Prosím o kontrolu

Zpráva

jara2011 · #1 Příspěvek od **jara2011** » 18 lis 2011 08:56

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jara at 2011-11-18 08:53:18
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 122 GB (78%) free of 156 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:30, on 18.11.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Jara\LOCALS~1\Temp\f1ku.exe
C:\WINDOWS\optimashit\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\wvchatts.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\mdm.exe
C:\DOCUME~1\Jara\LOCALS~1\Temp\f1ku.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jara\Plocha\RSIT.exe
C:\Program Files\trend micro\Jara.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 122.224.6.164 zeus.sunke.info
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [i6g8xs] C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe
O4 - HKLM\..\Run: [ilfnpjgq] C:\WINDOWS\System32\ilfnpjgq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKLM\..\Policies\Explorer\Run: [jzv9] C:\DOCUME~1\Jara\LOCALS~1\Temp\f1ku.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateSvchost] C:\WINDOWS\optimashit\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outlook Express (2).lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} (Gif89 Lite Class) - http://192.168.1.11/xplugLiteDL.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MouseDriver - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: wvchatts - Cronosoft - C:\WINDOWS\system32\drivers\wvchatts.exe

--
End of file - 9925 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MpIdleTask.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jara\Data aplikací\Mozilla\Firefox\Profiles\xhrj528m.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@macromedia.com/FlashPlayer8]
"Description"=Macromedia Flash Player 8.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

C:\Program Files\Mozilla Firefox\\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\\components\
browser.xpt
jar50.dll
jsconsole-clhandler.js
jsd3250.dll
nsBrowserContentHandler.js
nsBrowserGlue.js
nsCloseAllWindows.js
nsDictionary.js
nsExtensionManager.js
nsHelperAppDlg.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSetDefaultBrowser.js
nsSidebar.js
nsUpdateService.js
nsXmlRpcClient.js
xpinstal.dll

C:\Program Files\Mozilla Firefox\\plugins\
nsIQTScriptablePlugin.xpt
NPSWF32.dll
flashplayer.xpt
GetFlash.exe
GetFlash.exe.manifest
npnul32.dll
NPOFFICE.DLL
npdeployJava1.dll

C:\Program Files\Mozilla Firefox\\searchplugins\
centrum-cz.png
centrum-cz.src
google.gif
google.src
jyxo-cz.gif
jyxo-cz.src
mall-cz.png
mall-cz.src
seznam-cz.gif
seznam-cz.src
slunecnice-cz.gif
slunecnice-cz.src

C:\Documents and Settings\Jara\Data aplikací\Mozilla\Firefox\Profiles\xhrj528m.default\extensions\
{f68df430-4534-4473-8ca4-d5de32268a8d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 5033984]
"nwiz"=nwiz.exe /install []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-12-13 307200]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2003-10-02 94208]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-09-02 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-07-22 122880]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-06-24 290816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 61440]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe []
""= []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 233472]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 94208]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 167936]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2008-10-28 618496]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 60416]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 241664]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"i6g8xs"=C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe [2011-11-02 126976]
"ilfnpjgq"=C:\WINDOWS\System32\ilfnpjgq.exe [2011-11-15 95232]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"jzv9"=C:\DOCUME~1\Jara\LOCALS~1\Temp\f1ku.exe [2011-11-02 84992]
"UpdateSvchost"=C:\WINDOWS\optimashit\svchost.exe [2011-11-02 154112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 92672]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-09-24 49152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 155648]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1527808]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Jara\Nabídka Start\Programy\Po spuštění
Outlook Express (2).lnk - C:\Program Files\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\TOTALCMD\TOTALCMD.EXE"="C:\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\WINDOWS\System32\ftp.exe"="C:\WINDOWS\System32\ftp.exe:*:Enabled:Program pro přenos souborů"
"C:\Program Files\Kazaa Lite\KazaaLite.kpp"="C:\Program Files\Kazaa Lite\KazaaLite.kpp:*:Enabled:Kazaa Lite"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\G6 FTP Server\G6FTPSrv.exe"="C:\Program Files\G6 FTP Server\G6FTPSrv.exe:*:Enabled:BPFTP Server for Internet."
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Hry\Duke Nukem - Manhattan Project\prism3d.exe"="C:\Hry\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Program Files\Xlight\xlight.exe"="C:\Program Files\Xlight\xlight.exe:*:Enabled:xlight"
"G:\ICQ\Icq.exe"="G:\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\System32\SPOOLSV.EXE"="C:\WINDOWS\System32\SPOOLSV.EXE:*:Enabled:Spooler SubSystem App"
"C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe"="C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe:*:Enabled:i6g8xs.exe"
"UpdateSvchost"="C:\WINDOWS\optimashit\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"vidc.LEAD"=LCODCCMP.DLL

======List of files/folders created in the last 1 month======

2011-11-18 08:50:45 ----A---- C:\Documents and Settings\Jara\Data aplikací\i7mbjnks4.exe
2011-11-18 08:49:38 ----A---- C:\Documents and Settings\Jara\Data aplikací\2ayxpfydm.exe
2011-11-16 01:43:39 ----A---- C:\WINDOWS\system32\drivers\qrmcbuqn.dat
2011-11-16 01:36:00 ----D---- C:\rsit
2011-11-16 01:36:00 ----D---- C:\Program Files\trend micro
2011-11-16 01:29:18 ----A---- C:\WINDOWS\system32\drivers\mjvgrpzv.dat
2011-11-16 01:20:29 ----A---- C:\WINDOWS\system32\drivers\etmvpclm.dat
2011-11-16 01:07:07 ----A---- C:\WINDOWS\system32\drivers\jrxemewx.dat
2011-11-16 00:38:10 ----A---- C:\WINDOWS\system32\drivers\mlruylxu.dat
2011-11-15 23:36:54 ----A---- C:\WINDOWS\system32\drivers\mqvzvhpt.dat
2011-11-15 23:28:40 ----N---- C:\WINDOWS\system32\ilfnpjgq.exe
2011-11-15 22:29:54 ----A---- C:\WINDOWS\system32\MRT.INI
2011-11-15 22:29:54 ----A---- C:\WINDOWS\system32\drivers\nskekhti.dat
2011-11-12 18:05:28 ----A---- C:\WINDOWS\keys.ini
2011-11-12 18:05:27 ----A---- C:\WINDOWS\system32\drivers\wvchatts.exe
2011-11-09 18:02:20 ----A---- C:\Documents and Settings\Jara\Data aplikací\s1bya03l.exe
2011-11-09 18:01:43 ----A---- C:\Documents and Settings\Jara\Data aplikací\u1xis5jx.exe
2011-11-02 20:08:44 ----D---- C:\WINDOWS\optimashit
2011-11-02 20:07:37 ----H---- C:\Documents and Settings\Jara\Data aplikací\MouseDriver.bat
2011-11-02 20:07:32 ----A---- C:\Documents and Settings\Jara\Data aplikací\i6g8xs.exe
2011-10-28 13:03:46 ----D---- C:\Documents and Settings\Jara\Data aplikací\Datalayer
2011-10-28 13:03:33 ----D---- C:\Documents and Settings\Jara\Data aplikací\Nokia
2011-10-28 13:03:14 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-28 13:03:14 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-28 13:03:14 ----A---- C:\WINDOWS\system32\java.exe
2011-10-28 13:02:12 ----D---- C:\Program Files\DIFX
2011-10-28 13:01:38 ----D---- C:\Program Files\Common Files\Nokia
2011-10-28 13:01:27 ----D---- C:\Documents and Settings\Jara\Data aplikací\PC Suite
2011-10-28 13:01:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-10-28 13:01:24 ----D---- C:\Program Files\Common Files\PCSuite
2011-10-28 13:01:19 ----A---- C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011-10-28 13:01:18 ----D---- C:\WINDOWS\system32\DRVSTORE
2011-10-28 13:01:18 ----A---- C:\WINDOWS\system32\nmwcdlog.dll
2011-10-28 13:01:18 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2011-10-28 13:01:18 ----A---- C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011-10-28 13:01:18 ----A---- C:\WINDOWS\system32\drivers\nmwcdc.sys
2011-10-28 13:01:18 ----A---- C:\WINDOWS\system32\drivers\nmwcd.sys
2011-10-28 13:01:14 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2011-10-28 13:01:13 ----D---- C:\Program Files\Nokia
2011-10-28 13:01:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations

======List of files/folders modified in the last 1 month======

2011-11-16 01:45:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-16 01:29:00 ----A---- C:\WINDOWS\wincmd.ini
2011-10-27 22:04:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 pnpshark;pnpshark; C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2005-01-26 20576]
R0 st3shark;st3shark; C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504]
R1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\System32\DRIVERS\dumant.sys [2002-11-18 399700]
R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslb0ce20fa;MpKslb0ce20fa; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2C27A4CA-4314-46D2-BC74-25962B7892CC}\MpKslb0ce20fa.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-04-16 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-16 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-09-24 1548331]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-09-22 9856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 MpKsl1228a26d;MpKsl1228a26d; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C8CCCE48-CD3C-4A7B-A3FA-4489713B7CD7}\MpKsl1228a26d.sys []
S1 MpKsl9f6dc1ee;MpKsl9f6dc1ee; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{808263B9-329D-4BA5-BE75-D0F38C44D131}\MpKsl9f6dc1ee.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-17 3072]
S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 73728]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-09-24 126976]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 212992]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 50176]
R2 wvchatts;wvchatts; C:\WINDOWS\system32\drivers\wvchatts.exe [2011-11-12 204800]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-06-24 344064]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 185344]
S2 MouseDriver;MouseDriver; C:\Documents and Settings\Jara\Data aplikací\MouseDriver.bat [2011-11-02 102]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 18 lis 2011 09:09

Zdravím,

máš tam bohužel pravděpodobně virut, který napadá systémové soubory - velmi obtížně léčitelný

Zkus nejprve Nástroj obnovy systému k datu před 2.11. - pokud se nezdaří, tak:

začni zálohováním důležitých osobních dat (fotky, hudba, xls, doc a podobně) - může to skončit formátováním

potom použijeme ComboFix

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

jara2011 · #3 Příspěvek od **jara2011** » 18 lis 2011 11:06

Nástroj obnovení systému byl vypnut. Chcete jej nyní spustit? A dal jsem ano, ale nic se nestalo... Mám tedy spustit Combofix? Zálohu mám asi na 80% hotovou. Mám Combofix spustit hned nebo až po záloze? Díky

#4 Příspěvek od **cernohous13** » 18 lis 2011 19:07

Pěkně bod po bodu - při běhu ComboFixu by nemělo být spuštěno nic jiného

jara2011 · #5 Příspěvek od **jara2011** » 19 lis 2011 12:40

ComboFix 11-11-19.01 - Jara 19.11.2011 12:23:53.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.345 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jara\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jara\Data aplikací\i6g8xs.exe
c:\documents and settings\Jara\Data aplikací\s1bya03l.exe
c:\documents and settings\Jara\Data aplikací\u1xis5jx.exe
c:\documents and settings\Jara\WINDOWS
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.exe
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\CyberLink\PowerDVD\PDVDServ.exe
c:\program files\D-Tools\daemon.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\MyWay
c:\program files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
c:\program files\MyWay\myBar\1.bin\PARTNER.BMP
c:\program files\MyWay\myBar\1.bin\PARTNER.DAT
c:\program files\MyWay\myBar\1.bin\PARTNER2.DAT
c:\program files\MyWay\myBar\1.bin\PARTNER3.DAT
c:\program files\MyWay\myBar\1.bin\PARTNER4.DAT
c:\program files\MyWay\myBar\1.bin\PARTNER5.DAT
c:\program files\MyWay\myBar\1.bin\PARTNER6.DAT
c:\program files\MyWay\myBar\Cache\0032D02D
c:\program files\MyWay\myBar\Cache\0032D790
c:\program files\MyWay\myBar\Cache\0032D926.bin
c:\program files\MyWay\myBar\Cache\0032DBA7.bin
c:\program files\MyWay\myBar\Cache\files.ini
c:\program files\MyWay\myBar\History\search
c:\program files\MyWay\myBar\Settings\prevcfg.htm
c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
c:\program files\QuickTime\qttask.exe
c:\program files\SlySoft\CloneCD\CloneCDTray.exe
c:\program files\Unlocker\UnlockerAssistant.exe
c:\program files\Winamp\winampa.exe
c:\windows\IsUn0405.exe
c:\windows\optimashit
c:\windows\optimashit\svchost.exe
c:\windows\system32\CddbCdda.dll
c:\windows\System32\ilfnpjgq.exe
c:\windows\system32\INKED.exe
c:\windows\system32\msv1_0.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
c:\windows\unin0407.exe
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe
.
Nakažená kopie c:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
.
c:\windows\explorer.exe . . . je infikován!!
.
c:\windows\notepad.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\cmd.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cmd.exe
.
Nakažená kopie c:\windows\system32\cleanmgr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cleanmgr.exe
.
Nakažená kopie c:\windows\system32\ctfmon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ctfmon.exe
.
Nakažená kopie c:\windows\system32\ie4uinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
.
Nakažená kopie c:\windows\system32\logonui.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\logonui.exe
.
Nakažená kopie c:\windows\system32\mstsc.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\mstsc.exe
.
Nakažená kopie c:\windows\system32\msiexec.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$MSI31Uninstall_KB893803$\msiexec.exe
.
Nakažená kopie c:\windows\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\wuauclt.exe
.
Nakažená kopie c:\windows\system32\mspaint.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB978706\SP2QFE\mspaint.exe
.
Nakažená kopie c:\windows\system32\accwiz.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\accwiz.exe
.
Nakažená kopie c:\windows\system32\wiaacmgr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\wiaacmgr.exe
.
c:\windows\system32\mshearts.exe . . . je infikován!!
.
c:\windows\system32\sol.exe . . . je infikován!!
.
c:\windows\system32\calc.exe . . . je infikován!!
.
c:\windows\system32\charmap.exe . . . je infikován!!
.
c:\windows\system32\sndvol32.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\rundll32.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\rundll32.exe
.
Nakažená kopie c:\windows\system32\spider.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\spider.exe
.
Nakažená kopie c:\windows\system32\sndrec32.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\sndrec32.exe
.
Nakažená kopie c:\windows\system32\odbcad32.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\odbcad32.exe
.
Nakažená kopie c:\windows\system32\oobe\msoobe.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\msoobe.exe
.
Nakažená kopie c:\windows\system32\usmt\migwiz.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\migwiz.exe
.
Nakažená kopie c:\windows\system32\Restore\rstrui.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\rstrui.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MOUSEDRIVER
-------\Service_MouseDriver
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-19 do 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 11:32 . 2011-11-19 11:32 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BF95F547-BB48-4925-9FC8-989D5DE38D66}\offreg.dll
2011-11-19 11:17 . 2011-10-07 04:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BF95F547-BB48-4925-9FC8-989D5DE38D66}\mpengine.dll
2011-11-19 07:20 . 2011-11-19 07:20 614 ----a-w- c:\windows\system32\drivers\lujmyxbr.dat
2011-11-18 10:00 . 2011-11-18 10:00 100864 ----a-w- c:\windows\system32\drivers\services.exe
2011-11-18 08:01 . 2011-11-18 08:01 614 ----a-w- c:\windows\system32\drivers\rtsxupss.dat
2011-11-16 00:43 . 2011-11-16 00:43 614 ----a-w- c:\windows\system32\drivers\qrmcbuqn.dat
2011-11-16 00:36 . 2011-11-16 00:36 -------- d-----w- C:\rsit
2011-11-16 00:36 . 2011-11-16 00:36 -------- d-----w- c:\program files\trend micro
2011-11-16 00:29 . 2011-11-16 00:29 348 ----a-w- c:\windows\system32\drivers\mjvgrpzv.dat
2011-11-16 00:20 . 2011-11-16 00:20 614 ----a-w- c:\windows\system32\drivers\etmvpclm.dat
2011-11-16 00:07 . 2011-11-16 00:07 614 ----a-w- c:\windows\system32\drivers\jrxemewx.dat
2011-11-15 23:38 . 2011-11-15 23:38 548 ----a-w- c:\windows\system32\drivers\mlruylxu.dat
2011-11-15 22:36 . 2011-11-15 22:36 524 ----a-w- c:\windows\system32\drivers\mqvzvhpt.dat
2011-11-15 21:29 . 2011-11-15 21:29 712 ----a-w- c:\windows\system32\drivers\nskekhti.dat
2011-11-15 21:21 . 2011-11-18 09:58 182912 ----a-w- c:\windows\system32\dllcache\ndis.sys
2011-11-12 17:05 . 2011-11-19 11:08 193024 ----a-w- c:\windows\system32\drivers\wvchatts.exe
2011-11-07 14:52 . 2011-11-07 14:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-11-04 14:26 . 2011-11-04 14:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-02 19:07 . 2011-11-02 19:07 102 ---h--w- c:\documents and settings\Jara\Data aplikací\MouseDriver.bat
2011-10-28 12:03 . 2011-10-28 12:03 -------- d-----w- c:\documents and settings\Jara\Data aplikací\Datalayer
2011-10-28 12:03 . 2011-10-28 12:03 -------- d-----w- c:\documents and settings\Jara\Phone Browser
2011-10-28 12:03 . 2011-10-28 12:03 -------- d-----w- c:\documents and settings\Jara\Data aplikací\Nokia
2011-10-28 12:02 . 2011-10-28 12:02 -------- d-----w- c:\program files\DIFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 11:33 . 2011-11-19 11:33 49152 ----a-w- c:\documents and settings\Jara\Data aplikací\i6g8xs.exe
2011-11-19 07:10 . 2011-07-09 00:19 1409 ----a-w- c:\windows\QTFont.for
2011-11-19 07:10 . 2011-11-12 17:05 193024 ----a-w- c:\windows\system32\drivers\wvchatts.exe159
2011-11-18 09:58 . 2004-09-22 00:17 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-11-15 22:29 . 2011-06-21 12:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-12 17:05 . 2011-11-12 17:05 204800 ----a-w- c:\windows\system32\drivers\wvchatts.exe699
2011-10-07 04:48 . 2011-07-12 12:34 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 04:06 . 2010-10-29 14:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-05-07 18:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-05-21 20:22 . 2006-02-17 21:24 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-05-21 20:22 . 2006-02-17 21:24 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-21 20:22 . 2006-02-17 21:24 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B755AD36390AA758D429D5D6F495ADA6 . 37376 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[-] 2004-08-17 . 9C0223C76245484CED7ABE8C294BD9D7 . 35840 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . CA109D99D1E61D50B5372CCD5CFE4D5E . 35840 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2003-04-16 . 4966598594EBEC79D8C3E53B1379BABA . 33280 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . C1C47EAC6A8E8D83CC0BBA6ED65771F4 . 1078784 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2007-06-13 . 52FDDEC4FC339EE8A813BDC8B2538DED . 1044992 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 8ED243A5974728659B959172436E5FB4 . 1044992 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 5E95298966394D90807B44EB60AA58AE . 1044992 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-17 . B9BCE75D87519A70593A364E8E53E0BD . 1043968 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-17 . 48196E485392CAA331CC0840928849BE . 1043968 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2003-04-16 . 805C59F787B82338571B1315C438D1BE . 1048576 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 3738E3780682C6330710263A31AB556F . 225280 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\regedit.exe
[-] 2004-08-17 . 1598D46725E65078A34C9558C6294615 . 159232 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-17 . 95D19DBC70FBE694B202694A1388772A . 159232 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2003-04-16 . FA864512C0A7D085F8A175346C038380 . 146944 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 2192396CE079FE8A8431F8A7D8DA70CF . 92672 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ctfmon.exe
[-] 2004-08-17 . 54879EDDCFB9E6C2C28C4D57BA64ECE2 . 26624 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . 386A11AE3E238A29A22AA2275C08B2C5 . 26624 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2003-04-16 . 33B954F949529DD4A57DAB760418E34D . 90624 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 8D243EBC16E14DD07128E78C15A15E95 . 90624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\wscntfy.exe
[-] 2004-08-17 . 497A8A3F0423F782AB232E148D1C0C54 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 8B961949956E9DF796C4FFC7838CB8DA . 90624 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
.
[-] 2009-03-08 . 32E7F65E74DF0BC988025EEFC33C73F1 . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2008-04-14 . 649FA957E7C00499B29C8731934F773C . 169984 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\iexplore.exe
[-] 2004-08-17 . 0BDC5A124ED39F0F630114ECB920F145 . 104448 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2004-08-17 . CCF713A56E4A50077F28072B54522CC1 . 104448 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
[-] 2003-04-16 . 0AA16E048F4ED2AAAE73F32563AA29DF . 102400 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-09-24 49152]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-24 5033984]
"nwiz"="nwiz.exe" [2003-09-24 786432]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"i6g8xs"="c:\documents and settings\Jara\Data aplikací\i6g8xs.exe" [2011-11-19 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 26624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"jzv9"="c:\windows\TEMP\f1ku.exe" [2011-11-19 52224]
.
c:\documents and settings\Jara\Nabídka Start\Programy\Po spuštění\
Outlook Express (2).lnk - c:\program files\Outlook Express\msimn.exe [2004-9-22 104960]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-22 223744]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-1-28 102400]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jara\\Data aplikací\\i6g8xs.exe"=
"update_services"= c:\\WINDOWS\\system32\\drivers\\services.exe
.
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 3:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 14:37 5504]
R1 MpKsl518d86dc;MpKsl518d86dc;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{960430F9-3F25-48FB-9EDA-774082B43F70}\MpKsl518d86dc.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{960430F9-3F25-48FB-9EDA-774082B43F70}\MpKsl518d86dc.sys [?]
R2 update_services;update_services;c:\windows\system32\drivers\services.exe [18.11.2011 11:00 100864]
R2 wvchatts;wvchatts;c:\windows\system32\drivers\wvchatts.exe [12.11.2011 18:05 206848]
S1 MpKsl1228a26d;MpKsl1228a26d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C8CCCE48-CD3C-4A7B-A3FA-4489713B7CD7}\MpKsl1228a26d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C8CCCE48-CD3C-4A7B-A3FA-4489713B7CD7}\MpKsl1228a26d.sys [?]
S1 MpKsl9f6dc1ee;MpKsl9f6dc1ee;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{808263B9-329D-4BA5-BE75-D0F38C44D131}\MpKsl9f6dc1ee.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{808263B9-329D-4BA5-BE75-D0F38C44D131}\MpKsl9f6dc1ee.sys [?]
S2 MouseDriver;MouseDriver;c:\documents and settings\Jara\Data aplikací\MouseDriver.bat [2.11.2011 20:07 102]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.2.254 8.8.8.8
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.11/xplugLiteDL.cab
FF - ProfilePath - c:\documents and settings\Jara\Data aplikací\Mozilla\Firefox\Profiles\xhrj528m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
HKLM-Run-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-Acrobat Assistant 7.0 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM-Run-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM-Run-pdfFactory Pro Dispatcher v3 - c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
HKLM-Run-ilfnpjgq - c:\windows\System32\ilfnpjgq.exe
HKLM-Run-smwcore - c:\windows\system32\INKED.exe
HKLM-Run-rinetd - c:\windows\system32\msv1_0.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Adobe Premiere 6.5 - c:\program files\Adobe\Premiere 6.5\DeIsL1.isu
AddRemove-EAGLE 4.01 - c:\program files\EAGLE-4.01\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 12:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
detected NTDLL code modification:
ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MouseDriver]
"ImagePath"="c:\documents and settings\Jara\Data aplikací\MouseDriver.bat"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\msls31.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\RunDll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2011-11-19 12:36:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-19 11:36
.
Před spuštěním: Volných bajtů: 127 131 910 144
Po spuštění: Volných bajtů: 127 037 865 984
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0E3D4412370EA23A9B1A6D02A0C04343

#6 Příspěvek od **cernohous13** » 19 lis 2011 17:15

Bohužel to nevypadá dobře - máš už zálohu osobních a důležitých dat?

Zkusíme ještě podle návodu - http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

mimifa · #7 Příspěvek od **mimifa** » 19 lis 2011 18:08

ComboFix 11-11-19.03 - Uzivatel 19.11.2011 17:51:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.511 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\documents and settings\Uzivatel\Application Data\SoftMaker
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\program files\SoftMaker Viewer
2011-11-13 14:59 . 2010-09-23 11:15 98344 ----a-w- c:\windows\unTMV.exe
2011-11-13 09:44 . 2011-11-13 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-11-13 09:44 . 2011-11-16 19:36 -------- d-----w- c:\program files\McAfee Security Scan
2011-10-31 14:15 . 2011-10-31 14:15 -------- d-----w- c:\program files\Advanced PDF to IMAGE converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 16:46 . 2011-07-19 07:23 1409 ----a-w- c:\windows\QTFont.for
2011-11-13 09:45 . 2011-06-05 20:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2006-07-10 07:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2004-08-03 22:56 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 20:59 369664 ----a-w- c:\windows\system32\html.iec
2004-10-11 17:46 . 2004-10-11 17:46 205312 ----a-w- c:\program files\ltefx13n.dll
2004-01-19 12:31 . 2004-01-19 12:31 153600 ----a-w- c:\program files\ltfil13n.DLL
2004-01-19 11:31 . 2004-01-19 11:31 27648 ----a-w- c:\program files\lfiff13n.dll
2004-01-19 11:31 . 2004-01-19 11:31 20480 ----a-w- c:\program files\lfCUT13n.dll
2004-01-19 10:31 . 2004-01-19 10:31 453120 ----a-w- c:\program files\ltkrn13n.dll
2004-01-19 10:12 . 2004-01-19 10:12 89600 ----a-w- c:\program files\Lfcgm13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 278016 ----a-w- c:\program files\LFJ2K13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 180736 ----a-w- c:\program files\Lfpng13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 76800 ----a-w- c:\program files\Lfwmf13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 509440 ----a-w- c:\program files\LFCMW13n.dll
2004-01-19 09:45 . 2004-01-19 09:45 420352 ----a-w- c:\program files\LFCMP13n.DLL
2004-01-19 09:44 . 2004-01-19 09:44 143872 ----a-w- c:\program files\lftif13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 56832 ----a-w- c:\program files\lfpsd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 19968 ----a-w- c:\program files\lfpcd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 26624 ----a-w- c:\program files\lfpcx13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 65536 ----a-w- c:\program files\Lfpct13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 18944 ----a-w- c:\program files\lfmsp13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 18944 ----a-w- c:\program files\lfmac13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 20992 ----a-w- c:\program files\lfimg13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 31744 ----a-w- c:\program files\lfclp13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 30208 ----a-w- c:\program files\lfbmp13n.dll
2004-01-19 09:33 . 2004-01-19 09:33 444928 ----a-w- c:\program files\ltimg13n.dll
2004-01-19 09:32 . 2004-01-19 09:32 265216 ----a-w- c:\program files\LTDIS13n.dll
2000-05-02 02:17 . 2000-05-02 02:17 212480 ----a-w- c:\program files\PCDLIB32.DLL
1999-11-18 21:00 . 1999-11-18 21:00 284032 ----a-w- c:\program files\XceedZip.dll
2011-11-10 17:02 . 2011-10-04 12:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 77824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 503808]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-10-07 939272]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
DKS 1500.lnk - c:\dks\Dks_scan.bat [2006-7-31 78]
.
c:\documents and settings\Uzivatel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SoftWedge.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SoftWedge.lnk
backup=c:\windows\pss\SoftWedge.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 07:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\temp\\PhotoTeller\\PictureOrganiser.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.5.2010 9:55 64288]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [7.7.2006 15:00 19240]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [29.9.2009 18:18 809736]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird_2_1\bin\fbguard.exe [2.12.2010 18:53 81920]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [10.3.2010 22:24 98304]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird_2_1\bin\fbserver.exe [2.12.2010 18:53 2736128]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.5.2010 22:41 12953]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1181328]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [14.4.2009 2:05 31104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: blogger.com\www
Trusted Zone: google.sk\www
TCP: DhcpNameServer = 85.237.225.250 192.168.0.1
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\o1p2i3rx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D882232E-0E7A-8357-050D-354A05E61C15}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabhakjpnbkjniidch"=hex:63,61,70,65,6a,61,00,7c
.
Completion time: 2011-11-19 17:58:20
ComboFix-quarantined-files.txt 2011-11-19 16:58
ComboFix2.txt 2011-11-18 08:31
.
Pre-Run: 14 971 842 560 bytes free
Post-Run: 18 adresárov, 14 956 101 632 voľných bajtov
.
- - End Of File - - 4FD3ACF668E91B38F8FFC39989BFFF9C

#8 Příspěvek od **cernohous13** » 19 lis 2011 20:31

mimifa
Založ si, prosím, nové téma - někdo se tě určitě ujme

jara2011 · #9 Příspěvek od **jara2011** » 04 pro 2011 00:18

Zdravím, omlouvám se za tak pozdní reakci, jsem mimo ČR, zpět u PC budu kolem vánoc, tak poté budeme pokračovat, snad to nebude vadit. Děkuji...

#10 Příspěvek od **cernohous13** » 04 pro 2011 06:32

V pořádku - ozveš se

jara2011 · #11 Příspěvek od **jara2011** » 25 pro 2011 19:51

Zdravím, takže už jsem u PC, stáhl jsem a spustil program dle návodu. Tady je LOG, který byl vytvořen:

Status: Disinfected (events: 150)
25.12.2011 17:22:44 Disinfected Trojan program Trojan-Downloader.HTML.Agent.km Hlavní identita\Místní složky\Doručená pošta\majcap@seznam.cz\[From:<MAILER-DAEMON@cbeng.cz>][Subject:Undelivered Mail Returned to Sender][Time:2008/07/30 05:42:24]/message/rfc822 High
25.12.2011 17:25:06 Disinfected Trojan program Trojan-Spy.HTML.Bankfraud.ra Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"BB&T" <clientservice_703311242779983ib@bbt.com>][Subject:Special Announce. -Tue, 10 Apr 2007 17:18:32 -0800][Time:2007/04/11 02:28:11]/text/html High
25.12.2011 17:25:06 Disinfected Trojan program Trojan-Spy.HTML.Bankfraud.ri Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"BB&T" <clientservice_703311242779983ib@bbt.com>][Subject:Special Announce. -Tue, 10 Apr 2007 17:18:32 -0800][Time:2007/04/11 02:28:11]/animism.gif High
25.12.2011 17:23:42 Disinfected Trojan program Trojan-Downloader.Win32.Diehard.dc Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"Sofia Lehman" <holden.davie@kuoni.ch>][Subject:Something hot][Time:2007/12/23 12:13:59]/hard.zip High
25.12.2011 17:23:42 Disinfected Trojan program Trojan-Downloader.Win32.Diehard.dc Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"Sofia Lehman" <holden.davie@kuoni.ch>][Subject:Something hot][Time:2007/12/23 12:13:59]/hard.zip/hard.scr High
25.12.2011 17:24:15 Disinfected virus HEUR:Trojan.Win32.Generic Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"ICS Monitoring Team" <a.schwarz@cdu-siemensstadt.de>][Subject:Your internet access is going to get suspended][Time:2008/09/29 01:58:30]/user-EA49943X-activities.zip High
25.12.2011 17:26:43 Disinfected Trojan program Trojan-Downloader.JS.Small.ow Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"Mail Delivery Subsystem" <mailer-daemon@jerabzlin.com>][Subject:Delivery Status Notification (Failure)][Time:2010/09/20 23:28:25]/51953Forwarded message.html High
25.12.2011 17:31:25 Disinfected virus Email-Worm.Win32.Bagle.gen Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Dwilliams" <dwilliams3@charter.net>][Subject:Dorithie][Time:2006/06/23 20:47:02]/Anthony.zip High
25.12.2011 17:31:26 Disinfected virus Email-Worm.Win32.Bagle.gen Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"J.puentes" <j.puentes@samsung.com>][Subject:Henrie][Time:2006/06/22 16:22:44]/Anthony.zip High
25.12.2011 17:31:26 Disinfected virus Email-Worm.Win32.Bagle.gen Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"J.przezdziecka" <j.przezdziecka@pkp.com.pl>][Subject:Michael][Time:2006/06/26 03:52:30]/James.zip High
25.12.2011 17:31:28 Disinfected virus Email-Worm.Win32.Bagle.gen Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Mhenry" <mhenry_arnold@yahoo.com>][Subject:Bennet][Time:2006/06/27 05:41:32]/Elizabethe.zip High
25.12.2011 17:31:29 Disinfected virus Email-Worm.Win32.Bagle.gen Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Conflits" <conflits@yahoo.fr>][Subject:Leonarde][Time:2006/06/27 00:29:34]/Thomas.zip High
25.12.2011 17:32:28 Disinfected Trojan program Trojan-Dropper.Win32.Agent.bzp Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Micah Evans" <sarosh.dalzell@uic.edu>][Subject:Hot pictures][Time:2007/10/08 11:07:43]/shame.zip High
25.12.2011 17:32:28 Disinfected Trojan program Trojan-Dropper.Win32.Agent.bzp Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Micah Evans" <sarosh.dalzell@uic.edu>][Subject:Hot pictures][Time:2007/10/08 11:07:43]/shame.zip/she.exe High
25.12.2011 17:32:29 Disinfected Trojan program Trojan-Dropper.Win32.Agent.bzp Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Emory Corley" <haruto.danby@wasd.dk>][Subject:Here is it][Time:2007/10/13 22:30:12]/ha.zip High
25.12.2011 17:32:29 Disinfected Trojan program Trojan-Dropper.Win32.Agent.bzp Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Emory Corley" <haruto.danby@wasd.dk>][Subject:Here is it][Time:2007/10/13 22:30:12]/ha.zip/she.exe High
25.12.2011 17:35:11 Disinfected Trojan program Trojan-Downloader.HTML.Agent.km Hlavní identita\Místní složky\Odstraněná pošta\q18q@seznam.cz\[From:<q18q@seznam.cz>][Subject:Anjelina Jolie XXX Video Free.][Time:2008/07/25 12:51:04]/text/html High
25.12.2011 17:35:44 Disinfected Trojan program Trojan-Downloader.JS.Small.ow Hlavní identita\Místní složky\Odstraněná pošta\[From:"Tracy Webber" <ventrbz824@realma.com>][Subject:Fresh event on Monday 9/27][Time:2010/09/20 15:44:09]/66533Fresh event on Monday 927.html High
25.12.2011 17:35:44 Disinfected Trojan program Trojan-Downloader.JS.Small.ow Hlavní identita\Místní složky\Odstraněná pošta\[From:"Katy Leonard" <plastererskj5@royaldj.com>][Subject:Background Release][Time:2010/09/20 17:47:12]/56337HireRight Authorization Form[1].html High
25.12.2011 17:35:44 Disinfected Trojan program Trojan.JS.Agent.brc Hlavní identita\Místní složky\Odstraněná pošta\[From:"Laurie Harrington" <playboys@rileys-coffee.com>][Subject:Consultation Appointment][Time:2010/09/22 10:30:06]/15263_inv.html High
25.12.2011 17:35:45 Disinfected Trojan program Trojan.JS.Agent.brc Hlavní identita\Místní složky\Odstraněná pošta\[From:"August Fraser" <wisherh@ronsrhinestones.com>][Subject:Invoices][Time:2010/09/22 10:38:29]/94861_inv.html High
25.12.2011 17:35:45 Disinfected Trojan program Trojan-Downloader.JS.Agent.fpm Hlavní identita\Místní složky\Odstraněná pošta\[From:"Etta Cox" <milesp6@reeder-cpa.com>][Subject:Please review the attached resume.][Time:2010/09/23 10:56:13]/91169resume.html High
25.12.2011 17:35:56 Disinfected virus Virus.Win32.Virut.q c:\WINDOWS\system32\accwiz.exe High
25.12.2011 17:36:09 Disinfected virus Virus.Win32.Virut.q c:\WINDOWS\notepad.exe High
25.12.2011 17:36:15 Disinfected virus Virus.Win32.Virut.q c:\program files\spybot - search & destroy\SpybotSD.exe High
25.12.2011 17:38:46 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\sc.exe High
25.12.2011 17:38:48 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\sort.exe High
25.12.2011 17:38:52 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\cleanmgr.exe High
25.12.2011 17:39:17 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\mstsc.exe High
25.12.2011 17:39:22 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\route.exe High
25.12.2011 17:39:45 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\wiaacmgr.exe High
25.12.2011 17:39:55 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\findstr.exe High
25.12.2011 17:39:57 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\spider.exe High
25.12.2011 17:40:17 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\sndrec32.exe High
25.12.2011 17:40:19 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\odbcad32.exe High
25.12.2011 17:40:28 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\sol.exe High
25.12.2011 17:40:27 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\calc.exe High
25.12.2011 17:40:27 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\mshearts.exe High
25.12.2011 17:40:29 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\charmap.exe High
25.12.2011 17:40:31 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\sndvol32.exe High
25.12.2011 17:40:55 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\ipconfig.exe High
25.12.2011 17:40:58 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\wscntfy.exe High
25.12.2011 17:42:31 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\drivers\wvchatts.exe699 High
25.12.2011 17:42:51 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\wbem\wmiprvse.exe High
25.12.2011 17:43:25 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\dllcache\explorer.exe High
25.12.2011 17:43:59 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\oobe\msoobe.exe High
25.12.2011 17:44:18 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\system32\Restore\rstrui.exe High
25.12.2011 17:45:36 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Temp\TMP00000001183F533E81889C4D High
25.12.2011 17:46:55 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe High
25.12.2011 17:50:48 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut8.exe High
25.12.2011 17:50:49 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut6.exe High
25.12.2011 17:50:50 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut5.exe High
25.12.2011 17:50:49 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut4.exe High
25.12.2011 17:50:51 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut3.exe High
25.12.2011 17:50:51 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut2.exe High
25.12.2011 17:50:52 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe High
25.12.2011 17:50:52 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut900.exe High
25.12.2011 17:50:53 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe High
25.12.2011 17:50:54 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{E1180142-3B31-4DCC-9D27-7AC2D37662BF}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe High
25.12.2011 17:50:53 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe High
25.12.2011 17:52:19 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\wscntfy.exe High
25.12.2011 17:52:23 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ctfmon.exe High
25.12.2011 17:52:24 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\iexplore.exe High
25.12.2011 17:53:11 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\regedit.exe High
25.12.2011 17:53:13 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe High
25.12.2011 17:53:59 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe High
25.12.2011 17:56:18 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtServicePackUninstall$\userinit.exe High
25.12.2011 17:57:54 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe High
25.12.2011 17:58:02 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtServicePackUninstall$\regedit.exe High
25.12.2011 17:58:03 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtServicePackUninstall$\explorer.exe High
25.12.2011 17:58:28 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe High
25.12.2011 17:59:41 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\userinit.exe High
25.12.2011 17:59:53 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\regedit.exe High
25.12.2011 17:59:59 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\explorer.exe High
25.12.2011 18:00:12 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe High
25.12.2011 18:00:48 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe High
25.12.2011 18:00:53 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ServicePackFiles\i386\iexplore.exe High
25.12.2011 18:03:10 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe High
25.12.2011 18:06:36 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\$NtUninstallKB938828$\explorer.exe High
25.12.2011 18:08:04 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ie8\iexplore.exe High
25.12.2011 18:08:18 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\lsass.exe High
25.12.2011 18:08:18 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\services.exe High
25.12.2011 18:08:19 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\spoolsv.exe High
25.12.2011 18:08:19 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\winlogon.exe High
25.12.2011 18:08:19 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\wuauclt.exe High
25.12.2011 18:08:21 Disinfected virus Virus.Win32.Virut.q C:\WINDOWS\ERDNT\cache\svchost.exe High
25.12.2011 18:30:38 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe High
25.12.2011 18:30:56 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe High
25.12.2011 18:31:12 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe High
25.12.2011 18:31:55 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe High
25.12.2011 18:32:24 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe High
25.12.2011 18:33:01 Disinfected virus Virus.Win32.Virut.q C:\Program Files\ICQ\ICQUninstall.exe High
25.12.2011 18:33:12 Disinfected virus Virus.Win32.Virut.q C:\Program Files\ICQ\DBConvert.exe High
25.12.2011 18:36:45 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe High
25.12.2011 18:37:08 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe High
25.12.2011 18:37:08 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe High
25.12.2011 18:38:25 Disinfected virus Virus.Win32.Virut.q C:\Program Files\SlySoft\CloneCD\HelpLauncher.exe High
25.12.2011 18:38:30 Disinfected virus Virus.Win32.Virut.q C:\Program Files\PartitionMagic 8.0\DrvMap.exe High
25.12.2011 18:38:39 Disinfected virus Virus.Win32.Virut.q C:\Program Files\PartitionMagic 8.0\pqbw.exe High
25.12.2011 18:43:41 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Opera\Opera.exe High
25.12.2011 18:43:42 Disinfected virus Virus.Win32.Virut.q C:\Program Files\METEX\USBVIEW\USBVIEW.exe High
25.12.2011 18:44:23 Disinfected virus Virus.Win32.Virut.q C:\Program Files\CyberLink\PowerDVD\CLDMA.exe High
25.12.2011 18:46:43 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\GetConnected.exe High
25.12.2011 18:46:45 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe High
25.12.2011 18:46:47 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe High
25.12.2011 18:46:48 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\TextMessageEditor.exe High
25.12.2011 18:46:51 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe High
25.12.2011 18:46:54 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe High
25.12.2011 18:46:59 Disinfected virus Virus.Win32.Virut.q C:\Program Files\Nokia\Nokia PC Suite 6\ImageStore.exe High
25.12.2011 18:47:11 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir High
25.12.2011 18:47:12 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\spoolsv.exe.vir High
25.12.2011 18:47:13 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\ilfnpjgq.exe.vir High
25.12.2011 18:47:14 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\INKED.exe.vir High
25.12.2011 18:47:14 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\msv1_0.exe.vir High
25.12.2011 18:47:16 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\cmd.exe.vir High
25.12.2011 18:47:16 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\cleanmgr.exe.vir High
25.12.2011 18:47:18 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon.exe.vir High
25.12.2011 18:47:19 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\ie4uinit.exe.vir High
25.12.2011 18:47:20 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\logonui.exe.vir High
25.12.2011 18:47:20 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\mstsc.exe.vir High
25.12.2011 18:47:22 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\msiexec.exe.vir High
25.12.2011 18:47:22 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\mspaint.exe.vir High
25.12.2011 18:47:25 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\accwiz.exe.vir High
25.12.2011 18:47:25 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\wiaacmgr.exe.vir High
25.12.2011 18:47:26 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32.exe.vir High
25.12.2011 18:47:27 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\spider.exe.vir High
25.12.2011 18:47:28 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\sndrec32.exe.vir High
25.12.2011 18:47:30 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\odbcad32.exe.vir High
25.12.2011 18:47:31 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe.vir High
25.12.2011 18:47:32 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\oobe\msoobe.exe.vir High
25.12.2011 18:47:33 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\usmt\migwiz.exe.vir High
25.12.2011 18:47:34 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\system32\Restore\rstrui.exe.vir High
25.12.2011 18:47:35 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\WINDOWS\optimashit\svchost.exe.vir High
25.12.2011 18:47:38 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Documents and Settings\Jara\Data aplikací\i6g8xs.exe.vir High
25.12.2011 18:48:26 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.vir High
25.12.2011 18:48:30 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe.vir High
25.12.2011 18:48:31 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Common Files\Ahead\Lib\NeroCheck.exe.vir High
25.12.2011 18:48:32 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe.vir High
25.12.2011 18:48:35 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\issch.exe.vir High
25.12.2011 18:48:36 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerDVD\PDVDServ.exe.vir High
25.12.2011 18:48:37 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\D-Tools\daemon.exe.vir High
25.12.2011 18:48:39 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\HP\HP Software Update\HPWuSchd2.exe.vir High
25.12.2011 18:48:41 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir High
25.12.2011 18:48:44 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe.vir High
25.12.2011 18:48:48 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir High
25.12.2011 18:48:49 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\SlySoft\CloneCD\CloneCDTray.exe.vir High
25.12.2011 18:48:50 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Unlocker\UnlockerAssistant.exe.vir High
25.12.2011 18:48:51 Disinfected virus Virus.Win32.Virut.q C:\Qoobox\Quarantine\C\Program Files\Winamp\winampa.exe.vir High
25.12.2011 18:55:15 Disinfected virus Virus.Win32.Virut.q C:\TRANSLAT\WDICT32.EXE High
25.12.2011 18:55:15 Disinfected virus Virus.Win32.Virut.q C:\TRANSLAT\WEBTRANS.EXE High
Status: Quarantined (events: 9)
25.12.2011 17:24:15 Quarantined virus HEUR:Trojan.Win32.Generic Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"ICS Monitoring Team" <a.schwarz@cdu-siemensstadt.de>][Subject:Your internet access is going to get suspended][Time:2008/09/29 01:58:30]/user-EA49943X-activities.zip/user-EA49943X-activities.exe High
25.12.2011 17:24:15 Quarantined virus HEUR:Trojan.Win32.Generic Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"ICS Monitoring Team" <a.schwarz@cdu-siemensstadt.de>][Subject:Your internet access is going to get suspended][Time:2008/09/29 01:58:30]/user-EA49943X-activities.zip/user-EA49943X-activities.exe//UPX High
25.12.2011 17:26:20 Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Hlavní identita\Místní složky\Doručená pošta\puchar@jerabzlin.com\[From:"eBay" <alerts@mail.ebay.com>][Subject:important notification from eBay Tue, 12 Jan 2010 23:43:27 -0400][Time:2010/01/13 03:45:42]/text/html High
25.12.2011 17:31:25 Quarantined virus Email-Worm.Win32.Bagle.mail Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Dwilliams" <dwilliams3@charter.net>][Subject:Dorithie][Time:2006/06/23 20:47:02]/text/html High
25.12.2011 17:31:25 Quarantined virus Email-Worm.Win32.Bagle.mail Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"J.puentes" <j.puentes@samsung.com>][Subject:Henrie][Time:2006/06/22 16:22:44]/text/html High
25.12.2011 17:31:26 Quarantined virus Email-Worm.Win32.Bagle.mail Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"J.przezdziecka" <j.przezdziecka@pkp.com.pl>][Subject:Michael][Time:2006/06/26 03:52:30]/text/html High
25.12.2011 17:31:28 Quarantined virus Email-Worm.Win32.Bagle.mail Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Mhenry" <mhenry_arnold@yahoo.com>][Subject:Bennet][Time:2006/06/27 05:41:32]/text/html High
25.12.2011 17:31:28 Quarantined virus Email-Worm.Win32.Bagle.mail Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:"Conflits" <conflits@yahoo.fr>][Subject:Leonarde][Time:2006/06/27 00:29:34]/text/html High
25.12.2011 17:34:46 Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Hlavní identita\Místní složky\Odstraněná pošta\jara2004@centrum.cz\[From:"Bank of America" <no-reply@bankofamerica.com>][Subject:Important alert][Time:2009/09/02 03:54:39]/text/html High
Status: Detected (events: 2)
25.12.2011 17:30:23 Detected Trojan program Exploit.HTML.Iframe.FileDownload Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:<MAILER-DAEMON@email.seznam.cz>][Subject:failure notice][Time:2004/05/10 16:52:02]/text/plain//[From j.puchar@seznam.cz][Date 10 May 2004 16:51:00][Subj Mail Delivery (failure utra@seznam.cz)]/html High
25.12.2011 17:30:23 Detected virus Email-Worm.Win32.NetSky.q Hlavní identita\Místní složky\Odstraněná pošta\j.puchar@seznam.cz\[From:<MAILER-DAEMON@email.seznam.cz>][Subject:failure notice][Time:2004/05/10 16:52:02]/text/plain//[From j.puchar@seznam.cz][Date 10 May 2004 16:51:00][Subj Mail Delivery (failure utra@seznam.cz)]/message.scr High
Status: Will be deleted when the computer is restarted (events: 11)
25.12.2011 17:42:22 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Virut.gc C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZODRXSOJ\kp[2].exe High
25.12.2011 17:42:22 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Virut.gc C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZODRXSOJ\kp[2].exe//UPX High
25.12.2011 17:42:25 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Virut.gc C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZODRXSOJ\kp[1].exe High
25.12.2011 17:42:25 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Virut.gc C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZODRXSOJ\kp[1].exe//UPX High
25.12.2011 17:42:23 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Scar.ezhj C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UEEOY65Y\rus[1].php High
25.12.2011 17:42:50 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Menti.iwyz C:\WINDOWS\system32\drivers\wvchatts.exe159 High
25.12.2011 17:47:18 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Virut.ga C:\WINDOWS\Temp\etuj4wjebe.exe High
25.12.2011 17:47:19 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Jorik.Cutwail.v C:\WINDOWS\Temp\VRR2.tmp High
25.12.2011 18:49:11 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Swisyn.bpat C:\Qoobox\Quarantine\C\Documents and Settings\Jara\Data aplikací\s1bya03l.exe.vir High
25.12.2011 18:49:11 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Swisyn.bpat C:\Qoobox\Quarantine\C\Documents and Settings\Jara\Data aplikací\s1bya03l.exe.vir//UPX High
25.12.2011 18:49:11 Will be deleted when the computer is restarted Trojan program Trojan.Win32.Agent2.dupy C:\Qoobox\Quarantine\C\Documents and Settings\Jara\Data aplikací\u1xis5jx.exe.vir High

Díky...

#12 Příspěvek od **cernohous13** » 25 pro 2011 20:12

použij

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni nový ComboFix zde: http://www.bleepingcomputer.com/downloa ... s/combofix
Ulož ho přejmenovaný jako "zmije.com" na plochu

návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix

restart do nouzového režimu s prací v síti (F8) - spustit - log sem zkopíruj

jara2011 · #13 Příspěvek od **jara2011** » 25 pro 2011 22:13

ComboFix 11-12-24.10 - Jara 25.12.2011 21:48:27.2.2 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.701 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jara\Plocha\zmije.com
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System\ver.dll.tmp
.
c:\windows\explorer.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WVCHATTS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-25 do 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 20:55 . 2011-12-25 20:55 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{516DBF1D-64C6-4F9A-B488-200CD64581C1}\MpKsl25120aeb.sys
2011-12-25 20:55 . 2011-12-25 20:55 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{516DBF1D-64C6-4F9A-B488-200CD64581C1}\offreg.dll
2011-12-25 20:44 . 2011-12-25 20:44 -------- d-----w- c:\documents and settings\Administrator
2011-12-25 16:58 . 2011-12-25 16:58 346 ----a-w- c:\windows\system32\drivers\rwkpbzng.dat
2011-12-25 16:18 . 2011-12-25 16:18 942 ----a-w- c:\windows\system32\drivers\sxnhyusn.dat
2011-12-25 15:49 . 2011-12-25 15:49 592 ----a-w- c:\windows\system32\drivers\uuvfreip.dat
2011-12-25 15:24 . 2011-12-25 15:25 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{516DBF1D-64C6-4F9A-B488-200CD64581C1}\MpKsl52dc0ebc.sys
2011-12-25 15:21 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{516DBF1D-64C6-4F9A-B488-200CD64581C1}\mpengine.dll
2011-12-25 15:17 . 2011-12-25 15:17 -------- d-----w- c:\program files\CleanUp!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 16:41 . 2004-09-25 10:00 13824 ----a-w- c:\windows\system32\wscntfy.exe
2011-12-25 16:04 . 2004-09-22 00:17 147968 ------w- c:\windows\REGEDIT.EXE
2011-12-25 16:04 . 2004-09-22 00:17 343552 ----a-w- c:\windows\system32\MSPAINT.EXE
2011-12-25 16:04 . 2004-09-22 00:17 69632 ----a-w- c:\windows\system32\NOTEPAD.EXE
2011-12-25 16:04 . 2004-09-22 00:17 42496 ----a-w- c:\windows\system32\NET.EXE
2011-12-25 16:04 . 2004-09-22 00:17 124928 ----a-w- c:\windows\system32\NET1.EXE
2011-12-25 16:04 . 2004-09-22 00:17 389632 ----a-w- c:\windows\system32\CMD.EXE
2011-12-25 16:04 . 2004-09-22 00:17 1033728 ----a-w- c:\windows\EXPLORER.EXE
2011-12-25 16:04 . 2004-09-22 00:17 150016 ----a-w- c:\windows\system32\IMAPI.EXE
2011-12-25 16:04 . 2004-09-22 00:17 77312 ----a-w- c:\windows\system32\MSIEXEC.EXE
2011-12-25 16:04 . 2004-09-22 00:17 24576 ----a-w- c:\windows\system32\USERINIT.EXE
2011-12-25 16:04 . 2004-09-21 22:08 741376 ----a-w- c:\windows\system32\NWIZ.EXE
2011-11-19 07:10 . 2011-07-09 00:19 1409 ----a-w- c:\windows\QTFont.for
2011-11-18 10:00 . 2011-11-18 10:00 100864 ----a-w- c:\windows\system32\drivers\services.exe
2011-11-18 09:58 . 2004-09-22 00:17 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-11-15 22:29 . 2011-06-21 12:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-02 19:07 . 2011-11-02 19:07 102 ---h--w- c:\documents and settings\Jara\Data aplikací\MouseDriver.bat
2011-10-07 04:48 . 2011-07-12 12:34 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 04:06 . 2010-10-29 14:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-05-07 18:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-05-21 20:22 . 2006-02-17 21:24 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-05-21 20:22 . 2006-02-17 21:24 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-21 20:22 . 2006-02-17 21:24 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-25 . 7749C86C334F46524265B37D782C0B3D . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2011-12-25 . 3C573B5CDDE61108FBA88AEA8349A26E . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2011-12-25 . 3BBE42A83729B389BBF6905408F84611 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[-] 2011-12-25 . 7749C86C334F46524265B37D782C0B3D . 24576 . . [5.1.2600.2180] . . c:\windows\system32\USERINIT.EXE
.
[-] 2011-12-25 . 5233CC193C59FA81A836D37EFF23C0F2 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2011-12-25 . C14EEF71476C5BBB0A7766866854A373 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2011-12-25 . FF93588C847E1AF1D9219474AC507E5C . 1032704 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2011-12-25 . A054B50704711710F8A7B3486F61E3B0 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2011-12-25 . F40D0BF9A963B1B0D6A096556C303EB2 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2011-12-25 . 58074CDA3619060F3778C71EF6027209 . 1033728 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2011-12-25 . 84776CF348E42DEE2005FAC5D3B39ACD . 1033728 . . [6.00.2900.3156] . . c:\windows\EXPLORER.EXE
.
[-] 2011-12-25 . DA10A0E08001FEC8100BBF435A7B875C . 147968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2011-12-25 . 5F3469F499B7AF445A1570B8A3A6587F . 135680 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2011-12-25 . 93AB912684E75CA28345B3BFBD4367E7 . 147968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\regedit.exe
[-] 2011-12-25 . 47F6E033F3503E990E3B16D12D3F81A2 . 147968 . . [5.1.2600.2180] . . c:\windows\REGEDIT.EXE
.
[-] 2011-12-25 . 2C79E48B5FC7DEB311E715AC5F169D86 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2011-12-25 . 79BCCE2685D4E7B2A57404107E98D248 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2011-12-25 . F981C46D689D6B0CE3F7731980A4B9A8 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ctfmon.exe
.
[-] 2011-12-25 . A2033D72DA395C8B5BE255EFA84EA27B . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2011-12-25 . 2B705A3CD6534FE62E04292DBD24DBEC . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\wscntfy.exe
[-] 2011-12-25 . A45DF5AC1ABB10811DFBF54BBA42C611 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
[-] 2011-12-25 . 70998829E015994870130AEE06A77405 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
[-] 2011-12-25 . 70998829E015994870130AEE06A77405 . 93184 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2011-12-25 . 22BBCF063E20DE85EAE0997387D0F086 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[-] 2011-12-25 . 0A961C905A46411F2D2DD503668BFF2E . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\iexplore.exe
[-] 2009-03-08 . 32E7F65E74DF0BC988025EEFC33C73F1 . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
.
.
.
c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-09-24 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-24 5033984]
"nwiz"="nwiz.exe" [2011-12-25 741376]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-11 3144800]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Jara\Nabídka Start\Programy\Po spuštění\
_uninst_73045710.lnk - c:\documents and settings\Jara\Local Settings\temp\_uninst_73045710.bat [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-9-22 113664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-1-28 102400]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"update_services"= c:\\WINDOWS\\system32\\drivers\\services.exe
.
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 3:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 14:37 5504]
R1 MpKsl25120aeb;MpKsl25120aeb;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{516DBF1D-64C6-4F9A-B488-200CD64581C1}\MpKsl25120aeb.sys [25.12.2011 21:55 29904]
R2 update_services;update_services;c:\windows\system32\drivers\services.exe [18.11.2011 11:00 100864]
S1 MpKsl1228a26d;MpKsl1228a26d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C8CCCE48-CD3C-4A7B-A3FA-4489713B7CD7}\MpKsl1228a26d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C8CCCE48-CD3C-4A7B-A3FA-4489713B7CD7}\MpKsl1228a26d.sys [?]
S1 MpKsl27c3737a;MpKsl27c3737a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A19F0F3-C7C0-404E-AE5C-AF0A33916347}\MpKsl27c3737a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0A19F0F3-C7C0-404E-AE5C-AF0A33916347}\MpKsl27c3737a.sys [?]
S1 MpKsl9f6dc1ee;MpKsl9f6dc1ee;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{808263B9-329D-4BA5-BE75-D0F38C44D131}\MpKsl9f6dc1ee.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{808263B9-329D-4BA5-BE75-D0F38C44D131}\MpKsl9f6dc1ee.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL25120AEB
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.2.254 8.8.8.8
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.11/xplugLiteDL.cab
FF - ProfilePath - c:\documents and settings\Jara\Data aplikací\Mozilla\Firefox\Profiles\xhrj528m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\msls31.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-12-25 22:01:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-25 21:01
.
Před spuštěním: Volných bajtů: 127 484 035 072
Po spuštění: Volných bajtů: 127 338 217 472
.
- - End Of File - - C52AB388723685E3017D936E7156D6B0

#14 Příspěvek od **cernohous13** » 26 pro 2011 06:35

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole "Název souboru" jen zkopíruj:

c:\windows\explorer.exe

"Send file" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

totéž se soubory:
c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\system32\dllcache\explorer.exe

jara2011 · #15 Příspěvek od **jara2011** » 26 pro 2011 08:58

Provedl jsem podle instrukcí:

c:\windows\explorer.exe

http://www.virustotal.com/file-scan/rep ... 1324885305

c:\windows\ServicePackFiles\i386\explorer.exe

http://www.virustotal.com/file-scan/rep ... 1324885608

c:\windows\system32\dllcache\explorer.exe

http://www.virustotal.com/file-scan/rep ... 1324885780

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Tiež by som poprosila kontrolu...ďakujem

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu