VIRY.CZ

Dobrej den kamarád si natáhl pěkný svinstvo je to lama tak se mu to snažim vyřešit na dálku prosím pomozte! je to tam ale radeji se poradím jak na něj díky mám k dispozici pouze log z UPM.Windows Vista SP 2 (build 6002)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 10.1.2010 18:47:21
================================================================

Běžící procesy
================================================================

(rootkit?) audiodg.exe
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\MOTIVE\MCCICMSERVICE.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAMDATA\SKYPE\PLUGINS\PLUGINS\C528FFB1B9EC473792CF67849E25EDB6\JYVENOTIFIER.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAM FILES\CROSSLOOP\CROSSLOOPCONNECT.EXE
C:\PROGRAM FILES\CROSSLOOP\WINVNC.EXE

Scanner
================================================================
[S] audiodg.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Sidebar]
Nelze otevřít

[S] SLsvc.exe
EntryPoint v sekci: .TEXT
|_ Celkový počet sekcí: 5

[?] LSSrvc.exe
Nemá okno
Soubor 7%

[?] McciCMService.exe
Nemá okno
Soubor 7%

[?] nod32krn.exe
Nemá okno
Soubor 7%

[R] pdfsvc.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[S] MSASCui.exe
Spouští se po startu HKLM Run [Windows Defender]

[S] rundll32.exe
Spouští se po startu HKLM Run [NvSvc]

[S] rundll32.exe
Spouští se po startu HKLM Run [NvSvc]

[?] hpwuSchd2.exe
Spouští se po startu HKLM Run [HP Software Update]
Soubor 7%

[R] GrooveMonitor.exe
Ověřený Microsoft: Ne
Spouští se po startu HKLM Run [GrooveMonitor]

[S] sidebar.exe
Spouští se po startu HKCU Run [Sidebar]

[?] JyveNotifier.exe
Bez výrobce
Spouští se po startu HKCU Run [JyveNotifier]
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Soubor 100%

[R] hpqtra08.exe
Spouští se po startu Po spuštění []

[S] wmpnscfg.exe
Spouští se po startu HKCU Run [WMPNSCFG]

[?] nod32kui.exe
Spouští se po startu HKLM Run [nod32kui]
Soubor 14%

[?] hpqste08.exe
Soubor 7%

[R] skypePM.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

[?] CrossLoopConnect.exe
Soubor 7%

[?] winvnc.exe
Soubor 7%

Po spuštění
================================================================

HKCU Run
|_ [S][Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
|_ [X][JyveNotifier] C:\ProgramData\Skype\Plugins\Plugins\C528FFB1B9EC473792CF67849E25EDB6\JyveNotifier.exe /onstart

HKLM Run
|_ [S][Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
|_ [?][NvSvc] C:\Windows\system32\nvsvc.dll ,nvsvcStart
|_ [R][NvCplDaemon] C:\Windows\system32\NvCpl.dll ,NvStartup
|_ [?][NvMediaCenter] C:\Windows\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
|_ [?][SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
|_ [?][HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
|_ [?][nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE

HKLM RunOnce
|_ [?][ST Recovery Launcher] C:\Windows\SMINST\launcher.exe

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)

HKLM IC
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM IE Toolbar
|_ [X][{0BF43445-2F28-4351-9252-17FE6E806AA0}] (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] hpqcxs08
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE Context Manager Objects
| |_ MD5: 38D6B51F04DEF7FB248FA56E4C47407E
|
|_ Jméno: hpqcxs08
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] Služba HP CUE DeviceDiscovery
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE DeviceDiscovery Service
| |_ MD5: 3EE4A63539EC04EE2D4BD293985087AB
|
|_ Jméno: hpqddsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] LightScribeService Direct Disc Labeling Service
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
| |_ Výrobce: Hewlett-Packard Company
| |_ Popis: LightScribe Service
| |_ MD5: D57D1BE0129C1B45653B0FA920BC4B38
|
|_ Jméno: LightScribeService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] McciCMService
|_ Cesta: C:\Program Files\Common Files\Motive\McciCMService.exe
| |_ Výrobce: Motive Communications, Inc.
| |_ Popis: mcci+McciCMService
| |_ MD5: 4F74184920B2D6E33024409B4C5C57C1
|
|_ Jméno: McciCMService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[?] Net Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZinw12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 51C6D8BFBD4EA5B62A1BA7F4469250D3
|
|_ Jméno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] NOD32 Kernel Service
|_ Cesta: C:\Program Files\Eset\nod32krn.exe
| |_ Výrobce: Eset
| |_ Popis: NOD32 Kernel Service
| |_ MD5: 7DA9D9593081CB76FCCDAB3F14438370
|
|_ Jméno: NOD32krn
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Pml Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZipm12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 79834AA2FBF9FE81EEBB229024F6F7FC
|
|_ Jméno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] AMD Low Level Device Driver
|_ Cesta: C:\Windows\system32\DRIVERS\AmdLLD.sys
| |_ Výrobce: AMD, Inc.
| |_ Popis: AMD Low Level Device Driver
| |_ MD5: AD8FA28D8ED0D0A689A0559085CE0F18
|
|_ Jméno: AmdLLD
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] FSLX
|_ Cesta: C:\Windows\system32\drivers\fslx.sys
| |_ Výrobce: Altiris, Inc.
| |_ Popis: FSL System Driver
| |_ MD5: 037B3AB349BE884BB8CB9C5356E34717
|
|_ Jméno: FSLX
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:

[?] Logitech USB Monitor Filter
|_ Cesta: C:\Windows\system32\drivers\lvusbsta.sys
| |_ Výrobce: Labtec Inc.
| |_ Popis: USB Statistic Driver
| |_ MD5: C7FCB579956B7FDE002E6E9DE36728D3
|
|_ Jméno: LVUSBSta
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] NVIDIA nForce Networking Controller Driver
|_ Cesta: C:\Windows\system32\DRIVERS\nvmfdx32.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA MCP Networking Function Driver.
| |_ MD5: D815974EEC1EE6D2F3FE2BE8BD6F3619
|
|_ Jméno: NVENETFD
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] nvlddmkm
|_ Cesta: C:\Windows\system32\DRIVERS\nvlddmkm.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 169.25
| |_ MD5: 2088F34DF31243C79DF3E9F6F774A512
|
|_ Jméno: nvlddmkm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Labtec WebCam(PID_0928)
|_ Cesta: C:\Windows\system32\DRIVERS\LV561AV.SYS
| |_ Výrobce: Labtec Inc.
| |_ Popis: Logitech Elch 2 Video Driver
| |_ MD5: 03E86718BB5AA2716C7349A854FF6203
|
|_ Jméno: PID_0928
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] pr_imon.dll
|_ Cesta: C:\Program Files\Eset\pr_imon.dll
|_ MD5: BD1DA9EA38A03F12812AD1D2258D6CC6
|_ Výrobce:
|_ Procesy
|_ services.exe (604)
|_ svchost.exe (876)
|_ svchost.exe (1124)
|_ spoolsv.exe (1656)
|_ svchost.exe (1716)
|_ nod32krn.exe (1560)
|_ svchost.exe (1956)
|_ sidebar.exe (1536)
|_ JyveNotifier.exe (2072)
|_ nod32kui.exe (1888)
|_ UPM.exe (1408)
|_ Skype.exe (3124)
|_ skypePM.exe (2276)
|_ CrossLoopConnect.exe (3360)
|_ winvnc.exe (3412)

[?] hpzpp5ha.dll
|_ Cesta: C:\windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
|_ MD5: D0E39177C896D2F8191A9C96636276DF
|_ Výrobce: Hewlett-Packard Corporation
|_ Procesy
|_ spoolsv.exe (1656)

[?] hpz3l5ha.dll
|_ Cesta: C:\windows\System32\hpz3l5ha.dll
|_ MD5: 9558DAA1DB859250A677CCE97B048151
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ spoolsv.exe (1656)

[?] hpqddsvc.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
|_ MD5: 3EE4A63539EC04EE2D4BD293985087AB
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2028)

[?] hpocxi08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
|_ MD5: 0642843485D687CB2BA37F007ECC92E4
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2028)

[?] hpqcob08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
|_ MD5: 6D15B5F97EB3332D4BBE19B6FFD512F2
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2028)
|_ hpqtra08.exe (2280)
|_ hpqste08.exe (3756)

[?] hpqcxs08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
|_ MD5: 38D6B51F04DEF7FB248FA56E4C47407E
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2028)

[?] hpqddcmn.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
|_ MD5: 5B973EA48E154C83ADF42D0A0F57BB29
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2028)
|_ hpqtra08.exe (2280)

[?] lssproxy.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSProxy.dll
|_ MD5: 1C8B7E815046BFABDEEB76B6F08678AC
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (348)

[?] lslog.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSLog.dll
|_ MD5: 6B7495501B3EEA2CA7698E074A895560
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (348)

[?] nod32krr.dll
|_ Cesta: C:\Program Files\Eset\nod32krr.dll
|_ MD5: C027C42E5BA9CDAAC00E12FA957FFBAC
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] ps_upd.dll
|_ Cesta: C:\Program Files\Eset\ps_upd.dll
|_ MD5: 635E7950179BBA54A289489B3AA4E1F9
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] pr_upd.dll
|_ Cesta: C:\Program Files\Eset\pr_upd.dll
|_ MD5: 94A8F33694D523B23C3FF83A4EC69F5C
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (1560)
|_ nod32kui.exe (1888)

[?] ps_amon.dll
|_ Cesta: C:\Program Files\Eset\ps_amon.dll
|_ MD5: 5F96018A496CB531C147FAED673C1E5D
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] pr_amon.dll
|_ Cesta: C:\Program Files\Eset\pr_amon.dll
|_ MD5: D3946C36BA5859321B27E497B265D0D7
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)
|_ nod32kui.exe (1888)

[?] ps_nod32.dll
|_ Cesta: C:\Program Files\Eset\ps_nod32.dll
|_ MD5: 4052DA2CECB4A1216112F9D146CED795
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] pr_nod32.dll
|_ Cesta: C:\Program Files\Eset\pr_nod32.dll
|_ MD5: 814281B71A087C504D13B82B4719078A
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)
|_ nod32kui.exe (1888)

[?] ps_dmon.dll
|_ Cesta: C:\Program Files\Eset\ps_dmon.dll
|_ MD5: 7C1BE0FFE6D5BC2B70ECD77EDC34F62C
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] pr_dmon.dll
|_ Cesta: C:\Program Files\Eset\pr_dmon.dll
|_ MD5: 199020DE1AB926767E519E46141DFA52
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (1560)
|_ nod32kui.exe (1888)

[?] ps_emon.dll
|_ Cesta: C:\Program Files\Eset\ps_emon.dll
|_ MD5: E046EDEE88C40256BDCB8B51D976E485
|_ Výrobce: Eset
|_ Procesy
|_ nod32krn.exe (1560)

[?] pr_emon.dll
|_ Cesta: C:\Program Files\Eset\pr_emon.dll
|_ MD5: 59495F1F699F5C642A7D5F5C0A293021
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (1560)
|_ nod32kui.exe (1888)

[?] hpzidr12.dll
|_ Cesta: C:\windows\System32\HPZidr12.dll
|_ MD5: 26AE2CA34FA4342749EC1157CB1FE954
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ svchost.exe (1936)
|_ hpqtra08.exe (2280)

[?] hpowiax4.dll
|_ Cesta: C:\windows\System32\hpowiax4.dll
|_ MD5: 3F2D55801FA1AB4A9CA7752047F6D340
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ svchost.exe (2108)

[?] vnchooks.dll
|_ Cesta: C:\Program Files\CrossLoop\VNCHooks.dll
|_ MD5: 3CF89CD0054977B7D23154F9E8D4A9A0
|_ Výrobce: TightVNC Group
|_ Procesy
|_ dwm.exe (3472)
|_ explorer.exe (3540)
|_ sidebar.exe (1536)
|_ JyveNotifier.exe (2072)
|_ hpqtra08.exe (2280)
|_ Skype.exe (3124)
|_ skypePM.exe (2276)
|_ CrossLoopConnect.exe (3360)
|_ winvnc.exe (3412)

[?] hpqrif08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
|_ MD5: A6E02F65BE0C48DE7101923AE70268BD
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpqmif08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
|_ MD5: D0716BD0C0822A642D36E82F49F2B5B8
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpzipr12.dll
|_ Cesta: C:\windows\System32\HPZipr12.dll
|_ MD5: AF880166DAC5880219F748ED83902CB2
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ hpqtra08.exe (2280)
|_ hpqste08.exe (3756)

[?] hpqddusr.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
|_ MD5: 1AE183708EC0CA7E8CECF98B9785D57C
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpodio08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
|_ MD5: 8861AB06F667429B94DBFE97550F82D5
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)
|_ hpqste08.exe (3756)

[?] hpqusg.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
|_ MD5: 5B6748DFA56A0BE54C45B989378293E1
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpotradd.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
|_ MD5: 7DAFE566BB13C16439CBAADB43582128
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpquio08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
|_ MD5: 9507A8E70A620A36CF2CF60740B8F022
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpqtra08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
|_ MD5: FD3DCCF83F459439998C8C63DAF36A11
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpqtao08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
|_ MD5: 021CFC69A1874431DC88BEFC37A2A2FD
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpotra08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
|_ MD5: 23D3BFA480C5DA9256DD9A97185678C4
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] hpotra08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
|_ MD5: 6618423130584280AED437E57296114E
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2280)

[?] nod32rui.dll
|_ Cesta: C:\Program Files\Eset\nod32rui.dll
|_ MD5: 12D295BF4908EAD4E6293F51A5E2DD68
|_ Výrobce:
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_upd.dll
|_ Cesta: C:\Program Files\Eset\pu_upd.dll
|_ MD5: 53A425C878F5897FE31F5720EFA8BF12
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_amon.dll
|_ Cesta: C:\Program Files\Eset\pu_amon.dll
|_ MD5: 3402EF298CC80ED3795E260B122CD688
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_nod32.dll
|_ Cesta: C:\Program Files\Eset\pu_nod32.dll
|_ MD5: 883485F9859D923F94A3AB01EED4D5E9
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_imon.dll
|_ Cesta: C:\Program Files\Eset\pu_imon.dll
|_ MD5: 627032330103AB6AE1871F8071C273E1
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_dmon.dll
|_ Cesta: C:\Program Files\Eset\pu_dmon.dll
|_ MD5: A676CED1F4AB1D6CD3E46B4EF43A5095
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] pu_emon.dll
|_ Cesta: C:\Program Files\Eset\pu_emon.dll
|_ MD5: C988E6C776D52804FFFCDE09594BD315
|_ Výrobce: Eset
|_ Procesy
|_ nod32kui.exe (1888)

[?] hpqstp08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
|_ MD5: AFDFF5932C824757FA0BE668BE455D82
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)

[?] hpqsem08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
|_ MD5: 45C640EA5AF1DE59DB350962B31DC1D9
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)

[?] hpqwso08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
|_ MD5: 1D0A76276AD7A836F29F447968C61CE6
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)

[?] hpqsti08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
|_ MD5: 0A0A339D07FF5E9989EEF1E1D476CD29
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)

[?] hpqstp08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
|_ MD5: 7C4DCFF108869D7915D39B9371BE5FFE
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)

[?] dicrpki.dll
|_ Cesta: C:\Program Files\CrossLoop\diCrPKI.dll
|_ MD5: BE706AC2CAEE39BA8C90BE3A6C037A08
|_ Výrobce: D.I. Management Services Pty Limited
ABN 78 083 210 584
<www.di-mgt.com.au> <www.cryptosys.net>
|_ Procesy
|_ CrossLoopConnect.exe (3360)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Nic nebezpečného tam nevidím. Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jenda at 2010-01-15 20:27:35
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 437 GB (95%) free of 461 GB
Total RAM: 1918 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:38, on 15.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\windows\System32\rundll32.exe
C:\windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Skype\Plugins\Plugins\C528FFB1B9EC473792CF67849E25EDB6\JyveNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Users\Jenda\AppData\Local\CrossLoop\CrossLoopConnect.exe
C:\Users\Jenda\Desktop\RSIT.exe
C:\Program Files\trend micro\Jenda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JyveNotifier] C:\ProgramData\Skype\Plugins\Plugins\C528FFB1B9EC473792CF67849E25EDB6\JyveNotifier.exe /onstart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CrossLoop Service (CrossLoopService) - Unknown owner - C:\Users\Jenda\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: uvnc_service - UltraVNC - C:\Users\Jenda\AppData\Local\CrossLoop\winvnc.exe

--
End of file - 7416 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-360118553-3191658740-1842050101-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-360118553-3191658740-1842050101-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{52FA7625-7D36-4CDD-B51C-1812E35C6EF4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-11 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-04-07 318488]
"SetRefresh"=C:\Program Files\HP\SetRefresh\SetRefresh.exe [2003-11-20 525824]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-11-10 949376]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"=C:\Windows\SMINST\launcher.exe [2008-02-22 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"JyveNotifier"=C:\ProgramData\Skype\Plugins\Plugins\C528FFB1B9EC473792CF67849E25EDB6\JyveNotifier.exe [2009-12-04 1962496]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jenda\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-13 15:02:15 ----D---- C:\Program Files\trend micro
2010-01-13 15:02:13 ----D---- C:\rsit
2010-01-13 07:47:22 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 07:47:22 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 17:54:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-01-11 17:54:29 ----D---- C:\Users\Jenda\AppData\Roaming\SUPERAntiSpyware.com
2010-01-11 17:54:29 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-10 19:03:49 ----D---- C:\!KillBox
2010-01-10 18:22:45 ----D---- C:\Program Files\Ultimate Process Manager
2010-01-10 17:35:42 ----D---- C:\Program Files\CCleaner
2010-01-09 16:23:59 ----D---- C:\Program Files\CrossLoop

======List of files/folders modified in the last 1 months======

2010-01-15 20:27:36 ----D---- C:\Windows\Temp
2010-01-15 20:25:48 ----D---- C:\Users\Jenda\AppData\Roaming\Skype
2010-01-15 20:15:25 ----D---- C:\Windows\SMINST
2010-01-15 18:38:42 ----D---- C:\Users\Jenda\AppData\Roaming\skypePM
2010-01-13 15:45:58 ----SD---- C:\Users\Jenda\AppData\Roaming\Microsoft
2010-01-13 15:23:49 ----D---- C:\Windows\System32
2010-01-13 15:23:49 ----D---- C:\Windows\inf
2010-01-13 15:23:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-13 15:02:15 ----RD---- C:\Program Files
2010-01-13 08:24:00 ----D---- C:\Windows\winsxs
2010-01-13 07:58:50 ----SHD---- C:\Windows\Installer
2010-01-13 07:58:40 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 07:58:06 ----D---- C:\Windows\system32\catroot
2010-01-13 07:57:58 ----D---- C:\Program Files\Windows Mail
2010-01-13 07:56:03 ----D---- C:\Windows\Debug
2010-01-13 07:47:17 ----D---- C:\Windows\Prefetch
2010-01-13 07:46:58 ----D---- C:\Windows\system32\catroot2
2010-01-12 19:12:01 ----D---- C:\Program Files\Opera
2010-01-11 17:54:52 ----HD---- C:\ProgramData
2010-01-11 17:53:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-10 17:39:27 ----D---- C:\Windows\system32\LogFiles
2010-01-10 17:39:23 ----D---- C:\windows
2010-01-09 23:41:44 ----SHD---- C:\System Volume Information
2010-01-09 18:19:06 ----D---- C:\Users\Jenda\AppData\Roaming\ICQ
2010-01-05 03:18:34 ----D---- C:\Users\Jenda\AppData\Roaming\vlc
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-01 10:50:08 ----D---- C:\Program Files\Eset
2009-12-31 11:23:00 ----D---- C:\Windows\Tasks
2009-12-30 17:47:54 ----D---- C:\Program Files\ICQ6.5
2009-12-24 11:23:35 ----D---- C:\Windows\system32\Tasks
2009-12-24 11:20:35 ----D---- C:\Windows\twain_32
2009-12-24 11:14:56 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FSLX;FSLX; \??\C:\Windows\system32\drivers\fslx.sys [2008-07-11 191872]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2009-11-10 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2009-11-10 512096]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-06 2013592]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-01-19 22016]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-07-30 1025024]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-19 211712]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-10 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CrossLoopService;CrossLoop Service; C:\Users\Jenda\AppData\Local\CrossLoop\CrossLoopService.exe [2009-12-16 86016]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-11-10 552064]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-07 576024]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 uvnc_service;uvnc_service; C:\Users\Jenda\AppData\Local\CrossLoop\winvnc.exe [2009-12-06 1590216]

-----------------EOF-----------------

Ani zde nic nebezpečného nevidím. V kterém souboru byl nalezen?

Díky za snahu takhle to nejde je to náročné musel bych na tom pc sedět.Díky za snahu.Považujte toto téma za uzavřené dekuji JAwa

Nemáte zač!

VIRY.CZ

Virus hnus

Virus hnus

Re: Virus hnus

Re: Virus hnus

Re: Virus hnus

Re: Virus hnus

Re: Virus hnus