Facebook virus prosím moc o pomoc.

[kleci]

Podle návod jsem si nechal vygenerovat prvni log prosím vás moc o kontrolu. Děkuji.



Logfile of random's system information tool 1.09 (written by random/random)
Run by Pinky007 at 2011-11-07 16:48:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (16%) free of 238 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48, on 2011-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\update.tray-9-0-lnk\svchost.exe
C:\WINDOWS\update.tray-8-0-lnk\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Pinky007.SHS-5256839614E\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Pinky007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={E9 ... 19DBB1ADFC}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&barid={E9 ... 19DBB1ADFC}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\WINDOWS\update.tray-10-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico3] C:\WINDOWS\update.tray-8-0\svchost.exe
O4 - HKLM\..\Run: [6799653.exe] "C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\6799653.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [8323807.exe] "C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\8323807.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [530622.exe] "C:\WINDOWS\TEMP\530622.exe"
O4 - HKLM\..\Run: [4793037.exe] "C:\WINDOWS\TEMP\4793037.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-507921405-1682526488-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1965949578
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Cronosoft - C:\WINDOWS\update.1\svchost.exe

--
End of file - 8047 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\Mozilla\Firefox\Profiles\et0heqn9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.searchqu.com/406"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\Mozilla\Firefox\Profiles\et0heqn9.default\extensions\
DTToolbar@toolbarnet.com
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\Mozilla\Firefox\Profiles\et0heqn9.default\searchplugins\
askcom.xml
daemon-search.xml
sweetim.xml
yahoo-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-25 13895272]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-05-04 1632360]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-04-14 20053608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-9-0\svchost.exe [2011-10-28 1201152]
"tray_ico1"=C:\WINDOWS\update.tray-14-0\svchost.exe [2011-10-28 1201152]
"tray_ico2"=C:\WINDOWS\update.tray-10-0\svchost.exe [2011-10-28 1201152]
"tray_ico3"=C:\WINDOWS\update.tray-8-0\svchost.exe [2011-10-28 1201152]
"tray_ico4"= []
"6799653.exe"=C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\6799653.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-11-02 257024]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-11-02 257024]
"8323807.exe"=C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\8323807.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"530622.exe"=C:\WINDOWS\TEMP\530622.exe []
"4793037.exe"=C:\WINDOWS\TEMP\4793037.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Steam"=C:\Program Files\Steam\Steam.exe -silent []

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Pinky007.SHS-5256839614E\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\THQ\Titan Quest\Titan Quest.exe"="C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Portal 2\portal2.exe"="C:\Program Files\Valve\Portal 2\portal2.exe:*:Enabled:portal2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe"="C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe:*:Enabled:commandos3"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Documents and Settings\Pinky007.SHS-5256839614E\Plocha\FlatOut2\FlatOut2.exe"="C:\Documents and Settings\Pinky007.SHS-5256839614E\Plocha\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Documents and Settings\Pinky007.SHS-5256839614E\Dokumenty\Stažené soubory\Flash-Player.exe"="C:\Documents and Settings\Pinky007.SHS-5256839614E\Dokumenty\Stažené soubory\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pinky007.SHS-5256839614E\Dokumenty\Stažené soubory\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-14-0\svchost.exe"="C:\WINDOWS\update.tray-14-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0\svchost.exe"
"C:\WINDOWS\update.tray-9-0\svchost.exe"="C:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-9-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-07 16:48:26 ----D---- C:\rsit
2011-11-07 16:48:26 ----D---- C:\Program Files\trend micro
2011-11-07 16:20:12 ----D---- C:\WINDOWS\temp
2011-11-07 16:19:46 ----D---- C:\ComboFix
2011-11-07 16:19:46 ----A---- C:\WINDOWS\system32\CF22226.exe
2011-11-07 16:17:50 ----A---- C:\WINDOWS\system32\CF21847.exe
2011-11-07 16:14:00 ----A---- C:\Boot.bak
2011-11-07 16:13:55 ----RASHD---- C:\cmdcons
2011-11-07 16:12:26 ----A---- C:\WINDOWS\zip.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\VFIND.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\SWSC.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\SWREG.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\sed.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\grep.exe
2011-11-07 16:12:26 ----A---- C:\WINDOWS\fdsv.exe
2011-11-07 16:12:10 ----D---- C:\WINDOWS\ERDNT
2011-11-07 16:12:10 ----A---- C:\WINDOWS\system32\CF20730.exe
2011-11-07 16:12:08 ----D---- C:\Qoobox
2011-11-07 16:08:43 ----D---- C:\WINDOWS\phoenix
2011-11-07 16:05:38 ----D---- C:\WINDOWS\av_ico
2011-11-05 14:30:03 ----D---- C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\Ubisoft
2011-11-05 14:30:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ubisoft
2011-11-05 14:26:30 ----D---- C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\PunkBuster
2011-11-05 14:14:50 ----D---- C:\Program Files\Ubisoft
2011-11-02 17:33:34 ----A---- C:\WINDOWS\new111.exe
2011-10-29 14:34:45 ----D---- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-10-29 14:32:30 ----D---- C:\WINDOWS\system32\appmgmt
2011-10-28 22:42:53 ----D---- C:\Temp
2011-10-28 22:37:36 ----D---- C:\WINDOWS\ufa
2011-10-28 22:37:36 ----D---- C:\WINDOWS\rpcminer
2011-10-28 22:29:23 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-28 22:28:44 ----HD---- C:\WINDOWS\update.5.0
2011-10-28 21:35:31 ----HD---- C:\WINDOWS\update.tray-8-0-lnk
2011-10-28 21:35:31 ----HD---- C:\WINDOWS\update.tray-8-0
2011-10-28 21:34:03 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-10-28 21:34:02 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2011-10-28 21:34:02 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-10-28 21:34:02 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-10-28 19:27:31 ----HD---- C:\WINDOWS\update.tray-10-0-lnk
2011-10-28 19:27:31 ----HD---- C:\WINDOWS\update.tray-10-0
2011-10-28 15:58:29 ----D---- C:\WINDOWS\system32\drivers\NAV
2011-10-28 15:58:27 ----D---- C:\Program Files\Windows Sidebar
2011-10-28 15:52:33 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-28 15:52:10 ----HD---- C:\WINDOWS\update.2
2011-10-28 15:51:41 ----A---- C:\WINDOWS\unrar.exe
2011-10-28 15:51:04 ----A---- C:\WINDOWS\iplist.txt
2011-10-28 15:50:51 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-10-28 15:50:37 ----A---- C:\WINDOWS\sysdriver32.exe
2011-10-28 15:50:09 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-28 15:48:36 ----HD---- C:\WINDOWS\update.1
2011-10-28 15:48:35 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-10-28 15:48:35 ----HD---- C:\WINDOWS\update.tray-14-0
2011-10-28 15:48:34 ----HD---- C:\WINDOWS\update.tray-9-0-lnk
2011-10-28 15:48:34 ----HD---- C:\WINDOWS\update.tray-9-0
2011-10-28 15:37:15 ----A---- C:\WINDOWS\winlog-ids.txt
2011-10-28 15:37:15 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-10-28 09:11:54 ----D---- C:\Program Files\Call of Duty
2011-10-27 18:54:21 ----D---- C:\WINDOWS\system32\URTTEMP
2011-10-26 07:16:41 ----D---- C:\Program Files\Team JPN
2011-10-14 15:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-14 15:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-14 15:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-11 15:59:41 ----D---- C:\Documents and Settings\Pinky007.SHS-5256839614E\Data aplikací\OpenOffice.org
2011-10-11 15:55:03 ----D---- C:\Program Files\OpenOffice.org 3

======List of files/folders modified in the last 1 month======

2011-11-07 16:48:26 ----RD---- C:\Program Files
2011-11-07 16:20:12 ----D---- C:\WINDOWS
2011-11-07 16:19:47 ----D---- C:\WINDOWS\system32
2011-11-07 16:18:13 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-07 16:14:00 ----RASH---- C:\boot.ini
2011-11-07 16:13:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-07 16:09:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-07 16:07:32 ----D---- C:\Program Files\Mozilla Firefox
2011-11-05 14:26:32 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-11-05 14:26:32 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-11-05 14:25:52 ----SHD---- C:\WINDOWS\Installer
2011-11-05 14:25:34 ----HD---- C:\WINDOWS\inf
2011-11-05 14:25:13 ----RSD---- C:\WINDOWS\assembly
2011-11-05 14:24:51 ----D---- C:\WINDOWS\system32\DirectX
2011-10-29 14:37:47 ----D---- C:\Program Files\Common Files\BioWare
2011-10-29 14:37:19 ----D---- C:\Program Files\Diablo II
2011-10-29 14:32:17 ----SD---- C:\WINDOWS\Tasks
2011-10-28 21:37:31 ----D---- C:\WINDOWS\Prefetch
2011-10-28 21:34:03 ----D---- C:\WINDOWS\system32\drivers
2011-10-28 19:27:32 ----D---- C:\Program Files\Microsoft Security Client
2011-10-28 19:26:25 ----D---- C:\WINDOWS\system32\config
2011-10-28 19:26:10 ----D---- C:\WINDOWS\system32\wbem
2011-10-28 19:26:10 ----D---- C:\WINDOWS\Registration
2011-10-28 15:58:46 ----D---- C:\Program Files\Common Files
2011-10-28 15:53:20 ----SHD---- C:\System Volume Information
2011-10-28 15:53:20 ----D---- C:\WINDOWS\system32\Restore
2011-10-28 15:52:33 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-27 19:02:14 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-26 07:07:45 ----D---- C:\Documents and Settings
2011-10-22 13:53:10 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-16 11:33:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-14 15:42:16 ----D---- C:\WINDOWS\WinSxS
2011-10-14 15:39:15 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-14 15:39:12 ----A---- C:\WINDOWS\imsins.BAK
2011-10-14 15:39:05 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-14 15:39:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2011-10-14 15:38:36 ----D---- C:\Program Files\Internet Explorer
2011-10-11 15:55:12 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-10-19 134344]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-07-26 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-10-19 74640]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-05-03 6404712]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-25 12753664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-20 62592]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-20 19968]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS []
S0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS []
S1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys []
S1 MpKsl1c92b6ef;MpKsl1c92b6ef; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{10278A86-EE14-4F2C-A9DB-396F1D984766}\MpKsl1c92b6ef.sys []
S1 MpKsl2394d218;MpKsl2394d218; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{85B98C57-8A2B-43EE-AB07-F37D76F23304}\MpKsl2394d218.sys []
S1 MpKsl2c0f827c;MpKsl2c0f827c; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{85B98C57-8A2B-43EE-AB07-F37D76F23304}\MpKsl2c0f827c.sys []
S1 MpKsl4b1666cb;MpKsl4b1666cb; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ADE2AB05-20FB-4D89-973C-28ED1DFB7ACC}\MpKsl4b1666cb.sys []
S1 MpKsl58dcdd5f;MpKsl58dcdd5f; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6AFD6C10-7F55-49F7-9EAF-EB4835F1A17F}\MpKsl58dcdd5f.sys []
S1 MpKsl61ec41a8;MpKsl61ec41a8; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{10278A86-EE14-4F2C-A9DB-396F1D984766}\MpKsl61ec41a8.sys []
S1 MpKsl76cebe15;MpKsl76cebe15; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{85B98C57-8A2B-43EE-AB07-F37D76F23304}\MpKsl76cebe15.sys []
S1 MpKsl78464762;MpKsl78464762; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BB76C224-72F4-4422-83F3-925BEEEDAE2A}\MpKsl78464762.sys []
S1 MpKslaeb3bdd4;MpKslaeb3bdd4; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E23FF1BC-224E-4D33-8EBA-2F78B81D7B22}\MpKslaeb3bdd4.sys []
S1 MpKslaf10cedf;MpKslaf10cedf; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{85B98C57-8A2B-43EE-AB07-F37D76F23304}\MpKslaf10cedf.sys []
S1 MpKslbbf3194a;MpKslbbf3194a; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C38AFB77-4616-47E1-9DAC-B2B9377C2DAC}\MpKslbbf3194a.sys []
S1 MpKslcce8d27b;MpKslcce8d27b; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{85B98C57-8A2B-43EE-AB07-F37D76F23304}\MpKslcce8d27b.sys []
S1 MpKsld24d4598;MpKsld24d4598; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{234206F9-B822-43E8-83C9-B26A53490E63}\MpKsld24d4598.sys []
S1 MpKsle8d67332;MpKsle8d67332; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E23FF1BC-224E-4D33-8EBA-2F78B81D7B22}\MpKsle8d67332.sys []
S1 MpKslf85b6838;MpKslf85b6838; \??\c:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4E198256-77A1-4A59-BE30-E28BC155192D}\MpKslf85b6838.sys []
S1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS []
S1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS []
S1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS []
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 efipsk;efipsk; \??\C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\efipsk.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS []
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-25 154728]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-11-05 75136]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-11-02 257024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe /s NAV /m C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll /prefetch:1 []
S2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-10-28 344576]
S2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-11-02 1942528]
S2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-10-28 1201152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Vítám tě u nás

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

[kleci]

Děkuji za milé přivítání a tady je ta 2 možnost.



RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Pinky007 [Admin rights]
Mode: Remove -- Date : 11/07/2011 17:19:16

¤¤¤ Bad processes: 7 ¤¤¤
[SUSP PATH] sysdriver32.exe -- C:\WINDOWS\sysdriver32.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\update.tray-9-0-lnk\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\update.tray-8-0-lnk\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\WINDOWS\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED

¤¤¤ Registry Entries: 29 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-9-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\WINDOWS\update.tray-14-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico2 (C:\WINDOWS\update.tray-10-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico3 (C:\WINDOWS\update.tray-8-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6799653.exe ("C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\6799653.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8323807.exe ("C:\DOCUME~1\PINKY0~1.SHS\LOCALS~1\Temp\8323807.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 530622.exe ("C:\WINDOWS\TEMP\530622.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4793037.exe ("C:\WINDOWS\TEMP\4793037.exe") -> DELETED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

[kleci]

výpis z možnosti 3:



RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Pinky007 [Admin rights]
Mode: HOSTSFix -- Date : 11/07/2011 17:20:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[kleci]

výpis možnosti 4:


RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Pinky007 [Admin rights]
Mode: ProxyFix -- Date : 11/07/2011 17:21:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[cernohous13]

Zatím dobrý - teď MBAM

[kleci]

Už se na tom pracuje zatím infikované složky 3 a mohu-li se zeptat tím zatim dobrý myslíte že můj počítač není tak moc omezen virem? Mě osobně docela zajímaji počítače a po konzultaci s kamarádem jsme se snažili virus dost omezit a zatím to vyšlo, vlastně vše funguje až na všechny antiviry, které asi jak víte nejdou zapnout.

[cernohous13]

Zatím dobrý - znamenalo úspěšný zásah RK
Další část nám odstraní MBAM a následně ComboFix + dočišťovací script
Pak by mělo být všechno v pořádku

[kleci]

Děkuji za vysvětlení a i za pozitivní přístup. Kamarád mi sice radil abych skusil virus odstranit pomocí registrů, ale v této věci si raději nechám poradit od odborníků. MBAM stále běží a zdá se mi že celkem pomalu jako kdyby stále zpomaloval.

[cernohous13]

Sám vidíš z prvního logu RK kolik toho zastavil a smazal - zatím vám ty pokusy vyšly jen zdánlivě.
Ještě při dalším postupu uvidíš co všechno tam máš
Pokusili jste se o ComboFix - zdá se, že bezúspěšně - nikde nevidím jeho log.
Trpělivě postupuj pouze podle mých návodů - dáme to do kupy

[kleci]

tak už tu mám ten log z MBAM:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-11-07 18:02:03
mbam-log-2011-11-07 (18-02-03).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 277535
Uplynulý čas: 35 minut, 17 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 23

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\pinky007.shs-5256839614e\Plocha\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pinky007.shs-5256839614e\Plocha\rk_quarantine\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\inst\nero\nero 6.6.0.8 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{980a6e9b-21ba-4d0c-917f-102c434553fb}\RP104\A0054900.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{980a6e9b-21ba-4d0c-917f-102c434553fb}\RP104\A0054901.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

[cernohous13]

Výborně nám to jde - teď udělej ten ComboFix

[kleci]

prosím radši mi popište jak

[cernohous13]

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[kleci]

combofix jsem stáhnul zapnul ale napsalo mi to že chybí soubory NIRCMDC a MTEE