VIRY.CZ

Zdravím, známý chytl tohle svinstvo a žádám někoho o pomoc.
Děkuji.

RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Hráč [Admin rights]
Mode: Remove -- Date : 11/17/2011 16:37:43

¤¤¤ Bad processes: 13 ¤¤¤
[SUSP PATH] StopHid.exe -- F:\WINDOWS\StopHid.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- F:\WINDOWS\update.tray-3-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- F:\WINDOWS\sysdriver32.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32_.exe -- F:\WINDOWS\sysdriver32_.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- F:\WINDOWS\l1rezerv.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- F:\WINDOWS\update.3\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- F:\WINDOWS\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- F:\WINDOWS\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- F:\WINDOWS\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- F:\WINDOWS\update.1\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- F:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- F:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- F:\WINDOWS\update.1\svchost.exe srv -> STOPPED

¤¤¤ Registry Entries: 93 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Uotkte (F:\Documents and Settings\Hráč\Data aplikací\Uotkte.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Omtkty (F:\Documents and Settings\Hráč\Data aplikací\Omtkty.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : DXM6Patch_981116 (F:\WINDOWS\p_981116.exe /Q:A) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (F:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (F:\WINDOWS\update.tray-3-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9501776.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\9501776.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("F:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("F:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3308440.exe ("F:\WINDOWS\TEMP\3308440.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1067014.exe ("F:\WINDOWS\TEMP\1067014.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3659457-loader2.exe ("F:\WINDOWS\TEMP\3659457-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("F:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("F:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 23756631-loader2.exe ("F:\WINDOWS\TEMP\23756631-loader2.exe") -> DELETED
[HJ NAME] HKLM\[...]\Run : w_distrib.exe ("F:\WINDOWS\update.3\svchost.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 79154369-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\79154369-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 68521600-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\68521600-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 54711977-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\54711977-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 85800985-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\85800985-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 62985480-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\62985480-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 43057816-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\43057816-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 64868765-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\64868765-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 88942682-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\88942682-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 64500453-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\64500453-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 58769685-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\58769685-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 29061953-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\29061953-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 84434504-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\84434504-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 69118419-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\69118419-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 14554222-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\14554222-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1836417-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\1836417-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1931953-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\1931953-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 44238365-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\44238365-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 63677580-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\63677580-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 40731808-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\40731808-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 80558824-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\80558824-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 61010374-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\61010374-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 87330591-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\87330591-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 92304847-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\92304847-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 36439857-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\36439857-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 66984320-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\66984320-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 57437761-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\57437761-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 79430081-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\79430081-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 67147326-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\67147326-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 62296996-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\62296996-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 18555611-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\18555611-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 20342660-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\20342660-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 10981127-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\10981127-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9196429-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\9196429-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 47822081-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\47822081-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 56577796-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\56577796-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 86660935-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\86660935-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 95563721-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\95563721-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 89302941-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\89302941-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4198798-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\4198798-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 36386879-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\36386879-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 32797927-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\32797927-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 15763892-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\15763892-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 18221591-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\18221591-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 22888279-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\22888279-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 55705160-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\55705160-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 38802445-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\38802445-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 69166817-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\69166817-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 38345915-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\38345915-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 70938846-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\70938846-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 45583511-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\45583511-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 62319116-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\62319116-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 43347497-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\43347497-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 19541427-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\19541427-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 55413196-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\55413196-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 55579100-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\55579100-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3402587-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\3402587-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 26178157-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\26178157-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 14939848-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\14939848-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 24863444-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\24863444-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 45774143-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\45774143-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3178519-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\3178519-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4536381-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\4536381-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 76729140-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\76729140-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 95691310-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\95691310-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 21645040-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\21645040-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 65911145-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\65911145-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 17095023-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\17095023-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 35104330-loader2.exe ("F:\DOCUME~1\HR6460~1\LOCALS~1\Temp\35104330-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7339468.exe ("F:\WINDOWS\TEMP\7339468.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : Microsoft Config Setup (F:\WINDOWS\jodrive32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : Microsoft Driver Setup (F:\WINDOWS\aadrive32.exe) -> DELETED
[SUSP PATH] Updater.job : F:\Documents and Settings\All Users\Data aplikací\WombatUpdater\WombatUpdater.exe -> ERROR
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[241] : NtSetSystemPowerState @ 0x80665527 -> HOOKED (vax347b.sys @ 0xF748B450)
SSDT[177] : NtQueryValueKey @ 0x8056B0BB -> HOOKED (vax347b.sys @ 0xF748BC06)
SSDT[160] : NtQueryKey @ 0x8056EB71 -> HOOKED (vax347b.sys @ 0xF748051E)
SSDT[119] : NtOpenKey @ 0x80567AFB -> HOOKED (vax347b.sys @ 0xF748BB34)
SSDT[73] : NtEnumerateValueKey @ 0x8057EB28 -> HOOKED (vax347b.sys @ 0xF748BCB0)
SSDT[71] : NtEnumerateKey @ 0x8056EE68 -> HOOKED (vax347b.sys @ 0xF74804FE)
SSDT[45] : NtCreatePagingFile @ 0x805B77B8 -> HOOKED (vax347b.sys @ 0xF747FC70)
SSDT[41] : NtCreateKey @ 0x8056E761 -> HOOKED (vax347b.sys @ 0xF748BB70)
SSDT[25] : NtClose @ 0x80566B49 -> HOOKED (vax347b.sys @ 0xF748BBB8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Hráč [Admin rights]
Mode: HOSTSFix -- Date : 11/17/2011 16:38:42

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] HKNTDLL.dll -- F:\WINDOWS\HKNTDLL.dll -> UNLOADED
[SERVICE] srvbtcclient -- F:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- F:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- F:\WINDOWS\update.1\svchost.exe srv -> STOPPED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Hráč [Admin rights]
Mode: ProxyFix -- Date : 11/17/2011 16:40:20

¤¤¤ Bad processes: 3 ¤¤¤
[SERVICE] srvbtcclient -- F:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- F:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- F:\WINDOWS\update.1\svchost.exe srv -> STOPPED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Zdravim a pekny vecer preji

Dejte jeste prosim log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

otevřely se mi dva logy... ten s názvem log jsem postnul níže

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hráč at 2011-11-17 18:09:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive F: has 11 GB (28%) free of 39 GB
Total RAM: 1023 MB (41% free)

HijackThis download failed

======Scheduled tasks folder======

F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
F:\WINDOWS\tasks\Updater.job

=========Mozilla firefox=========

ProfilePath - F:\Documents and Settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default

"bkmrksync@nokia.com"=F:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=F:\Program Files\Crawler\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=F:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=F:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=F:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=F:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=F:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=F:\Program Files\Veetle\Player\npvlc.dll

F:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

F:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

F:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class
ShockwavePlugin.class

F:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

F:\Documents and Settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default\extensions\
engine@conduit.com
{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}
{800b5000-a755-47e1-992b-48a1c1357f07}
{d1fce654-5fd1-48ad-b13c-5064736120b7}
{EEE6C361-6118-11DC-9C72-001320C79847}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

F:\Documents and Settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - F:\PROGRA~1\ICQTOO~1\5228\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
F:\PROGRA~1\Crawler\ctbr.dll [2010-10-19 1243496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - H:\Překladače\WEBIE.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - F:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A}]
FastestTubeBHO Class - F:\Program Files\FastestTube\1.2.12\WombatBHO.dll [2011-03-25 183296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}]
Parental Control Toolbar - F:\PROGRA~1\PARENT~1\PARENT~1.DLL [2007-11-04 3072512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-17 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - F:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-06-08 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
Soft32 Toolbar - F:\Program Files\Soft32\prxtbSoft.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - F:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - F:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - H:\Překladače\WEBIE.DLL []
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - Parental Control Toolbar - F:\PROGRA~1\PARENT~1\PARENT~1.DLL [2007-11-04 3072512]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - F:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-03-18 1361208]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - F:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
{d1fce654-5fd1-48ad-b13c-5064736120b7} - Soft32 Toolbar - F:\Program Files\Soft32\prxtbSoft.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - F:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - F:\PROGRA~1\Crawler\ctbr.dll [2010-10-19 1243496]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-17 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"WheelMouse"=F:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"NeroFilterCheck"=F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CHotkey"=F:\WINDOWS\mHotkey.exe [2004-12-27 550912]
"StopHid"=F:\WINDOWS\StopHid.exe [2003-10-06 40960]
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"RivaTunerStartupDaemon"=F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe [2006-05-21 2375680]
"LVComs"=F:\WINDOWS\system32\LVComS.exe [1999-10-28 77824]
"Sony Ericsson PC Suite"=F:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
"QuickTime Task"=H:\Sony Ericsson K510i\qttask.exe [2007-01-02 155648]
"nod32kui"=F:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"parentalcontrol"=F:\Program Files\parentalcontrol\parentalcontrol.exe [2006-06-13 30720]
"SunJavaUpdateSched"=F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"LogitechCommunicationsManager"=F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 284184]
"LogitechQuickCamRibbon"=F:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-11-15 746520]
"LVCOMSX"=F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512]
"SweetIM"=F:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-08-30 111928]
"UpdateReminder"=F:\Program Files\Eset\UpdateReminder.exe []
"UserFaultCheck"=F:\WINDOWS\system32\dumprep 0 -u []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"KernelFaultCheck"=F:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=F:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-09 68856]
"PC Suite Tray"=F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"EA Core"=F:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=F:\Program Files\Steam\Steam.exe -silent []
"ICQ"=~F:\Program Files\ICQ6.5\ICQ.exe silent []
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe []
"Tnaww"=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe []
"t7vd"=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=F:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe [2011-10-31 247968]

F:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digimax Viewer 2.1.lnk - F:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
Picture Package Menu.lnk - F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker (2).lnk - F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
Picture Package VCD Maker.lnk - F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - F:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Program files\CS\hl.exe"="G:\Program files\CS\hl.exe:*:Enabled:Half-Life Launcher"
"G:\Program files\S4\Exe\S4_Main.exe"="G:\Program files\S4\Exe\S4_Main.exe:*:Enabled:S4_Main"
"G:\Program files\Firefly Studios\Stronghold 2\Stronghold2.exe"="G:\Program files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"G:\Program files\AoE3\age3.exe"="G:\Program files\AoE3\age3.exe:*:Enabled:Age of Empires 3"
"G:\Program files\CoD2\CoD2MP_s.exe"="G:\Program files\CoD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"G:\Program files\Stronghold Crusader\Stronghold Crusader.exe"="G:\Program files\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"G:\Program files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe"="G:\Program files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"F:\Program Files\ICQ6\ICQ.exe"="F:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\Program Files\ICQ6.5\ICQ.exe"="F:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"F:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="F:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"F:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="F:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"F:\Documents and Settings\Hráč\Local Settings\Temp\SweetIMReinstall\sweetimsetup.exe"="F:\Documents and Settings\Hráč\Local Settings\Temp\SweetIMReinstall\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"F:\Program Files\Steam\Steam.exe"="F:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"F:\Program Files\ICQ7.4\ICQ.exe"="F:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"F:\Documents and Settings\Hráč\Data aplikací\537.tmp"="F:\Documents and Settings\Hráč\Data aplikací\537.tmp:*:F:\WINDOWS\jodrive32.exe"
"F:\Documents and Settings\Hráč\Data aplikací\E.tmp"="F:\Documents and Settings\Hráč\Data aplikací\E.tmp:*:F:\WINDOWS\aadrive32.exe"
"F:\Documents and Settings\Hráč\Plocha\lucie\Flash-Player.exe"="F:\Documents and Settings\Hráč\Plocha\lucie\Flash-Player.exe:*:Enabled:F:\Documents and Settings\Hráč\Plocha\lucie\Flash-Player.exe"
"F:\WINDOWS\update.1\svchost.exe"="F:\WINDOWS\update.1\svchost.exe:*:Enabled:F:\WINDOWS\update.1\svchost.exe"
"F:\WINDOWS\update.tray-3-0\svchost.exe"="F:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:F:\WINDOWS\update.tray-3-0\svchost.exe"
"F:\WINDOWS\update.2\svchost.exe"="F:\WINDOWS\update.2\svchost.exe:*:Enabled:F:\WINDOWS\update.2\svchost.exe"
"F:\WINDOWS\update.3\svchost.exe"="F:\WINDOWS\update.3\svchost.exe:*:Enabled:F:\WINDOWS\update.3\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\Program Files\ICQ7.4\ICQ.exe"="F:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=F:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.VDOM"=vdowave.drv
"VIDC.MPG4"=msscmc32.dll
"MSACM.LHACM"=lhacm.acm
"VIDC.TR20"=tr2032.dll
"msacm.voxacm119"=vdk32119.acm
"vidc.vivo"=ivvideo.dll
"VIDC.JPGL"=jpgl.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.JPEG"=JPEGCODE.DLL
"VIDC.MPEG"=JPEGCODE.DLL
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=F:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=F:\WINDOWS\system32\vp6vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-17 18:09:34 ----D---- F:\rsit
2011-11-17 18:09:34 ----D---- F:\Program Files\trend micro
2011-11-17 16:27:45 ----A---- F:\WINDOWS\system32\drivers\TrueSight.sys

======List of files/folders modified in the last 1 month======

2011-11-17 18:09:34 ----RD---- F:\Program Files
2011-11-17 16:45:49 ----D---- F:\Program Files\Crawler
2011-11-17 16:45:37 ----D---- F:\Program Files\Mozilla Firefox
2011-11-17 16:35:52 ----A---- F:\WINDOWS\w_distrib_iplist.txt
2011-11-17 16:34:44 ----A---- F:\WINDOWS\iplist.txt
2011-11-17 16:34:30 ----A---- F:\WINDOWS\btc_client_iplist.txt
2011-11-17 16:34:24 ----D---- F:\WINDOWS\Temp
2011-11-17 16:34:18 ----D---- F:\WINDOWS\system32
2011-11-17 16:34:16 ----D---- F:\WINDOWS\system32\CatRoot2
2011-11-17 16:32:53 ----D---- F:\WINDOWS\system32\drivers
2011-11-17 16:31:18 ----A---- F:\WINDOWS\SchedLgU.Txt
2011-11-14 22:06:23 ----A---- F:\WINDOWS\btc_iplist.txt
2011-11-14 19:05:15 ----A---- F:\WINDOWS\NeroDigital.ini
2011-11-14 17:43:01 ----D---- F:\WINDOWS\system32\oodag
2011-11-14 09:52:28 ----HD---- F:\WINDOWS\update.4.1
2011-11-14 09:52:27 ----HD---- F:\WINDOWS\update.5.0
2011-11-13 18:15:59 ----D---- F:\WINDOWS\Prefetch
2011-11-10 14:17:12 ----HD---- F:\Program Files\InstallShield Installation Information
2011-11-09 14:12:02 ----D---- F:\WINDOWS
2011-11-08 22:37:48 ----HD---- F:\WINDOWS\update.8.1
2011-11-08 21:26:48 ----HD---- F:\WINDOWS\update.1
2011-11-08 21:26:48 ----D---- F:\Program Files\PC Connectivity Solution
2011-11-02 16:30:55 ----A---- F:\WINDOWS\sysdriver32_.exe
2011-11-02 16:30:55 ----A---- F:\WINDOWS\sysdriver32.exe
2011-10-30 11:38:29 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2011-10-27 13:51:16 ----D---- F:\WINDOWS\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; F:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvata;nvata; F:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; F:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); F:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); F:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); F:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 speedfan;speedfan; F:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; F:\WINDOWS\System32\Drivers\sptd.sys [2006-09-28 643072]
R0 vax347b;vax347b; F:\WINDOWS\system32\DRIVERS\vax347b.sys [2005-07-08 159616]
R0 vax347s;vax347s; F:\WINDOWS\System32\Drivers\vax347s.sys [2004-04-30 5248]
R1 AmdK8;AMD Processor Driver; F:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 cdrbsdrv;cdrbsdrv; F:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Ovladač klávesnice standardu HID; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nod32drv;nod32drv; F:\WINDOWS\system32\drivers\nod32drv.sys [2007-09-06 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 acedrv11;acedrv11; \??\F:\WINDOWS\system32\drivers\acedrv11.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 Arp1394;Protokol 1394 ARP Client; F:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 dtscsi;dtscsi; F:\WINDOWS\System32\Drivers\dtscsi.sys [2006-09-28 223128]
R3 HidUsb;Ovladač třídy standardu HID; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; F:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-11-15 24736]
R3 mouhid;Ovladač myši standardu HID; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; F:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; F:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 RivaTuner32;RivaTuner32; \??\F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys []
R3 TrueSight;TrueSight; \??\f:\windows\system32\drivers\TrueSight.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 vaxscsi;vaxscsi; F:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-09-28 223128]
S0 NVStrap;NVStrap; F:\WINDOWS\system32\drivers\NVStrap.sys [2006-05-21 3712]
S1 cdrbsvsd;cdrbsvsd; F:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S2 AMON;AMON; F:\WINDOWS\system32\drivers\amon.sys [2007-09-06 512096]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; F:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
S3 CCDECODE;Dekodér Closed Caption; F:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CTIpHook;CTIpHook; F:\WINDOWS\system32\Drivers\CTIpHook.sys []
S3 DCamUSBCompany;Logitech QuickCam Pro USB; F:\WINDOWS\system32\DRIVERS\p35u.sys [1999-10-28 90464]
S3 EagleNT;EagleNT; \??\F:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\F:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; F:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-31 25280]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); F:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-01-02 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; F:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-01-02 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; F:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-01-02 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); F:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-01-02 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; F:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-01-02 83344]
S3 LVcKap;Logitech AEC Driver; F:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-11-15 1678368]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; F:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-11-15 1962912]
S3 LVUSBSta;Logitech USB Monitor Filter; F:\WINDOWS\system32\drivers\lvusbsta.sys [2006-11-11 40352]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; F:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; F:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; F:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pepifilter;Volume Adapter; F:\WINDOWS\system32\DRIVERS\lv302af.sys [2006-11-11 13344]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); F:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2006-11-11 933536]
S3 sermouse;Ovladač sériové myši; F:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sonypvs1;Sony Digital Imaging Video2; F:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; F:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Třída USB Printer; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); F:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; F:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; F:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); F:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; F:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WSTCODEC;Dálnopisný kodek světového standardu; F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LVPrcSrv;Process Monitor; f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-11-15 109344]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 O&O Defrag;O&O Defrag; F:\WINDOWS\system32\oodag.exe [2006-06-02 341504]
R2 PnkBstrA;PnkBstrA; F:\WINDOWS\system32\PnkBstrA.exe [2008-05-13 81920]
R2 PnkBstrB;PnkBstrB; F:\WINDOWS\system32\PnkBstrB.exe [2010-03-07 1187840]
R2 StarWindService;StarWind iSCSI Service; F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UserAccess7;SecuROM User Access Service (V7); F:\WINDOWS\system32\UAService7.exe [2007-06-30 221184]
R3 ServiceLayer;ServiceLayer; F:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 659456]
S2 gupdate1ca06345c52ad8e;Služba Google Update (gupdate1ca06345c52ad8e); F:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
S2 LVSrvLauncher;LVSrvLauncher; F:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-15 101152]
S2 NOD32krn;NOD32 Kernel Service; F:\Program Files\Eset\nod32krn.exe []
S2 srvbtc1;srvbtc1; F:\WINDOWS\update.4.1\svchost.exe [2011-11-14 363008]
S2 srvbtcclient;srvbtcclient; F:\WINDOWS\update.5.0\svchost.exe [2011-11-14 351744]
S2 srvpele;srvpele; F:\WINDOWS\update.8.1\svchost.exe [2011-08-26 342528]
S2 srvsysdriver32;srvsysdriver32; F:\WINDOWS\sysdriver32.exe [2011-11-02 262656]
S2 wxpdrivers;wxpdrivers; F:\WINDOWS\update.1\svchost.exe [2011-07-25 1187840]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; F:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); F:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
S3 gusvc;Google Software Updater; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-16 182768]
S3 IDriverT;InstallDriver Table Manager; F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ještě dotaz, před použitím Combofixu... mám restartovat PC? předchozí program vypl antivir a už se ani nespouští ten ufa.exe

Antivir je poskozeny, takze ten ted nereste, na konci leceni jej odstranime a dame novy

Restart PC nedelejte

ComboFix vyžadoval restart po skončení, pak se znovu spustil.

Zapomněl jsem zmínit, že pokud restartuji PC, tak se normálně vypíná(Vypínání windows) , pak počítač běží ale monitor je vypnutý. Pokuď zmáčknu restart na skříni tak se normálně spustí.

Mrknete jestli se udelal log, mel by byt c:\combofix.txt

Pokud ne, tak dejte novy log z RSIT

po poslednim restartu se už konečně zobrazil log, ale komp byl totalně zabržděný, odezva minimálně 10 sekund, myší se vůbec nedalo hybat smysluplně, tak jsem spustil nouzový režim a zde je log.

ComboFix 11-11-17.03 - Hráč 17.11.2011 18:48:37.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.750 [GMT 1:00]
Spuštěný z: f:\documents and settings\HrßŔ\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\Hráč\Data aplikací\10.tmp
f:\documents and settings\Hráč\Data aplikací\11.tmp
f:\documents and settings\Hráč\Data aplikací\12.tmp
f:\documents and settings\Hráč\Data aplikací\1B.tmp
f:\documents and settings\Hráč\Data aplikací\39A2.tmp
f:\documents and settings\Hráč\Data aplikací\39AD.tmp
f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a\X
f:\windows\
f:\windows\$NtUninstallKB65020$\2617875978\@
f:\windows\$NtUninstallKB65020$\2617875978\L\nsmbonjx
f:\windows\$NtUninstallKB65020$\2617875978\loader.tlb
f:\windows\$NtUninstallKB65020$\2617875978\U\@00000001
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000c0
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000cb
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000cf
f:\windows\$NtUninstallKB65020$\2617875978\U\@80000000
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000c0
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000cb
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000cf
f:\windows\$NtUninstallKB65020$\69456839
f:\windows\assembly\GAC_MSIL\desktop.ini
f:\windows\av_ico
f:\windows\av_ico\ico_NOD_SS_START.ico
f:\windows\av_ico\ico_NOD_SYSINSP.ico
f:\windows\av_ico\ico_NOD_SYSRESC.ico
f:\windows\av_ico\ico_NOD_TXT.ico
f:\windows\av_ico\ico_NOD_UNINSTALL.ico
f:\windows\btc_client_iplist.txt
f:\windows\bwUnin-7.2.0.157-8876480SL.exe
f:\windows\ddh_iplist.txt
f:\windows\front_ip_list.txt
f:\windows\geoiplist
f:\windows\geoiplist.rar
f:\windows\iecheck_iplist.txt
f:\windows\info1
f:\windows\iplist.txt
f:\windows\IsUn0405.exe
f:\windows\iun6002.exe
f:\windows\l1rezerv.exe
f:\windows\loader2.exe_ok
f:\windows\phoenix
f:\windows\phoenix.rar
f:\windows\phoenix\kernels\phatk\__init__.py
f:\windows\phoenix\kernels\phatk\__init__.pyc
f:\windows\phoenix\kernels\phatk\BFIPatcher.py
f:\windows\phoenix\kernels\phatk\kernel.cl
f:\windows\phoenix\kernels\poclbm\__init__.py
f:\windows\phoenix\kernels\poclbm\__init__.pyc
f:\windows\phoenix\kernels\poclbm\BFIPatcher.py
f:\windows\phoenix\kernels\poclbm\kernel.cl
f:\windows\phoenix\phoenix.exe
f:\windows\proc_list1.log
f:\windows\rpcminer
f:\windows\rpcminer.rar
f:\windows\rpcminer\bitcoinminercuda_10.cubin
f:\windows\rpcminer\bitcoinminercuda_11.cubin
f:\windows\rpcminer\bitcoinminercuda_20.cubin
f:\windows\rpcminer\bitcoinmineropencl.cl
f:\windows\rpcminer\cudart32_32_16.dll
f:\windows\rpcminer\curllib.dll
f:\windows\rpcminer\libeay32.dll
f:\windows\rpcminer\libsasl.dll
f:\windows\rpcminer\openldap.dll
f:\windows\rpcminer\rpcminer-4way.exe
f:\windows\rpcminer\rpcminer-cpu.exe
f:\windows\rpcminer\rpcminer-cuda.exe
f:\windows\rpcminer\rpcminer-opencl.exe
f:\windows\rpcminer\ssleay32.dll
f:\windows\sysdriver32.exe
f:\windows\sysdriver32_.exe
f:\windows\system32\
f:\windows\system32\11f42b0c.dll
f:\windows\system32\5f1e0e12.dll
f:\windows\system32\5fa44cd4.dll
f:\windows\system32\drivers\etc\HSTS~1
f:\windows\systemup.exe
f:\windows\ufa.rar
f:\windows\unin0407.exe
f:\windows\update.1
f:\windows\update.1\svchost.exe
f:\windows\update.2
f:\windows\update.2\svchost.exe
f:\windows\update.3
f:\windows\update.3\svchost.exe
f:\windows\update.4.1
f:\windows\update.4.1\svchost.exe
f:\windows\update.5.0
f:\windows\update.5.0\svchost.exe
f:\windows\w_distrib_iplist.txt
f:\windows\winlog-dirs.txt
f:\windows\winlog-ids.txt
f:\windows\winsetupapi.log
f:\windows\$NtUninstallKB65020$ . . . . nemohl být smazán
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
Nakažená kopie f:\windows\system32\PnkBstrB.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032032.exe
.
Nakažená kopie f:\program files\PC Connectivity Solution\ServiceLayer.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031920.exe
.
Nakažená kopie f:\windows\update.8.1\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\windows\system32\svchost.exe
.
Nakažená kopie f:\windows\system32\UAService7.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0033030.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
Nakažená kopie f:\program files\PC Connectivity Solution\ServiceLayer.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031920.exe
Nakažená kopie f:\windows\system32\UAService7.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0033030.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtc1
-------\Legacy_srvbtc1
-------\Service_srvbtc1
-------\Service_srvbtc1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-17 do 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- F:\rsit
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- f:\program files\trend micro
2011-11-17 15:27 . 2011-11-17 15:43 111872 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2011-11-08 20:23 . 2011-11-17 17:54 -------- d-sh--w- f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 17:45 . 2011-09-09 22:25 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 12:48 . 2011-06-29 17:49 43520 ----a-w- f:\windows\system32\CmdLineExt03.dll
2007-09-11 18:31 . 2007-09-11 18:31 1132810 ----a-w- f:\program files\parentalcontrolsetup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- f:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
2011-01-17 15:54 175912 ----a-w- f:\program files\Soft32\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- f:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "f:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "f:\program files\Soft32\prxtbSoft.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "f:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "f:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{D1FCE654-5FD1-48AD-B13C-5064736120B7}"= "f:\program files\Soft32\prxtbSoft.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
"PC Suite Tray"="f:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"WheelMouse"="f:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="mHotkey.exe" [2004-12-27 550912]
"StopHid"="StopHid.exe" [2003-10-06 40960]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RivaTunerStartupDaemon"="f:\program files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 2375680]
"LVComs"="f:\windows\system32\LVComS.exe" [1999-10-28 77824]
"QuickTime Task"="h:\sony ericsson k510i\qttask.exe" [2007-01-02 155648]
"parentalcontrol"="f:\program files\parentalcontrol\parentalcontrol.exe" [2006-06-13 30720]
"SunJavaUpdateSched"="f:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"LogitechCommunicationsManager"="f:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="f:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"SweetIM"="f:\program files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
f:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - f:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digimax Viewer 2.1.lnk - f:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-3-25 626688]
Picture Package Menu.lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-3-25 151552]
Picture Package VCD Maker (2).lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-3-25 106496]
Picture Package VCD Maker.lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-3-25 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program files\\S4\\Exe\\S4_Main.exe"=
"g:\\Program files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"g:\\Program files\\AoE3\\age3.exe"=
"g:\\Program files\\Stronghold Crusader\\Stronghold Crusader.exe"=
"g:\\Program files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"f:\\Program Files\\ICQ7.4\\ICQ.exe"=
"f:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1873:TCP"= 1873:TCP:coanhje
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [28.9.2006 7:41 643072]
R0 vax347b;vax347b;f:\windows\system32\drivers\vax347b.sys [28.9.2006 9:26 159616]
R0 vax347s;vax347s;f:\windows\system32\drivers\vax347s.sys [28.9.2006 9:26 5248]
R1 nod32drv;nod32drv;f:\windows\system32\drivers\nod32drv.sys [6.9.2007 20:42 15424]
R2 acedrv11;acedrv11;f:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R3 vaxscsi;vaxscsi;f:\windows\system32\drivers\vaxscsi.sys [28.9.2006 7:50 223128]
S0 NVStrap;NVStrap;f:\windows\system32\drivers\NVStrap.sys [28.9.2006 14:09 3712]
S2 gupdate1ca06345c52ad8e;Služba Google Update (gupdate1ca06345c52ad8e);f:\program files\Google\Update\GoogleUpdate.exe /svc --> f:\program files\Google\Update\GoogleUpdate.exe [?]
S2 jhfypgqb;Server Time;f:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 srvpele;srvpele;f:\windows\update.8.1\svchost.exe srv --> f:\windows\update.8.1\svchost.exe srv [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;f:\windows\system32\drivers\Amps2prt.sys [9.5.2006 15:27 13824]
S3 CTIpHook;CTIpHook;f:\windows\system32\Drivers\CTIpHook.sys --> f:\windows\system32\Drivers\CTIpHook.sys [?]
S3 DCamUSBCompany;Logitech QuickCam Pro USB;f:\windows\system32\drivers\p35u.sys [6.10.2006 17:07 90464]
S3 gupdatem;Služba Google Update (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe /medsvc --> f:\program files\Google\Update\GoogleUpdate.exe [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);f:\windows\system32\drivers\k510bus.sys [2.1.2007 20:16 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;f:\windows\system32\drivers\k510mdfl.sys [2.1.2007 20:16 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;f:\windows\system32\drivers\k510mdm.sys [2.1.2007 20:16 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\k510mgmt.sys [2.1.2007 20:16 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;f:\windows\system32\drivers\k510obex.sys [2.1.2007 20:16 83344]
S3 TrueSight;TrueSight;f:\windows\system32\drivers\TrueSight.sys [17.11.2011 16:27 111872]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AMFILTER
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jhfypgqb
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=66019
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - f:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - h:\překladače\WEBIE.DLL
LSP: f:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - f:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - f:\documents and settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-EA Core - f:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Steam - f:\program files\Steam\Steam.exe
HKCU-Run-ICQ - ~f:\program files\ICQ6.5\ICQ.exe
HKLM-Run-Sony Ericsson PC Suite - f:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
HKLM-Run-nod32kui - f:\program files\Eset\nod32kui.exe
HKLM-Run-UpdateReminder - f:\program files\Eset\UpdateReminder.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-'Lass uns reiten 2' - f:\documents and settings\Hráč\Plocha\Lass uns reiten 2 - Demo\uninst.exe
AddRemove-AL EXecuto - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Alien Arena 2011_is1 - g:\program files\Nová složka\Alien Arena 7_50\unins000.exe
AddRemove-Blockas2 - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Bomb Blast - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Bubble Escape - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Chcete byt milionarem 3 - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Info - H:\Coiffeur.isu
AddRemove-Cool's_Codec_pack_4.12 - f:\windows\iun6002.exe
AddRemove-Cube - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Digger - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Elemental Panic Crash - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-ESET Online Scanner - f:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Fast Snake - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-FIFA World Cup 2002 - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-FMS 2.0 Beta 6 - f:\windows\unin0407.exe
AddRemove-ITE_Autorun_2001PCG - f:\program files\Bukkazoom\Setup.exe
AddRemove-Jak věci pracují 2.0 - f:\windows\IsUn0405.exe
AddRemove-Labyrint - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Los Straitjackets - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-NOD32 - f:\program files\Eset\Setup\setup.exe
AddRemove-Panic - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Plasma Twins strike again - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-PLATT! WM-Edition - g:\program files\HERN= VŢB¦R 13\Uninstal.exe
AddRemove-Pranksters - f:\program files\Glassfish Games\Uličníci\uninst-Pranksters.exe
AddRemove-Prestige Casino - g:\program files\Prestige Casino\_SetupCasino_41dfff_en.exe
AddRemove-Racer - g:\program files\HERN= VŢB¦R 13\Uninstal.exe
AddRemove-Ski Alpin 2006 (Demo)_0001 - g:\program files\Ski Alpin 2006 (Demo)\setup.exe
AddRemove-Skull-Man - g:\program files\HERN= VŢB¦R 13\Uninstall.exe
AddRemove-Super Mario Special Edition - g:\program files\Herní výběr 13\Uninstal.exe
AddRemove-Super Mario World DX - g:\program files\Herní výběr 12\Uninstal.exe
AddRemove-Toy Trouble - g:\program files\Herní výběr 13\Uninstal.exe
AddRemove-Virtuální škola - f:\program files\Virtuální škola\DeIsL2.isu
AddRemove-Zimní Hrátky - f:\windows\IsUn0405.exe
AddRemove-ZooChess - g:\program files\Herní výběr 13\Uninstal.exe
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - f:\program files\Eset\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 18:58
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\jhfypgqb]
"ServiceDll"="f:\windows\system32\lobxsme.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:57,3e,c0,80,a4,99,b1,d2,e1,1a,8b,f0,a3,d1,48,fc,9b,b9,39,41,1c,
9c,70,43,97,b7,d1,ea,7d,9e,cf,05,89,0e,5a,b4,cc,6f,0c,03,ae,37,2f,44,e2,43,\
"rkeysecu"=hex:d6,93,60,da,fd,50,d4,c4,b1,1f,e5,56,ea,e7,6e,52
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="067FCBFAB4F55EEE363892EC3A3C40914B80C2EFF8249940B659CD494BA409227A6D39574EB33A88A205C419D103B6FBA807E2C192C904DD0B8A01E2CA219715497CA32007ED14CBA54F4977D958DCBFB83CA615D6D9F2A05A1BB0BD5C56287B4E40EEC232499F3ED371290874F89C41EEE4DF1C53C9A4EB92D8115E1C936FD917315433970DA525F8AD4350B5C57429712BAF0B0A34ECE8DAF42BC7194AB37CE32964677425010D92284C55A7C374E11D1D0F9B71D631060B87DB045612CFF0AAE77FD9F72224C3D36A49A5451DC11D01AA4AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14079DB7CE019D40AA5CA2D97226D213B5552F99AE415A0B05ACFE5C789E3827C7809806D2D109DF59BC87629497D4544BF6B529AC70B67405CEB9212228AC97842E2AA51BBAF463354A0269F50580FC517E1C1C7B44EA8DD0F4B4D08F668F1AF09E823D02A9A325C27F5EC566136624CEBF75D981A3DD414A1B939E40F4A9765515F970C191DD6B518441A7F8A7EFAB3F69D7BE4C0CB92F35957D355886072761A965533AF6AF2C99D5D43263BFCCA9017ADC1B0A0D6F28B90B9EB02360775DA347A4F0EAF36D16B546C7FB80E96DE759CBA43210CB3133E47626230CDB8FFA132E96487B39280A23F7C98F50C98AE2EE86D13CD47E750B2625489024E5A7190A7220493506BC9AC56591EBF5159BCD4D268A66F573779E52BBBBF120FEDA01437B2A5B06B34591625AD806371A600DE2FE79CEB28B371022AF3DB4593E8934628522577E2AA5EBA4F7DCC2FE35DAB985B54E8B6EB878B632CC8CBA4C4B58656C9F778DD6E701589934DE7E5E5B512169443AA23104401B0231EB571A64AF7D4AAD1FBD6780C03D355526870593CCC6ABF87312A70BDB7D774FA455885A3B16C868129FAE1A92B1CD7A7A214BF89B5E4B743648A07CD9D0D86F01F07E916BFE9ADACC5CCE6D68049C93AA812CB951D12D2E412A901D8C3AD32AD15A8A06733DD46550110DC9F5B340648855C79A43BF16EDD50F8FC50B9479EF69375D424D06703AA051549135743C87E8BADE738B78B3D2BB445962B16E3C83A0A1CAE833C74B63C5A2313B62AF75682644D92E8881934DBC884E731F0AF6F953254DAEA69F26BA4EFED5CF000237C81DF9C1495B152BA52890F08C36DE64C0DFC200DCEBE128F0C9D399EED2BBAFBC3056485A6BA0D0F251046AD61E97A4942AEFA5D189965809CC84F34B636272AD44C7BE8662C4BFA40D7E860E4211BD889B17227DCDF7A45C706685A97E2CF357C3B21B8AAE5816FBB791B481D15F17841D14FE65C6F65F1551C28D64B6870FCA9C6CF93503635A0FAEBF89973F48FC42A0B6E7A34AB63E358FD8746B609504EEBF4299E9D3"
.
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:53,74,24,c5,a4,4b,f9,1b,47,8b,47,42,1d,2e,9d,c6,88,4a,ba,51,70,f7,fa,
f9,b9,9c,8f,2e,b2,cc,08,ec,51,7a,a2,cf,37,2c,73,d5,db,2b,f6,6c,0a,ce,db,a0,\
"??"=hex:5e,21,c0,18,a2,c3,d7,25,d0,7d,19,4e,c4,8f,57,74
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(884)
f:\windows\system32\imon.dll
f:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(9572)
f:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
f:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
f:\windows\system32\msi.dll
f:\windows\system32\Amhooker.dll
f:\progra~1\Crawler\ctbr.dll
f:\windows\system32\imon.dll
f:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\oodag.exe
f:\windows\system32\PnkBstrA.exe
f:\windows\system32\PnkBstrB.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\windows\system32\UAService7.exe
f:\windows\SOUNDMAN.EXE
f:\windows\mHotkey.exe
f:\windows\StopHid.exe
f:\windows\system32\RUNDLL32.EXE
f:\program files\PC Connectivity Solution\ServiceLayer.exe
f:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
f:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
f:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-17 19:01:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-17 18:01
.
Před spuštěním: Volných bajtů: 13 405 409 280
Po spuštění: Volných bajtů: 14 966 362 112
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 0EDDBCE0EB74AD780CEECFED414D2501

ConboFix jsem spustil ještě jednou v nouzovém režimu a log je jiný, tak to raději ještě zde uveřejním

ComboFix 11-11-17.03 - Hráč 17.11.2011 19:22:52.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.771 [GMT 1:00]
Spuštěný z: f:\documents and settings\HrßŔ\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
f:\documents and settings\Hráč\Data aplikací\10.tmp
f:\documents and settings\Hráč\Data aplikací\11.tmp
f:\documents and settings\Hráč\Data aplikací\12.tmp
f:\documents and settings\Hráč\Data aplikací\1B.tmp
f:\documents and settings\Hráč\Data aplikací\39A2.tmp
f:\documents and settings\Hráč\Data aplikací\39AD.tmp
f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a\X
f:\windows\
f:\windows\$NtUninstallKB65020$\2617875978\@
f:\windows\$NtUninstallKB65020$\2617875978\L\nsmbonjx
f:\windows\$NtUninstallKB65020$\2617875978\loader.tlb
f:\windows\$NtUninstallKB65020$\2617875978\U\@00000001
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000c0
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000cb
f:\windows\$NtUninstallKB65020$\2617875978\U\@000000cf
f:\windows\$NtUninstallKB65020$\2617875978\U\@80000000
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000c0
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000cb
f:\windows\$NtUninstallKB65020$\2617875978\U\@800000cf
f:\windows\$NtUninstallKB65020$\69456839
f:\windows\assembly\GAC_MSIL\desktop.ini
f:\windows\av_ico\ico_NOD_SS_START.ico
f:\windows\av_ico\ico_NOD_SYSINSP.ico
f:\windows\av_ico\ico_NOD_SYSRESC.ico
f:\windows\av_ico\ico_NOD_TXT.ico
f:\windows\av_ico\ico_NOD_UNINSTALL.ico
f:\windows\btc_client_iplist.txt
f:\windows\bwUnin-7.2.0.157-8876480SL.exe
f:\windows\ddh_iplist.txt
f:\windows\front_ip_list.txt
f:\windows\geoiplist
f:\windows\geoiplist.rar
f:\windows\iecheck_iplist.txt
f:\windows\info1
f:\windows\iplist.txt
f:\windows\IsUn0405.exe
f:\windows\iun6002.exe
f:\windows\l1rezerv.exe
f:\windows\loader2.exe_ok
f:\windows\phoenix.rar
f:\windows\phoenix\kernels\phatk\__init__.py
f:\windows\phoenix\kernels\phatk\__init__.pyc
f:\windows\phoenix\kernels\phatk\BFIPatcher.py
f:\windows\phoenix\kernels\phatk\kernel.cl
f:\windows\phoenix\kernels\poclbm\__init__.py
f:\windows\phoenix\kernels\poclbm\__init__.pyc
f:\windows\phoenix\kernels\poclbm\BFIPatcher.py
f:\windows\phoenix\kernels\poclbm\kernel.cl
f:\windows\phoenix\phoenix.exe
f:\windows\proc_list1.log
f:\windows\rpcminer.rar
f:\windows\rpcminer\bitcoinminercuda_10.cubin
f:\windows\rpcminer\bitcoinminercuda_11.cubin
f:\windows\rpcminer\bitcoinminercuda_20.cubin
f:\windows\rpcminer\bitcoinmineropencl.cl
f:\windows\rpcminer\cudart32_32_16.dll
f:\windows\rpcminer\curllib.dll
f:\windows\rpcminer\libeay32.dll
f:\windows\rpcminer\libsasl.dll
f:\windows\rpcminer\openldap.dll
f:\windows\rpcminer\rpcminer-4way.exe
f:\windows\rpcminer\rpcminer-cpu.exe
f:\windows\rpcminer\rpcminer-cuda.exe
f:\windows\rpcminer\rpcminer-opencl.exe
f:\windows\rpcminer\ssleay32.dll
f:\windows\sysdriver32.exe
f:\windows\sysdriver32_.exe
f:\windows\system32\
f:\windows\system32\11f42b0c.dll
f:\windows\system32\5f1e0e12.dll
f:\windows\system32\5fa44cd4.dll
f:\windows\system32\drivers\etc\HSTS~1
f:\windows\systemup.exe
f:\windows\ufa.rar
f:\windows\unin0407.exe
f:\windows\update.1\svchost.exe
f:\windows\update.2\svchost.exe
f:\windows\update.3\svchost.exe
f:\windows\update.4.1\svchost.exe
f:\windows\update.5.0\svchost.exe
f:\windows\w_distrib_iplist.txt
f:\windows\winlog-dirs.txt
f:\windows\winlog-ids.txt
f:\windows\winsetupapi.log
.
-- Předchozí spuštění --
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
Nakažená kopie f:\windows\system32\PnkBstrB.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032032.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
Nakažená kopie f:\windows\system32\PnkBstrB.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032032.exe
.
Nakažená kopie f:\program files\PC Connectivity Solution\ServiceLayer.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031920.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
Nakažená kopie f:\windows\system32\PnkBstrB.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032032.exe
.
Nakažená kopie f:\program files\PC Connectivity Solution\ServiceLayer.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031920.exe
.
Nakažená kopie f:\windows\update.8.1\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\windows\system32\svchost.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!! . . . Failed to find a valid replacement.
Nakažená kopie f:\program files\Google\Update\GoogleUpdate.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0043133.exe
.
Nakažená kopie f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP24\A0037135.exe
.
Nakažená kopie f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031911.exe
.
Nakažená kopie f:\windows\system32\nvsvc32.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031912.exe
.
Nakažená kopie f:\windows\system32\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031963.exe
.
Nakažená kopie f:\windows\system32\PnkBstrA.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032012.exe
.
Nakažená kopie f:\windows\system32\PnkBstrB.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0032032.exe
.
Nakažená kopie f:\program files\PC Connectivity Solution\ServiceLayer.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0031920.exe
.
Nakažená kopie f:\windows\update.8.1\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\windows\system32\svchost.exe
.
Nakažená kopie f:\windows\system32\UAService7.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\system volume information\_restore{C32BA531-74FC-46F2-9A7E-AB252746B3B1}\RP23\A0033030.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtc1
-------\Legacy_srvbtc1
-------\Service_srvbtc1
-------\Service_srvbtc1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-17 do 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- F:\rsit
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- f:\program files\trend micro
2011-11-17 15:27 . 2011-11-17 15:43 111872 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2011-11-08 20:23 . 2011-11-17 17:54 -------- d-sh--w- f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 17:45 . 2011-09-09 22:25 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 12:48 . 2011-06-29 17:49 43520 ----a-w- f:\windows\system32\CmdLineExt03.dll
2007-09-11 18:31 . 2007-09-11 18:31 1132810 ----a-w- f:\program files\parentalcontrolsetup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- f:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
2011-01-17 15:54 175912 ----a-w- f:\program files\Soft32\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- f:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "f:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{d1fce654-5fd1-48ad-b13c-5064736120b7}"= "f:\program files\Soft32\prxtbSoft.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "f:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "f:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{D1FCE654-5FD1-48AD-B13C-5064736120B7}"= "f:\program files\Soft32\prxtbSoft.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
"PC Suite Tray"="f:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [BU]
"Steam"="f:\program files\Steam\Steam.exe" [BU]
"ICQ"="~f:\program files\ICQ6.5\ICQ.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"WheelMouse"="f:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="mHotkey.exe" [2004-12-27 550912]
"StopHid"="StopHid.exe" [2003-10-06 40960]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RivaTunerStartupDaemon"="f:\program files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 2375680]
"LVComs"="f:\windows\system32\LVComS.exe" [1999-10-28 77824]
"Sony Ericsson PC Suite"="f:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [BU]
"QuickTime Task"="h:\sony ericsson k510i\qttask.exe" [2007-01-02 155648]
"nod32kui"="f:\program files\Eset\nod32kui.exe" [BU]
"parentalcontrol"="f:\program files\parentalcontrol\parentalcontrol.exe" [2006-06-13 30720]
"SunJavaUpdateSched"="f:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"LogitechCommunicationsManager"="f:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="f:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"SweetIM"="f:\program files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"UpdateReminder"="f:\program files\Eset\UpdateReminder.exe" [BU]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
f:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - f:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digimax Viewer 2.1.lnk - f:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-3-25 626688]
Picture Package Menu.lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-3-25 151552]
Picture Package VCD Maker (2).lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-3-25 106496]
Picture Package VCD Maker.lnk - f:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-3-25 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program files\\S4\\Exe\\S4_Main.exe"=
"g:\\Program files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"g:\\Program files\\AoE3\\age3.exe"=
"g:\\Program files\\Stronghold Crusader\\Stronghold Crusader.exe"=
"g:\\Program files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"f:\\Program Files\\ICQ7.4\\ICQ.exe"=
"f:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1873:TCP"= 1873:TCP:coanhje
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [28.9.2006 7:41 643072]
R0 vax347b;vax347b;f:\windows\system32\drivers\vax347b.sys [28.9.2006 9:26 159616]
R0 vax347s;vax347s;f:\windows\system32\drivers\vax347s.sys [28.9.2006 9:26 5248]
R3 vaxscsi;vaxscsi;f:\windows\system32\drivers\vaxscsi.sys [28.9.2006 7:50 223128]
S0 NVStrap;NVStrap;f:\windows\system32\drivers\NVStrap.sys [28.9.2006 14:09 3712]
S1 nod32drv;nod32drv;f:\windows\system32\drivers\nod32drv.sys [6.9.2007 20:42 15424]
S2 acedrv11;acedrv11;f:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
S2 gupdate1ca06345c52ad8e;Služba Google Update (gupdate1ca06345c52ad8e);f:\program files\Google\Update\GoogleUpdate.exe /svc --> f:\program files\Google\Update\GoogleUpdate.exe [?]
S2 jhfypgqb;Server Time;f:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 srvpele;srvpele;f:\windows\update.8.1\svchost.exe srv --> f:\windows\update.8.1\svchost.exe srv [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;f:\windows\system32\drivers\Amps2prt.sys [9.5.2006 15:27 13824]
S3 CTIpHook;CTIpHook;f:\windows\system32\Drivers\CTIpHook.sys --> f:\windows\system32\Drivers\CTIpHook.sys [?]
S3 DCamUSBCompany;Logitech QuickCam Pro USB;f:\windows\system32\drivers\p35u.sys [6.10.2006 17:07 90464]
S3 gupdatem;Služba Google Update (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe /medsvc --> f:\program files\Google\Update\GoogleUpdate.exe [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);f:\windows\system32\drivers\k510bus.sys [2.1.2007 20:16 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;f:\windows\system32\drivers\k510mdfl.sys [2.1.2007 20:16 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;f:\windows\system32\drivers\k510mdm.sys [2.1.2007 20:16 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\k510mgmt.sys [2.1.2007 20:16 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;f:\windows\system32\drivers\k510obex.sys [2.1.2007 20:16 83344]
S3 TrueSight;TrueSight;f:\windows\system32\drivers\TrueSight.sys [17.11.2011 16:27 111872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jhfypgqb
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=66019
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - f:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - h:\překladače\WEBIE.DLL
LSP: f:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - f:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - f:\documents and settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 19:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\jhfypgqb]
"ServiceDll"="f:\windows\system32\lobxsme.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:57,3e,c0,80,a4,99,b1,d2,e1,1a,8b,f0,a3,d1,48,fc,9b,b9,39,41,1c,
9c,70,43,97,b7,d1,ea,7d,9e,cf,05,89,0e,5a,b4,cc,6f,0c,03,ae,37,2f,44,e2,43,\
"rkeysecu"=hex:d6,93,60,da,fd,50,d4,c4,b1,1f,e5,56,ea,e7,6e,52
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="067FCBFAB4F55EEE363892EC3A3C40914B80C2EFF8249940B659CD494BA409227A6D39574EB33A88A205C419D103B6FBA807E2C192C904DD0B8A01E2CA219715497CA32007ED14CBA54F4977D958DCBFB83CA615D6D9F2A05A1BB0BD5C56287B4E40EEC232499F3ED371290874F89C41EEE4DF1C53C9A4EB92D8115E1C936FD917315433970DA525F8AD4350B5C57429712BAF0B0A34ECE8DAF42BC7194AB37CE32964677425010D92284C55A7C374E11D1D0F9B71D631060B87DB045612CFF0AAE77FD9F72224C3D36A49A5451DC11D01AA4AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14079DB7CE019D40AA5CA2D97226D213B5552F99AE415A0B05ACFE5C789E3827C7809806D2D109DF59BC87629497D4544BF6B529AC70B67405CEB9212228AC97842E2AA51BBAF463354A0269F50580FC517E1C1C7B44EA8DD0F4B4D08F668F1AF09E823D02A9A325C27F5EC566136624CEBF75D981A3DD414A1B939E40F4A9765515F970C191DD6B518441A7F8A7EFAB3F69D7BE4C0CB92F35957D355886072761A965533AF6AF2C99D5D43263BFCCA9017ADC1B0A0D6F28B90B9EB02360775DA347A4F0EAF36D16B546C7FB80E96DE759CBA43210CB3133E47626230CDB8FFA132E96487B39280A23F7C98F50C98AE2EE86D13CD47E750B2625489024E5A7190A7220493506BC9AC56591EBF5159BCD4D268A66F573779E52BBBBF120FEDA01437B2A5B06B34591625AD806371A600DE2FE79CEB28B371022AF3DB4593E8934628522577E2AA5EBA4F7DCC2FE35DAB985B54E8B6EB878B632CC8CBA4C4B58656C9F778DD6E701589934DE7E5E5B512169443AA23104401B0231EB571A64AF7D4AAD1FBD6780C03D355526870593CCC6ABF87312A70BDB7D774FA455885A3B16C868129FAE1A92B1CD7A7A214BF89B5E4B743648A07CD9D0D86F01F07E916BFE9ADACC5CCE6D68049C93AA812CB951D12D2E412A901D8C3AD32AD15A8A06733DD46550110DC9F5B340648855C79A43BF16EDD50F8FC50B9479EF69375D424D06703AA051549135743C87E8BADE738B78B3D2BB445962B16E3C83A0A1CAE833C74B63C5A2313B62AF75682644D92E8881934DBC884E731F0AF6F953254DAEA69F26BA4EFED5CF000237C81DF9C1495B152BA52890F08C36DE64C0DFC200DCEBE128F0C9D399EED2BBAFBC3056485A6BA0D0F251046AD61E97A4942AEFA5D189965809CC84F34B636272AD44C7BE8662C4BFA40D7E860E4211BD889B17227DCDF7A45C706685A97E2CF357C3B21B8AAE5816FBB791B481D15F17841D14FE65C6F65F1551C28D64B6870FCA9C6CF93503635A0FAEBF89973F48FC42A0B6E7A34AB63E358FD8746B609504EEBF4299E9D3"
.
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:53,74,24,c5,a4,4b,f9,1b,47,8b,47,42,1d,2e,9d,c6,88,4a,ba,51,70,f7,fa,
f9,b9,9c,8f,2e,b2,cc,08,ec,51,7a,a2,cf,37,2c,73,d5,db,2b,f6,6c,0a,ce,db,a0,\
"??"=hex:5e,21,c0,18,a2,c3,d7,25,d0,7d,19,4e,c4,8f,57,74
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1960)
f:\windows\system32\msi.dll
f:\program files\Microsoft Office\OFFICE11\msohev.dll
f:\progra~1\Crawler\ctbr.dll
f:\windows\system32\imon.dll
f:\program files\Eset\pr_imon.dll
.
Celkový čas: 2011-11-17 19:29:29
ComboFix-quarantined-files.txt 2011-11-17 18:29
ComboFix2.txt 2011-11-17 18:01
.
Před spuštěním: Volných bajtů: 14 978 101 248
Po spuštění: Volných bajtů: 14 958 161 920
.
- - End Of File - - B994415081261DF0E23FDD1A007328A1

Fajn, jeste nas ceka hodne prace

Ten ESET NOD asi zcela urcite legalni neni ze

Asi ne no, půjde pryč. Můj komp to není, já používám MS Security Essentials, takže bych ho tam dal místo toho NODa.

Takze po ukonceni leceni tam dame free reseni - Avast, Avira ci MSE

Pokud nemate, tak presunte Combofix primo na disk c:\

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Restore::
  f:\windows\system32\drivers\dtscsi.sys
  
  Mia::
  f:\windows\system32\drivers\dtscsi.sys
  
  Folder::
  f:\windows\update.8.1
  f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a
  f:\program files\SweetIM
  f:\WINDOWS\update.tray-3-0
  
  File::
  f:\program files\ConduitEngine\prxConduitEngine.dll
  f:\program files\Soft32\prxtbSoft.dll
  f:\program files\BS_Player\prxtbBS_0.dll
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
  "{d1fce654-5fd1-48ad-b13c-5064736120b7}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  [-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
  [-HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
  [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
  "{D1FCE654-5FD1-48AD-B13C-5064736120B7}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  [-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
  [-HKEY_CLASSES_ROOT\clsid\{d1fce654-5fd1-48ad-b13c-5064736120b7}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  "PC Suite Tray"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "QuickTime Task"=-
  "SweetIM"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "f:\\WINDOWS\\update.tray-3-0\\svchost.exe"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "1873:TCP"=-
  
  Driver::
  gupdate1ca06345c52ad8e
  coanhje
  jhfypgqb
  srvpele
  
  NetSvc::
  jhfypgqb
  
  DDS::
  uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=66019
  uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  mStart Page = hxxp://home.sweetim.com
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  IE: Crawler Search - tbr:iemenu
  Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - f:\progra~1\Crawler\ctbr.dll
  
  Collect::
  f:\windows\system32\lobxsme.dll
  
  RegNull::
  [HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  ClearJavaCache::
  
  AtJob::
  
  Replicator::
  
  FixCSet::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt tez primo na disk c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

vždycky po restartu to kontroluje konzistenci disku H ... a nemám tušení co to způspbuje


ComboFix 11-11-18.01 - Hráč 18.11.2011 12:51:11.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.528 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
Použité ovládací přepínače :: F:\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"f:\program files\BS_Player\prxtbBS_0.dll"
"f:\program files\ConduitEngine\prxConduitEngine.dll"
"f:\program files\Soft32\prxtbSoft.dll"
.
file zipped: f:\windows\system32\lobxsme.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\progra~1\Crawler\ctbr.dll
f:\program files\BS_Player\prxtbBS_0.dll
f:\program files\ConduitEngine\prxConduitEngine.dll
f:\program files\Soft32\prxtbSoft.dll
f:\program files\SweetIM
f:\program files\SweetIM\Messenger\default.xml
f:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
f:\program files\SweetIM\Messenger\mgAIMAuto.dll
f:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
f:\program files\SweetIM\Messenger\mgArchive.dll
f:\program files\SweetIM\Messenger\mgcommon.dll
f:\program files\SweetIM\Messenger\mgcommunication.dll
f:\program files\SweetIM\Messenger\mgconfig.dll
f:\program files\SweetIM\Messenger\mgFlashPlayer.dll
f:\program files\SweetIM\Messenger\mghooking.dll
f:\program files\SweetIM\Messenger\mgICQAuto.dll
f:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
f:\program files\SweetIM\Messenger\mgIEPlayer.dll
f:\program files\SweetIM\Messenger\mglogger.dll
f:\program files\SweetIM\Messenger\mgMediaPlayer.dll
f:\program files\SweetIM\Messenger\mgMsnAuto.dll
f:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
f:\program files\SweetIM\Messenger\mgsimcommon.dll
f:\program files\SweetIM\Messenger\mgSweetIM.dll
f:\program files\SweetIM\Messenger\mgUpdateSupport.dll
f:\program files\SweetIM\Messenger\mgxml_wrapper.dll
f:\program files\SweetIM\Messenger\mgYahooAuto.dll
f:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
f:\program files\SweetIM\Messenger\msvcp71.dll
f:\program files\SweetIM\Messenger\msvcr71.dll
f:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
f:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
f:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
f:\program files\SweetIM\Messenger\resources\images\GamesButton.png
f:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
f:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
f:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
f:\program files\SweetIM\Messenger\resources\images\WinksButton.png
f:\program files\SweetIM\Messenger\SweetIM.exe
f:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
f:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
f:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
f:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
f:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
f:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
f:\windows\system32\lobxsme.dll
f:\windows\update.8.1
f:\windows\update.8.1\svchost.exe
f:\windows\update.tray-3-0
f:\windows\update.tray-3-0\svchost.exe
.
f:\windows\system32\drivers\dtscsi.sys . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1CA06345C52AD8E
-------\Legacy_JHFYPGQB
-------\Legacy_SRVPELE
-------\Service_gupdate1ca06345c52ad8e
-------\Service_jhfypgqb
-------\Service_srvpele
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-18 do 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- F:\rsit
2011-11-17 17:09 . 2011-11-17 17:09 -------- d-----w- f:\program files\trend micro
2011-11-17 15:27 . 2011-11-17 15:43 111872 ----a-w- f:\windows\system32\drivers\TrueSight.sys
2011-11-08 20:23 . 2011-11-17 17:54 -------- d-sh--w- f:\documents and settings\LocalService\Local Settings\Data aplikací\9c099e0a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 17:45 . 2011-09-09 22:25 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 12:48 . 2011-06-29 17:49 43520 ----a-w- f:\windows\system32\CmdLineExt03.dll
2007-09-11 18:31 . 2007-09-11 18:31 1132810 ----a-w- f:\program files\parentalcontrolsetup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [BU]
"Steam"="f:\program files\Steam\Steam.exe" [BU]
"ICQ"="~f:\program files\ICQ6.5\ICQ.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"WheelMouse"="f:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"CHotkey"="mHotkey.exe" [2004-12-27 550912]
"StopHid"="StopHid.exe" [2003-10-06 40960]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RivaTunerStartupDaemon"="f:\program files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 2375680]
"LVComs"="f:\windows\system32\LVComS.exe" [1999-10-28 77824]
"Sony Ericsson PC Suite"="f:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [BU]
"nod32kui"="f:\program files\Eset\nod32kui.exe" [BU]
"parentalcontrol"="f:\program files\parentalcontrol\parentalcontrol.exe" [2006-06-13 30720]
"SunJavaUpdateSched"="f:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"LogitechCommunicationsManager"="f:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="f:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"UpdateReminder"="f:\program files\Eset\UpdateReminder.exe" [BU]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program files\\S4\\Exe\\S4_Main.exe"=
"g:\\Program files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"g:\\Program files\\AoE3\\age3.exe"=
"g:\\Program files\\Stronghold Crusader\\Stronghold Crusader.exe"=
"g:\\Program files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"f:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [28.9.2006 7:41 643072]
R0 vax347b;vax347b;f:\windows\system32\drivers\vax347b.sys [28.9.2006 9:26 159616]
R0 vax347s;vax347s;f:\windows\system32\drivers\vax347s.sys [28.9.2006 9:26 5248]
R1 nod32drv;nod32drv;f:\windows\system32\drivers\nod32drv.sys [6.9.2007 20:42 15424]
R2 acedrv11;acedrv11;f:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R3 vaxscsi;vaxscsi;f:\windows\system32\drivers\vaxscsi.sys [28.9.2006 7:50 223128]
S0 NVStrap;NVStrap;f:\windows\system32\drivers\NVStrap.sys [28.9.2006 14:09 3712]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;f:\windows\system32\drivers\Amps2prt.sys [9.5.2006 15:27 13824]
S3 CTIpHook;CTIpHook;f:\windows\system32\Drivers\CTIpHook.sys --> f:\windows\system32\Drivers\CTIpHook.sys [?]
S3 DCamUSBCompany;Logitech QuickCam Pro USB;f:\windows\system32\drivers\p35u.sys [6.10.2006 17:07 90464]
S3 gupdatem;Služba Google Update (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe /medsvc --> f:\program files\Google\Update\GoogleUpdate.exe [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);f:\windows\system32\drivers\k510bus.sys [2.1.2007 20:16 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;f:\windows\system32\drivers\k510mdfl.sys [2.1.2007 20:16 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;f:\windows\system32\drivers\k510mdm.sys [2.1.2007 20:16 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\k510mgmt.sys [2.1.2007 20:16 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;f:\windows\system32\drivers\k510obex.sys [2.1.2007 20:16 83344]
S3 TrueSight;TrueSight;f:\windows\system32\drivers\TrueSight.sys [17.11.2011 16:27 111872]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - f:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - h:\překladače\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - h:\překladače\WEBIE.DLL
LSP: f:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - f:\documents and settings\Hráč\Data aplikací\Mozilla\Firefox\Profiles\7i492ifd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - f:\program files\Crawler\firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 12:59
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(880)
f:\windows\system32\imon.dll
f:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(8132)
f:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
f:\windows\system32\msi.dll
f:\windows\system32\imon.dll
f:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\oodag.exe
f:\windows\system32\PnkBstrA.exe
f:\windows\system32\PnkBstrB.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\windows\system32\UAService7.exe
f:\windows\system32\wscntfy.exe
f:\windows\SOUNDMAN.EXE
f:\windows\mHotkey.exe
f:\windows\StopHid.exe
f:\windows\system32\RUNDLL32.EXE
f:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-11-18 13:02:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-18 12:02
ComboFix2.txt 2011-11-17 18:29
ComboFix3.txt 2011-11-17 18:01
.
Před spuštěním: Volných bajtů: 14 923 472 896
Po spuštění: Volných bajtů: 14 904 291 328
.
- - End Of File - - 52251F5EB4E34003F1D03B5B93B498EC