VIRY.CZ

Dobrý den,

I já jsem se bohužel chytil do sítě FB viru v podobě FAKE flash playeru.

Budu rád za každou pomoc. Ze začátku mi jen nešlo přihlášení na FB, ale občas se mi sám od sebe vypne počitač.

Děkuji za rady.
Přikládám Log RISITU

Logfile of random's system information tool 1.09 (written by random/random)
Run by Santa at 2011-10-31 20:17:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 81 GB (81%) free of 100 GB
Total RAM: 3327 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:17:34, on 31.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Hry\GamePark2\gpcl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kooperativa\Services\KoopPDFServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
D:\ICQ7.6\ICQ.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Santa\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Santa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=154464
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [4-Day Forecast] "D:\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe
O4 - HKLM\..\Run: [1139785.exe] "C:\DOCUME~1\Santa\LOCALS~1\Temp\1139785.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4018399.exe] "C:\WINDOWS\TEMP\4018399.exe"
O4 - HKLM\..\Run: [5474179.exe] "C:\DOCUME~1\Santa\LOCALS~1\Temp\5474179.exe"
O4 - HKLM\..\Run: [1977674.exe] "C:\WINDOWS\TEMP\1977674.exe"
O4 - HKLM\..\Run: [2544124.exe] "C:\WINDOWS\TEMP\2544124.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "D:\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe /ot /as
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Praetorian] C:\Documents and Settings\Santa\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: GamePark klient 2.lnk = D:\Hry\GamePark2\gpcl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Cronosoft - C:\WINDOWS\update.1\svchost.exe

--
End of file - 9990 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-606747145-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-606747145-725345543-1003.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Santa\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=D:\TVUPlayer\npTVUAx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
mailru.xml
ozonru.xml
priceru.xml
wikipedia-ru.xml
yandex-slovari.xml
yandex.xml

C:\Documents and Settings\Santa\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\
firefox@tvunetworks.com
yasearch@yandex.ru

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-10 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-01-21 20026472]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2002-07-23 167936]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 1505144]
"4-Day Forecast"=D:\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe [2008-07-02 1064960]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-10-10 273528]
"wxpdrv"=C:\WINDOWS\update.1\svchost.exe [2011-10-29 1201152]
"1139785.exe"=C:\DOCUME~1\Santa\LOCALS~1\Temp\1139785.exe [2011-10-29 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-10-29 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-10-29 258048]
"4018399.exe"=C:\WINDOWS\TEMP\4018399.exe [2011-10-29 258048]
"5474179.exe"=C:\DOCUME~1\Santa\LOCALS~1\Temp\5474179.exe [2011-10-29 258048]
"1977674.exe"=C:\WINDOWS\TEMP\1977674.exe [2011-10-29 1946624]
"2544124.exe"=C:\WINDOWS\TEMP\2544124.exe [2011-10-29 258048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BlazeServoTool"=D:\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2010-03-06 286720]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"FixMyRegistry"=C:\Program Files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe /ot /as []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 16945032]
"Praetorian"=C:\Documents and Settings\Santa\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamePark klient 2.lnk - D:\Hry\GamePark2\gpcl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Santa\Nabídka Start\Programy\Po spuštění
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program files\BitLord\BitLord.exe"="D:\Program files\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\Hry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="D:\Hry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Hry\Anno 1701\Anno1701.exe"="D:\Hry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Program Files\Anno 1701\Anno1701.exe"="C:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Hry\SEGA\Virtua Tennis 4\VT4.exe"="D:\Hry\SEGA\Virtua Tennis 4\VT4.exe:*:Enabled:Virtua Tennis 4™"
"C:\Documents and Settings\Santa\Plocha\BitLord.exe"="C:\Documents and Settings\Santa\Plocha\BitLord.exe:*:Enabled:BitLord"
"D:\TVUPlayer\TVUPlayer.exe"="D:\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Hry\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Hry\FIFA 12\Game\fifa.exe"="D:\Hry\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12"
"D:\Program files\VLC\vlc.exe"="D:\Program files\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\Santa\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Santa\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Santa\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=iyvu9_32.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.xvid"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-10-31 20:17:31 ----D---- C:\rsit
2011-10-31 20:17:31 ----D---- C:\Program Files\trend micro
2011-10-31 19:24:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2011-10-30 20:21:06 ----D---- C:\Documents and Settings\Santa\Data aplikací\GetRightToGo
2011-10-30 19:58:42 ----D---- C:\Documents and Settings\Santa\Data aplikací\ICQ
2011-10-30 19:12:09 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-10-30 19:12:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2011-10-29 10:54:09 ----D---- C:\Documents and Settings\Santa\Data aplikací\ATI
2011-10-29 10:54:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-10-29 10:53:00 ----D---- C:\Program Files\AMD APP
2011-10-29 10:38:48 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-29 10:38:14 ----HD---- C:\WINDOWS\update.2
2011-10-29 10:32:19 ----D---- C:\WINDOWS\ufa
2011-10-29 10:32:19 ----D---- C:\WINDOWS\rpcminer
2011-10-29 10:32:19 ----D---- C:\WINDOWS\phoenix
2011-10-29 10:30:45 ----A---- C:\WINDOWS\unrar.exe
2011-10-29 10:27:07 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-29 10:26:38 ----HD---- C:\WINDOWS\update.5.0
2011-10-29 10:26:24 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-10-29 10:26:24 ----A---- C:\WINDOWS\iplist.txt
2011-10-29 10:26:10 ----A---- C:\WINDOWS\sysdriver32.exe
2011-10-29 10:25:54 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-29 10:25:48 ----HD---- C:\WINDOWS\update.1
2011-10-29 10:25:48 ----A---- C:\WINDOWS\services32.exe
2011-10-25 20:07:36 ----D---- C:\Documents and Settings\Santa\Data aplikací\vlc
2011-10-13 02:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 02:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 02:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-13 02:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-10-10 21:11:00 ----D---- C:\Program Files\Common Files\xing shared
2011-10-10 21:10:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2011-10-10 21:10:53 ----A---- C:\WINDOWS\system32\pndx5032.dll
2011-10-10 21:10:53 ----A---- C:\WINDOWS\system32\pndx5016.dll
2011-10-10 21:10:53 ----A---- C:\WINDOWS\system32\pncrt.dll
2011-10-10 21:10:52 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-10-10 21:10:49 ----D---- C:\Program Files\Real
2011-10-10 21:10:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2011-10-10 21:10:48 ----D---- C:\Documents and Settings\Santa\Data aplikací\Real

======List of files/folders modified in the last 1 month======

2011-10-31 20:17:31 ----RD---- C:\Program Files
2011-10-31 20:16:52 ----A---- C:\WINDOWS\Msiosd.ini
2011-10-31 19:48:22 ----D---- C:\WINDOWS\Temp
2011-10-31 19:34:59 ----D---- C:\WINDOWS\Prefetch
2011-10-31 19:29:31 ----D---- C:\WINDOWS\system32\inetsrv
2011-10-31 19:25:53 ----D---- C:\WINDOWS
2011-10-31 19:24:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-31 19:24:14 ----D---- C:\WINDOWS\system32
2011-10-31 19:24:07 ----HD---- C:\Config.Msi
2011-10-31 19:24:06 ----SHD---- C:\WINDOWS\Installer
2011-10-31 19:23:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-31 19:23:30 ----D---- C:\WINDOWS\system32\drivers
2011-10-31 19:23:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-31 19:09:49 ----D---- C:\WINDOWS\Registration
2011-10-31 19:06:32 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-31 19:04:49 ----D---- C:\WINDOWS\system32\config
2011-10-31 19:04:33 ----D---- C:\WINDOWS\system32\wbem
2011-10-31 19:03:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-31 19:03:55 ----D---- C:\WINDOWS\system32\Restore
2011-10-30 21:51:00 ----A---- C:\WINDOWS\wincmd.ini
2011-10-30 20:01:42 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-30 19:31:31 ----D---- C:\Program Files\Common Files
2011-10-29 10:56:17 ----HD---- C:\WINDOWS\inf
2011-10-29 10:52:48 ----D---- C:\Program Files\ATI Technologies
2011-10-29 10:40:24 ----SHD---- C:\System Volume Information
2011-10-25 17:52:33 ----D---- C:\Program Files\Opera
2011-10-23 13:33:44 ----D---- C:\WINDOWS\Minidump
2011-10-22 23:05:56 ----SD---- C:\WINDOWS\Tasks
2011-10-13 02:08:18 ----RSD---- C:\WINDOWS\assembly
2011-10-13 02:06:38 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 02:03:25 ----D---- C:\WINDOWS\WinSxS
2011-10-13 02:02:00 ----A---- C:\WINDOWS\imsins.BAK
2011-10-13 02:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 02:01:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-10-10 21:10:52 ----A---- C:\WINDOWS\system32\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2010-11-25 103000]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-25 721904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-08-16 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-08-16 18048]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2009-08-20 37888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-28 7084544]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-01-25 6321768]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2010-08-24 20304]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 au2uxrm3;au2uxrm3; C:\WINDOWS\system32\drivers\au2uxrm3.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys []
S3 MaplomL;MaplomL; C:\WINDOWS\system32\drivers\MaplomL.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2009-10-06 65536]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 KoopPdfService;KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2011-09-26 2454016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-09-27 66872]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-10-29 344576]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-10-29 258048]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-10-29 1201152]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2009-10-06 1532000]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Tak jo....mám tady ty logy.

Log (2)

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Santa [Admin rights]
Mode: Remove -- Date : 10/31/2011 21:14:55

Bad processes: 15
[SVCHOST] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\WINDOWS\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED

Registry Entries: 26
[SUSP PATH] HKCU\[...]\Run : Praetorian (C:\Documents and Settings\Santa\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\update.1\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1139785.exe ("C:\DOCUME~1\Santa\LOCALS~1\Temp\1139785.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4018399.exe ("C:\WINDOWS\TEMP\4018399.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5474179.exe ("C:\DOCUME~1\Santa\LOCALS~1\Temp\5474179.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1977674.exe ("C:\WINDOWS\TEMP\1977674.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2544124.exe ("C:\WINDOWS\TEMP\2544124.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

Log (3)

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Santa [Admin rights]
Mode: HOSTSFix -- Date : 10/31/2011 21:15:20

Bad processes: 0

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Log (4)

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Santa [Admin rights]
Mode: ProxyFix -- Date : 10/31/2011 21:15:39

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Super, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Vkládám Combofix log

ComboFix 11-10-30.04 - Santa 31.10.2011 21:35:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2323 [GMT 1:00]
Spuštěný z: c:\documents and settings\Santa\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ehome\medctrro.exe
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\msmqinst.log
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\9c60d8302d1d0ddf4095e91dfd15cc57.elf
c:\windows\phoenix\kernels\phatk\ac845510f17363859758982cec895e0d.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\a3bbe448d1fe0b7d201b2d30b2d0a402.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\d6cc47ce6067a225fc017dcb3c8aba2c.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 20:14 . 2011-10-31 20:15 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-31 19:17 . 2011-10-31 19:17 -------- d-----w- C:\rsit
2011-10-31 19:17 . 2011-10-31 19:17 -------- d-----w- c:\program files\trend micro
2011-10-31 18:24 . 2011-10-31 18:24 5822 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-31 18:04 . 2011-10-31 18:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-30 19:21 . 2011-10-30 19:21 -------- d-----w- c:\documents and settings\Santa\Data aplikací\GetRightToGo
2011-10-30 18:58 . 2011-10-31 19:07 -------- d-----w- c:\documents and settings\Santa\Data aplikací\ICQ
2011-10-30 18:12 . 2011-10-30 18:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-10-30 18:12 . 2011-10-30 18:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\Santa\Local Settings\Data aplikací\ATI
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\Santa\Data aplikací\ATI
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-10-29 09:53 . 2011-10-29 09:53 -------- d-----w- c:\program files\AMD APP
2011-10-29 09:32 . 2011-10-29 09:32 -------- d-----w- c:\windows\ufa
2011-10-29 09:30 . 2011-10-29 09:33 246272 ----a-w- c:\windows\unrar.exe
2011-10-29 09:25 . 2011-10-29 09:25 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-25 19:07 . 2011-10-25 19:14 -------- d-----w- c:\documents and settings\Santa\Data aplikací\vlc
2011-10-10 20:11 . 2011-10-10 20:11 -------- d-----w- c:\program files\Common Files\xing shared
2011-10-10 20:10 . 2011-10-10 20:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-10 20:10 . 2011-10-10 20:11 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 20:10 . 2007-03-11 19:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-27 14:33 . 2011-09-27 13:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-27 14:33 . 2011-09-27 13:11 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-27 13:14 . 2011-09-27 13:11 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-27 13:11 . 2011-09-27 13:11 22328 ----a-w- c:\documents and settings\Santa\Data aplikací\PnkBstrK.sys
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-08-24 04:08 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-24 04:08 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 10:15 . 2011-07-24 15:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 10:05 . 2011-08-16 10:05 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-16 10:05 . 2011-08-16 10:05 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-12 11:51 . 2011-07-24 18:24 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-18 18:05 . 2011-08-05 09:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="d:\blazevideo\BlazeDTV 6.0\MediaDetector.exe" [2010-03-06 286720]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 16945032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-22 167936]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"4-Day Forecast"="d:\4-day forecast\4-Day Forecast\4-Day Forecast.exe" [2008-07-02 1064960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-10 273528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Santa\Nabídka Start\Programy\Po spuštění\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-9-26 2935808]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - d:\hry\GamePark2\gpcl.exe [2011-9-27 409088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"d:\\Hry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Anno 1701\\Anno1701.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\SEGA\\Virtua Tennis 4\\VT4.exe"=
"d:\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Hry\\FIFA 12\\Game\\fifa.exe"=
"d:\\Program files\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Santa\\Dokumenty\\Downloads\\Flash-Player.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.7.2011 11:05 721904]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [6.8.2011 8:17 6656]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [5.8.2011 10:48 37888]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [31.10.2011 21:14 111872]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2011 10:58 136176]
S2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [26.9.2011 8:53 2454016]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [6.8.2011 8:17 28672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.7.2011 19:24 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2011 10:58 136176]
S3 MaplomL;MaplomL; [x]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 09:57]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 09:57]
.
2011-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-606747145-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-606747145-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.yandex.ru/?clid=154464
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Santa\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKCU-Run-FixMyRegistry - c:\program files\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-MegaTrainer XL_is1 - d:\hrymegatrainer xl\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-10-31 21:38:42
ComboFix-quarantined-files.txt 2011-10-31 20:38
.
Před spuštěním: Volných bajtů: 85 007 187 968
Po spuštění: Volných bajtů: 86 254 256 128
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6D380C15245948FF2842204ABFA51CAD

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\ufa

File::
c:\windows\unrar.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-606747145-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-606747145-725345543-1003.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4-Day Forecast"=-
"HP Software Update"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Santa\\Dokumenty\\Downloads\\Flash-Player.exe"=-

Collect::
c:\\Documents and Settings\\Santa\\Dokumenty\\Downloads\\Flash-Player.exe

Driver::
gupdate
gupdatem
MaplomL

DDS::
uStart Page = hxxp://www.yandex.ru/?clid=154464

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tady to je:

ComboFix 11-10-30.04 - Santa 31.10.2011 21:58:25.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2446 [GMT 1:00]
Spuštěný z: c:\documents and settings\Santa\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Santa\Plocha\CFScript.txt
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-606747145-725345543-1003.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-606747145-725345543-1003.job"
"c:\windows\unrar.exe"
.
file zipped: c:\\Documents and Settings\\Santa\\Dokumenty\\Downloads\\Flash-Player.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Santa\Dokumenty\Downloads\Flash-Player.exe
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-606747145-725345543-1003.job
c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-606747145-725345543-1003.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MaplomL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 20:49 . 2011-10-31 20:49 -------- d-----w- c:\documents and settings\Santa\Data aplikací\Rovio
2011-10-31 20:14 . 2011-10-31 20:15 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-31 19:17 . 2011-10-31 19:17 -------- d-----w- C:\rsit
2011-10-31 19:17 . 2011-10-31 19:17 -------- d-----w- c:\program files\trend micro
2011-10-31 18:24 . 2011-10-31 18:24 5822 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-31 18:04 . 2011-10-31 18:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-30 19:21 . 2011-10-30 19:21 -------- d-----w- c:\documents and settings\Santa\Data aplikací\GetRightToGo
2011-10-30 18:58 . 2011-10-31 19:07 -------- d-----w- c:\documents and settings\Santa\Data aplikací\ICQ
2011-10-30 18:12 . 2011-10-30 18:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-10-30 18:12 . 2011-10-30 18:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\Santa\Local Settings\Data aplikací\ATI
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\Santa\Data aplikací\ATI
2011-10-29 09:54 . 2011-10-29 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-10-29 09:53 . 2011-10-29 09:53 -------- d-----w- c:\program files\AMD APP
2011-10-29 09:25 . 2011-10-29 09:25 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-25 19:07 . 2011-10-25 19:14 -------- d-----w- c:\documents and settings\Santa\Data aplikací\vlc
2011-10-10 20:11 . 2011-10-10 20:11 -------- d-----w- c:\program files\Common Files\xing shared
2011-10-10 20:10 . 2011-10-10 20:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-10 20:10 . 2011-10-10 20:11 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 20:10 . 2007-03-11 19:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-27 14:33 . 2011-09-27 13:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-27 14:33 . 2011-09-27 13:11 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-27 13:14 . 2011-09-27 13:11 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-27 13:11 . 2011-09-27 13:11 22328 ----a-w- c:\documents and settings\Santa\Data aplikací\PnkBstrK.sys
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-08-24 04:08 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-24 04:08 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 10:15 . 2011-07-24 15:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 10:05 . 2011-08-16 10:05 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-16 10:05 . 2011-08-16 10:05 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-12 11:51 . 2011-07-24 18:24 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-18 18:05 . 2011-08-05 09:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_20.37.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-31 21:01 . 2011-10-31 21:01 16384 c:\windows\temp\Perflib_Perfdata_af0.dat
+ 2011-10-29 09:40 . 2011-10-31 21:01 224457 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="d:\blazevideo\BlazeDTV 6.0\MediaDetector.exe" [2010-03-06 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-22 167936]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Santa\Nabídka Start\Programy\Po spuštění\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-9-26 2935808]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - d:\hry\GamePark2\gpcl.exe [2011-9-27 409088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"d:\\Hry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Anno 1701\\Anno1701.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\SEGA\\Virtua Tennis 4\\VT4.exe"=
"d:\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Hry\\FIFA 12\\Game\\fifa.exe"=
"d:\\Program files\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.7.2011 11:05 721904]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [6.8.2011 8:17 6656]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [26.9.2011 8:53 2454016]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [6.8.2011 8:17 28672]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [5.8.2011 10:48 37888]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.7.2011 19:24 1691480]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [31.10.2011 21:14 111872]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Santa\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 22:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2011-10-31 22:03:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-31 21:03
ComboFix2.txt 2011-10-31 20:38
.
Před spuštěním: Volných bajtů: 86 224 998 400
Po spuštění: Volných bajtů: 86 117 826 560
.
- - End Of File - - 424B10A213A7D1B561B153D24CCC8D5A
Nahr nˇ probŘhlo ŁspŘçnŘ

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Nainstalujte zabezpeceni PC - doporucuji Avast free http://www.avast.com/cs-cz/free-antivirus-download

Dejte novy log z RSIT a napiste co PC

VIRY.CZ

Facebook shit

Facebook shit

Re: Facebook shit

Re: Facebook shit

Re: Facebook shit

Re: Facebook shit

Re: Facebook shit

Re: Facebook shit

Re: Facebook shit