS\Prefetch
2011-10-31 19:35:10 ----D---- C:\Program Files
2011-10-31 19:15:21 ----D---- C:\WINDOWS
2011-10-31 18:58:05 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-31 18:58:05 ----D---- C:\WINDOWS\system32
2011-10-31 18:58:03 ----SHD---- C:\WINDOWS\Installer
2011-10-31 18:58:03 ----D---- C:\Config.Msi
2011-10-31 18:57:20 ----HD---- C:\WINDOWS\inf
2011-10-31 18:57:20 ----D---- C:\WINDOWS\system32\drivers
2011-10-31 18:56:39 ----D---- C:\Program Files\Electronic Arts
2011-10-31 17:23:14 ----D---- C:\WINDOWS\Temp
2011-10-31 17:01:57 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-31 17:01:21 ----SD---- C:\WINDOWS\Tasks
2011-10-31 17:00:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-30 22:31:39 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-30 20:19:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-30 20:19:15 ----D---- C:\WINDOWS\WinSxS
2011-10-30 18:58:28 ----SHD---- C:\System Volume Information
2011-10-30 18:58:28 ----D---- C:\WINDOWS\system32\Restore
2011-10-30 18:57:02 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-30 18:56:30 ----D---- C:\Documents and Settings\Olča\Data aplikací\ICQ
2011-10-30 18:47:00 ----A---- C:\WINDOWS\system.ini
2011-10-30 18:42:40 ----D---- C:\WINDOWS\AppPatch
2011-10-30 18:42:38 ----D---- C:\Program Files\Common Files
2011-10-30 18:01:25 ----D---- C:\Program Files\Common Files\BricsCad
2011-10-30 18:01:24 ----D---- C:\Program Files\Common Files\DESIGNER
2011-10-30 18:00:29 ----D---- C:\Program Files\Ask.com
2011-10-30 17:15:56 ----D---- C:\Program Files\Common Files\Java
2011-10-30 17:15:18 ----D---- C:\Program Files\Java
2011-10-30 17:11:17 ----D---- C:\WINDOWS\Minidump
2011-10-30 12:40:47 ----D---- C:\WINDOWS\system32\config
2011-10-30 11:35:27 ----RASH---- C:\boot.ini
2011-10-30 10:26:20 ----D---- C:\Program Files\Microsoft Security Client
2011-10-30 09:26:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-26 10:33:15 ----D---- C:\Program Files\FlatOut2
2011-10-12 19:28:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-12 15:35:37 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-12 15:35:31 ----A---- C:\WINDOWS\imsins.BAK
2011-10-12 15:35:19 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-12 15:35:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-10-12 15:34:27 ----D---- C:\Program Files\Internet Explorer
2011-10-05 09:14:06 ----D---- C:\Program Files\ICQ6Toolbar
2011-10-04 20:18:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-10-03 09:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-10-03 05:06:03 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-06 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\system32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\system32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\system32\drivers\sfsync04.sys [2006-05-10 52224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10005]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-19 22016]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
R3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 catchme;catchme; \??\C:\DOCUME~1\OLA~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe srv []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-10-30 344576]
S4 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-10-30 1942528]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [7909251.exe] "C:\DOCUME~1\OLA~1\LOCALS~1\Temp\7909251.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2583664.exe] "C:\WINDOWS\TEMP\2583664.exe"
O4 - HKLM\..\Run: [4848045.exe] "C:\WINDOWS\TEMP\4848045.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe (file missing)


HJT najdeš zde :

C:\Program Files\trend micro\Olča.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[Tbb.Mills]

Dík, určitě to udělám, nestačil by log z MBAM před smazáním ? Protože jsem koukal na ostatní téma jak se to tady řeší a MBAM jsem už stáhnul a spustil, je to pc přítelkyně (jsem na něm přes Teamviewer) a ona tam má neskutečnejch blbostí. Takže MBAM běží už 20 minut a ještě neni u konce.

Oprava... MBAM už skorem hodinu.

[Tbb.Mills]

Log z MBAM (omlouvám se, že začal před mazáním, ale trval skoro hodinu, když bude potřeba novej, tak zítra není problém)





Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.10.2011 20:40:27
mbam-log-2011-10-31 (20-40-20).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 254701
Uplynulý čas: 53 minut, 7 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 29

Infikované procesy v paměti:
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> 148 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2344 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3684 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2632 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2780 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1204 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3620 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7909251.exe (Trojan.Agent) -> Value: 7909251.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4848045.exe (Trojan.Agent) -> Value: 4848045.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2583664.exe (Trojan.Agent) -> Value: 2583664.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\Olča\local settings\Temp\7909251.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4848045.exe (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32_.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\update.5.0\svchost.exe.vir (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{70bb6c92-ced5-4e95-b8c0-3002a7484440}\RP823\A0125276.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\16816_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\8245510.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\2583664.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4156116.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5999691.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\144772395.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

[Roli]

Vše co Mbam našel nech smazat.


Koukám že tam máš ComboFix, to ti poradil kdo abys ho spustil ?

Já jen že to není dětská hračka.


Až odmažeš ty šmejdy pomocí Mbam spusť Combofix znovu jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Tbb.Mills]

No jako první jsem na netu našel nějakej návod rkill + ještě něco + combofix. Ale ten návod nefungoval.

[Roli]

Spusť ten ComboFix a něco s tím provedem.

[Tbb.Mills]

Sry byl jsem ve sprše, a ten log stejně trval strašně dlouho. Jinak dík za ochotu







ComboFix 11-10-30.04 - Olča 31.10.2011 21:26:06.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.366 [GMT 1:00]
Spuštěný z: c:\documents and settings\OlŔa\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 18:46 . 2011-10-31 18:46 -------- d-----w- c:\documents and settings\Olča\Data aplikací\Malwarebytes
2011-10-31 18:46 . 2011-10-31 18:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-31 18:45 . 2011-10-31 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 18:45 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 18:35 . 2011-10-31 18:35 -------- d-----w- c:\program files\trend micro
2011-10-31 18:35 . 2011-10-31 18:35 -------- d-----w- C:\rsit
2011-10-31 17:57 . 2011-10-31 17:57 -------- d-----w- c:\documents and settings\Olča\Data aplikací\InstallShield
2011-10-30 21:26 . 2011-10-30 19:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-30 19:41 . 2011-10-30 19:41 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-10-30 19:26 . 2011-10-30 19:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-30 19:19 . 2011-10-28 16:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-30 19:19 . 2011-10-30 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2011-10-30 19:19 . 2011-10-30 19:19 -------- d-----w- c:\program files\Lavasoft
2011-10-30 15:56 . 2011-10-30 17:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\STOPzilla!
2011-10-30 11:06 . 2011-10-30 11:06 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-30 10:06 . 2011-10-30 10:06 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-30 10:06 . 2011-10-30 10:06 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-30 10:05 . 2011-10-30 10:06 -------- d-----w- c:\program files\McAfee Security Scan
2011-10-30 10:05 . 2011-10-30 10:05 -------- d-----w- c:\documents and settings\Olča\Local Settings\Data aplikací\Solid State Networks
2011-10-30 09:16 . 2011-10-30 18:04 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 09:15 . 2011-10-30 10:08 -------- d-----w- c:\windows\av_ico
2011-10-30 09:14 . 2011-10-31 13:16 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-30 09:14 . 2011-10-30 09:14 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-30 09:11 . 2011-10-30 09:11 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-30 08:35 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{57D4F333-58B6-42C7-B490-4D48B598C735}\mpengine.dll
2011-10-04 18:38 . 2011-10-13 19:38 -------- d-----w- c:\program files\ICQ7.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 20:53 . 2011-06-01 19:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2010-11-08 15:18 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 04:06 . 2010-04-25 18:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2010-10-24 08:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-12-07 14:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-12-07 14:40 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-12-07 14:40 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-12-07 14:40 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-12-07 14:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-12-07 14:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-12-07 14:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-12-07 14:40 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-12-07 14:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_10.53.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-31 20:42 . 2011-10-31 20:42 16384 c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2011-10-30 19:19 . 2011-10-28 16:52 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-11 21:14 . 2009-07-11 21:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
- 2011-06-23 18:22 . 2011-05-04 02:52 157472 c:\windows\system32\javaws.exe
+ 2011-10-30 16:15 . 2011-10-03 04:06 157472 c:\windows\system32\javaws.exe
+ 2011-10-30 16:15 . 2011-10-03 04:06 145184 c:\windows\system32\javaw.exe
- 2011-06-23 18:22 . 2011-05-04 02:52 145184 c:\windows\system32\javaw.exe
- 2011-06-23 18:22 . 2011-05-04 02:52 145184 c:\windows\system32\java.exe
+ 2011-10-30 16:15 . 2011-10-03 04:06 145184 c:\windows\system32\java.exe
+ 2011-10-30 16:15 . 2011-10-30 16:15 203776 c:\windows\Installer\5f646.msi
+ 2011-10-30 19:19 . 2011-10-30 19:19 7224320 c:\windows\Installer\aeb02d.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 07:35 1617920 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\WINDOWS\\update.tray-14-0\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\update.tray-9-0\\svchost.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.10.2011 20:19 64512]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.12.2006 14:37 59776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [28.10.2011 17:52 2152152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.12.2006 14:37 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.12.2006 14:38 10005]
R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23.7.2004 14:55 46536]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 21:35 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 21:35 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 16:52]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:35]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:35]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 192.168.2.1
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 21:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="4E6366279B2473AF94107CC21BE4567286AEF1E71925D5D6328596D068ECE104D0F53068199B2EDCAFA9FCB7B0B9C5D5398853A0791A261A0683BBEA594AEC7FFB2BB025BD4E1ACA059963C7943B5C45CFA80E3BDA0E6D9EA2FDDF202FE084A53DE070E807E853C8CA62C5CCDE4A156BE758EB7F8B37A80E2F231F4013DD46BB62C8F8B2142BB957195B4092C55CB0A801B13BA5FDDE194235729513FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C9DB7CE019D40AA5C0465CE2C41BE7F786F6632B168522BD295669881493BD680DD80C492B65CD3956BA7C50EC0675CFC2B0353AD0EE279496C253C77B90478CA0B8967BBC7D4F200A963DC6FA4B264D27F3DEBCA3E0E4FA1AD7153C29F8C779F2FDF844A27E9A47ECE846AE847327B6B34D9549D5ACC625CFB82D794855579AC674FD62B2A3D2009900F8CC5E4CD0B2C372D2AEEA9EBEDEA9EA20753DB2D2A1173B8DF8308C6218DC616A205A0C301709B224F3A568BACB400326418753BB8DF36906127DD51E76CEE43505A7E21CB0517B667B16D2063942FA5B4B08A7956A2B85F62A2ABFA37F9A9D47EACE7CB612C03FCDB3863F256DA6081031DB4B439D3A5BF2EB25637D7003C1B58192B79B91CDD9C5AE68D214E49E7E29D94F4909DE54E6454CA27CB933C90FB4F6E79B7D17FC84ED40AA69B1A96C1799501AE80423A258FA79248543CDEB1EF96B0E7642BF30A61FEA34D278B6F8E86C2FDA7CFE8AA439ABFE2CBBFA38CD184A6166FB5498B0CB7D26603DA77718E633D5E8D1C588264F1F64A2550A2DF445B3B0B6E3134CADCC70D3CAE25B8B0AAF9E3A8ED57DA016794EC8C2E9D9464042A55AEA534F92FAC1B2FC09AC62BB26C4A5A13BDC5405C5298849FA090D81BAB3939D4BAEDAB235251FEC4755432F304E6858E5383DA3ACAA4652D20E9D27AFEE5ED85B7625C8A491B044C52B6B16243F80FBA697C80389EF5F9952F3CEBE9E0A1C0FB8868A53BAC400C11A5A91562A039E56E21730CE53BDC72E8B66C0D475A7240267FAD247E411AA87E4BBFC9C93978BC327DFD5D47B7BDC0700338A8E397F0C2A9D2AF7892EA962F3502DB40E3C9988843E405D4D3C88F1DA4442CB003EBCA5EDD99C3462B33B9388A6A386F70B6930394A3C7DBF8CC5F82B48EAB9C60CA41704CD39137EC4A9721868DE0CFA085F22D49E8575B95C24EAF835B6DE8A6CCA89937E09378F080DB8B65D236DF1EE15545BDC719C1FDCE8F28A7067C15F82FEABC11879BB947CBC4DB988BEEA0811BEE557EB847827A386C32E9CFB7A46A54850200F0CBAF7046A3BAC3689198DB2407A44C956F93C56BC05A4B5DD19E843E0A57612A9C93632E60963F00FBD02E12F7C19C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org1.0.3\program\soffice.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Multimedia Card Reader\shwicon2k.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Celkový čas: 2011-10-31 21:49:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-31 20:49
ComboFix2.txt 2011-10-30 17:50
ComboFix3.txt 2011-10-30 11:49
ComboFix4.txt 2011-10-30 11:00
.
Před spuštěním: Volných bajtů: 30 519 029 760
Po spuštění: Volných bajtů: 30 554 624 000
.
- - End Of File - - 39097A72C900E5619FE826F573024361

[Roli]

Tak že jdeme uklízet.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\unrar.exe


Folder::
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk
c:\program files\McAfee Security Scan
c:\windows\av_ico
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\update.tray-14-0\\svchost.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\update.tray-9-0\\svchost.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po ulož
ení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Tbb.Mills]

JJ, hned to bude, ten komp se restartuje neskutečně pomalu. Restartuje se 20 minut

[Tbb.Mills]

konečně



ComboFix 11-10-30.04 - Olča 31.10.2011 22:28:33.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.409 [GMT 1:00]
Spuštěný z: c:\documents and settings\Olča\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Olča\Plocha\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\McAfee Security Scan
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\unrar.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0\svchost.exe
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0-lnk\svchost.exe
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 18:46 . 2011-10-31 18:46 -------- d-----w- c:\documents and settings\Olča\Data aplikací\Malwarebytes
2011-10-31 18:46 . 2011-10-31 18:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-31 18:45 . 2011-10-31 18:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 18:45 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 18:35 . 2011-10-31 18:35 -------- d-----w- c:\program files\trend micro
2011-10-31 18:35 . 2011-10-31 18:35 -------- d-----w- C:\rsit
2011-10-31 17:57 . 2011-10-31 17:57 -------- d-----w- c:\documents and settings\Olča\Data aplikací\InstallShield
2011-10-30 21:26 . 2011-10-30 19:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-30 19:41 . 2011-10-30 19:41 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-10-30 19:26 . 2011-10-30 19:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-30 19:19 . 2011-10-28 16:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-30 19:19 . 2011-10-30 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2011-10-30 19:19 . 2011-10-30 19:19 -------- d-----w- c:\program files\Lavasoft
2011-10-30 15:56 . 2011-10-30 17:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\STOPzilla!
2011-10-30 11:06 . 2011-10-30 11:06 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-30 10:05 . 2011-10-30 10:05 -------- d-----w- c:\documents and settings\Olča\Local Settings\Data aplikací\Solid State Networks
2011-10-30 09:11 . 2011-10-30 09:11 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-30 08:35 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{57D4F333-58B6-42C7-B490-4D48B598C735}\mpengine.dll
2011-10-04 18:38 . 2011-10-13 19:38 -------- d-----w- c:\program files\ICQ7.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 20:53 . 2011-06-01 19:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2010-11-08 15:18 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 04:06 . 2010-04-25 18:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2010-10-24 08:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-12-07 14:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-12-07 14:40 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-12-07 14:40 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-12-07 14:40 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-12-07 14:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-12-07 14:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-12-07 14:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-12-07 14:40 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-12-07 14:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_10.53.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-31 20:42 . 2011-10-31 20:42 16384 c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2011-10-30 19:19 . 2011-10-28 16:52 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
- 2006-12-07 13:57 . 2008-10-22 18:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-07 13:57 . 2011-10-30 16:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-07 13:57 . 2008-10-22 18:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-07 13:57 . 2011-10-30 16:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-11 21:14 . 2009-07-11 21:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-11 21:11 . 2009-07-11 21:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2011-10-30 16:15 . 2011-10-03 04:06 157472 c:\windows\system32\javaws.exe
- 2011-06-23 18:22 . 2011-05-04 02:52 157472 c:\windows\system32\javaws.exe
+ 2011-10-30 16:15 . 2011-10-03 04:06 145184 c:\windows\system32\javaw.exe
- 2011-06-23 18:22 . 2011-05-04 02:52 145184 c:\windows\system32\javaw.exe
+ 2011-10-30 16:15 . 2011-10-03 04:06 145184 c:\windows\system32\java.exe
- 2011-06-23 18:22 . 2011-05-04 02:52 145184 c:\windows\system32\java.exe
+ 2011-10-30 16:15 . 2011-10-30 16:15 203776 c:\windows\Installer\5f646.msi
+ 2011-10-30 19:19 . 2011-10-30 19:19 7224320 c:\windows\Installer\aeb02d.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 07:35 1617920 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.10.2011 20:19 64512]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.12.2006 14:37 59776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [28.10.2011 17:52 2152152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.12.2006 14:37 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.12.2006 14:38 10005]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [28.10.2011 17:52 15232]
R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23.7.2004 14:55 46536]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 21:35 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2010 21:35 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WUAUSERV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 16:52]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:35]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:35]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 192.168.2.1
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 22:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="4E6366279B2473AF94107CC21BE4567286AEF1E71925D5D6328596D068ECE104D0F53068199B2EDCAFA9FCB7B0B9C5D5398853A0791A261A0683BBEA594AEC7FFB2BB025BD4E1ACA059963C7943B5C45CFA80E3BDA0E6D9EA2FDDF202FE084A53DE070E807E853C8CA62C5CCDE4A156BE758EB7F8B37A80E2F231F4013DD46BB62C8F8B2142BB957195B4092C55CB0A801B13BA5FDDE194235729513FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C9DB7CE019D40AA5C0465CE2C41BE7F786F6632B168522BD295669881493BD680DD80C492B65CD3956BA7C50EC0675CFC2B0353AD0EE279496C253C77B90478CA0B8967BBC7D4F200A963DC6FA4B264D27F3DEBCA3E0E4FA1AD7153C29F8C779F2FDF844A27E9A47ECE846AE847327B6B34D9549D5ACC625CFB82D794855579AC674FD62B2A3D2009900F8CC5E4CD0B2C372D2AEEA9EBEDEA9EA20753DB2D2A1173B8DF8308C6218DC616A205A0C301709B224F3A568BACB400326418753BB8DF36906127DD51E76CEE43505A7E21CB0517B667B16D2063942FA5B4B08A7956A2B85F62A2ABFA37F9A9D47EACE7CB612C03FCDB3863F256DA6081031DB4B439D3A5BF2EB25637D7003C1B58192B79B91CDD9C5AE68D214E49E7E29D94F4909DE54E6454CA27CB933C90FB4F6E79B7D17FC84ED40AA69B1A96C1799501AE80423A258FA79248543CDEB1EF96B0E7642BF30A61FEA34D278B6F8E86C2FDA7CFE8AA439ABFE2CBBFA38CD184A6166FB5498B0CB7D26603DA77718E633D5E8D1C588264F1F64A2550A2DF445B3B0B6E3134CADCC70D3CAE25B8B0AAF9E3A8ED57DA016794EC8C2E9D9464042A55AEA534F92FAC1B2FC09AC62BB26C4A5A13BDC5405C5298849FA090D81BAB3939D4BAEDAB235251FEC4755432F304E6858E5383DA3ACAA4652D20E9D27AFEE5ED85B7625C8A491B044C52B6B16243F80FBA697C80389EF5F9952F3CEBE9E0A1C0FB8868A53BAC400C11A5A91562A039E56E21730CE53BDC72E8B66C0D475A7240267FAD247E411AA87E4BBFC9C93978BC327DFD5D47B7BDC0700338A8E397F0C2A9D2AF7892EA962F3502DB40E3C9988843E405D4D3C88F1DA4442CB003EBCA5EDD99C3462B33B9388A6A386F70B6930394A3C7DBF8CC5F82B48EAB9C60CA41704CD39137EC4A9721868DE0CFA085F22D49E8575B95C24EAF835B6DE8A6CCA89937E09378F080DB8B65D236DF1EE15545BDC719C1FDCE8F28A7067C15F82FEABC11879BB947CBC4DB988BEEA0811BEE557EB847827A386C32E9CFB7A46A54850200F0CBAF7046A3BAC3689198DB2407A44C956F93C56BC05A4B5DD19E843E0A57612A9C93632E60963F00FBD02E12F7C19C"
.
Celkový čas: 2011-10-31 22:47:03
ComboFix-quarantined-files.txt 2011-10-31 21:47
ComboFix2.txt 2011-10-30 17:50
ComboFix3.txt 2011-10-30 11:49
ComboFix4.txt 2011-10-30 11:00
.
Před spuštěním: Volných bajtů: 30 535 622 656
Po spuštění: Volných bajtů: 30 516 776 960
.
- - End Of File - - 171D69E6AD06777EB89DD6E4CBA37D8A

[Roli]

ten komp se restartuje neskutečně pomalu. Restartuje se 20 minut

Cože

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Nakonec použij AVP Tool z mého podpisu a dej mi sem z něj log.


P.S. kdybych už tu nebyl, mrknu na to zítra dopoledne.

[Tbb.Mills]

A teoreticky teď by to mělo bejt v cajku ?

Jo ten komp je pomalej, a to jak softwarově, tak hardwarově. Asi by potřeboval nějakou odbornou ruku.

Určitě pošlu Log.

[Roli]

Ano PC by měl být už bez šmejdů, ale uvidíme.


No a jelikož tady dneska večer nebudu tak dostaneš spoustu domácích úkolů


Nejdříve defragmentuj HDD třeba tím OO Defrag který tam už je.


Dále stáhni HD Tune a otestuj HDD.

Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.

Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.

Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.

Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.

Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.

Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.

Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.


Stáhni MEMTEST

soubor rozbal a obraz (ISO) vypal jako z image CD, nikoliv jako data.

V Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :

* DEL
* F2
* F1
* F10

záleží na PC, ale vždy je to na monitoru napsáno,

otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.

Na první místo nastav CD-ROM,

na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.

Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,

pak ještě stisknutím Save and Exit se dostaneš z Biosu.

Vlož CD z Memetestem do mechaniky a po restartu z něj PC nabootuje.

Test nech projet minimálně jednou, ideálně však několikrát třeba přes noc a s každým RAM modulem zvlášť.


Pak dej vědět jak testy HDD i RAM dopadli.

[Tbb.Mills]

Tak jelikož jsem tu celou proceduru dělal přes teamviewer, tak se to prý nerestartovalo 20 minut, akorát běžel ten program, a po tu doby jsem to měl odpojený. Takže akorát chyba v komunikaci Log z kaspersky pošlu za chvilku.