virus Security Tools - log z RSIT

Zpráva

tovyx · #1 Příspěvek od **tovyx** » 03 bře 2010 16:07

Dobry den,

Podarilo se mi chytit virus "Security Tools", se kterym si Avira nevi rady. Nasel jsem nejake odpovedi zde na foru, presto asi budu potrebovat pomoc. Stahl jsem si RSIT a vygeneroval log, prosim o jeho kontrolu. Predem dekuji.

pocitac:

Kód: Vybrat vše

notebook Dell Vostro 1700
Intel Core 2 Duo T7500 @ 2.2 GHz
2,0 GB RAM
Windows Vista Business 32 bit Service Pack 2

log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Radek at 2010-03-03 15:48:15
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 19 GB (10%) free of 188 GB
Total RAM: 2045 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:43, on 3.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Users\Radek\Desktop\RSIT.exe
C:\Program Files\trend micro\Radek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Internet Explorer: Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [31846729] C:\ProgramData\31846729\31846729.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: winesm32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://dk.internetzababku.cz/dk/plugin/h263ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.108.140.3/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9c1e6b1f8b7d8) (gupdate1c9c1e6b1f8b7d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12910 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-20 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-05-09 159744]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-29 36864]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-06-02 3563520]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-08-11 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2006-04-12 1261475]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-02-13 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-02-13 202544]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-09-04 2524416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-06-27 405504]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"31846729"=C:\ProgramData\31846729\31846729.exe [2010-03-03 1035776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-02-13 202544]
"Google Update"=C:\Users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f22a817-be0f-11dc-8283-001dd9eb924c}]
shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f8bca5-a4a7-11de-b226-806e6f6e6963}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e56ace-e86e-11dc-8772-000c7697fe05}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a99572a-25ea-11df-a5cf-000c7697fe05}]
shell\Autoplay\command - usb_smss.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_smss.exe
shell\explore\command - usb_smss.exe
shell\Open\command - usb_smss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c515892a-c923-11dc-a9c1-0016d43da58f}]
shell\1\command - E:\.\RECYCLER\RECYCLER\autorun.exe
shell\2\command - E:\.\RECYCLER\RECYCLER\autorun.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\.\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca606728-e07d-11dd-aeb3-000c7697fe05}]
shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cca992ab-93b8-11de-bd07-000c7697fe05}]
shell\AutoRun\command - H:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-03 15:46:13 ----A---- C:\Windows\ntbtlog.txt
2010-03-03 15:16:00 ----D---- C:\Program Files\trend micro
2010-03-03 15:15:59 ----D---- C:\rsit
2010-03-03 15:08:44 ----A---- C:\Windows\system32\userini.exe
2010-03-03 14:59:02 ----A---- C:\Windows\system32\fjhdyfhsn.bat
2010-03-03 14:58:49 ----D---- C:\ProgramData\31846729
2010-03-01 14:37:25 ----A---- C:\Windows\wininit.ini
2010-02-23 21:11:52 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 21:11:52 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 21:11:51 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 21:11:51 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 21:11:51 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 21:11:51 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 21:11:50 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 21:11:50 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 21:11:50 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 21:11:43 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 21:10:51 ----A---- C:\Windows\system32\gameux.dll
2010-02-23 21:10:50 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 21:10:50 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-23 21:10:49 ----A---- C:\Windows\system32\jscript.dll
2010-02-11 21:35:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-11 21:35:38 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-11 20:38:25 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 20:38:24 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-03 15:46:13 ----D---- C:\Windows
2010-03-03 15:43:25 ----D---- C:\Windows\Temp
2010-03-03 15:36:38 ----D---- C:\Windows\tracing
2010-03-03 15:16:00 ----RD---- C:\Program Files
2010-03-03 15:08:44 ----D---- C:\Windows\System32
2010-03-03 15:01:04 ----D---- C:\Windows\Tasks
2010-03-03 14:58:49 ----HD---- C:\ProgramData
2010-03-03 14:54:47 ----D---- C:\Users\Radek\AppData\Roaming\Skype
2010-03-03 13:17:15 ----D---- C:\Users\Radek\AppData\Roaming\skypePM
2010-03-03 09:43:26 ----D---- C:\Windows\Prefetch
2010-03-03 00:50:40 ----D---- C:\Program Files\ABBYY FineReader 9.0
2010-03-03 00:49:27 ----A---- C:\Windows\NeroDigital.ini
2010-03-02 21:41:09 ----SHD---- C:\System Volume Information
2010-03-02 15:26:42 ----D---- C:\ProgramData\Google Updater
2010-03-02 14:54:57 ----D---- C:\Windows\inf
2010-03-02 14:54:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-02 02:38:52 ----D---- C:\Downloads
2010-03-01 13:31:13 ----D---- C:\Windows\system32\catroot2
2010-02-26 08:42:09 ----SHD---- C:\Windows\Installer
2010-02-26 08:42:09 ----HD---- C:\Config.Msi
2010-02-25 00:33:19 ----D---- C:\hry
2010-02-24 07:55:15 ----D---- C:\Windows\rescache
2010-02-24 00:21:22 ----D---- C:\Windows\system32\cs-CZ
2010-02-24 00:21:20 ----D---- C:\Windows\AppPatch
2010-02-24 00:21:19 ----RSD---- C:\Windows\Fonts
2010-02-23 21:14:56 ----D---- C:\Windows\winsxs
2010-02-23 21:13:15 ----D---- C:\Windows\system32\catroot
2010-02-22 11:32:26 ----A---- C:\Windows\ricdb.ini
2010-02-11 21:06:40 ----D---- C:\Windows\system32\drivers
2010-02-11 21:06:40 ----D---- C:\Program Files\Windows Mail
2010-02-11 20:41:36 ----D---- C:\ProgramData\Microsoft Help
2010-02-10 13:58:06 ----D---- C:\school
2010-02-07 19:44:31 ----D---- C:\Users\Radek\AppData\Roaming\Adobe
2010-02-07 00:58:51 ----D---- C:\Program Files\DOSBox-0.72

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-04-25 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-04-25 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-04-25 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-05-09 157184]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-04-25 45568]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-04-29 12672]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-29 8192]
S3 akdma314;akdma314; C:\Windows\system32\drivers\akdma314.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-06-02 18424]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-29 986624]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-29 206848]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
S3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-06-27 326656]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usb2vcom;USB Data Cable; C:\Windows\system32\DRIVERS\usb2vcom.sys [2005-08-05 28704]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-29 659968]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-09 79360]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 gupdate1c9c1e6b1f8b7d8;Služba Google Update (gupdate1c9c1e6b1f8b7d8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 183280]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]
S2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-09-04 1295616]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-09-26 75064]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 202544]
S2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-06-27 94208]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-06-02 24064]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-29 386560]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-09 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [2008-01-09 78536]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 03 bře 2010 16:09

Zdravím

Odstraňte log z "code" a já se na to podívám.

tovyx · #3 Příspěvek od **tovyx** » 03 bře 2010 16:14

upraveno

#4 Příspěvek od **Caroprd111** » 03 bře 2010 16:29

Odinstalujte Spybot - Search & Destroy a Ad-Aware.

Obrázek

Vložte do PC všechny flash disky, které používáte.

Obrázek

Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\ProgramData\31846729\31846729.exe
C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
L:\Autorun.inf
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
I:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
I:\resycled
c:\$recycle.bin
d:\$recycle.bin
e:\$recycle.bin
f:\$recycle.bin
g:\$recycle.bin
h:\$recycle.bin
I:\$recycle.bin

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"31846729"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f22a817-be0f-11dc-8283-001dd9eb924c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e56ace-e86e-11dc-8772-000c7697fe05}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a99572a-25ea-11df-a5cf-000c7697fe05}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c515892a-c923-11dc-a9c1-0016d43da58f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca606728-e07d-11dd-aeb3-000c7697fe05}]

:commands
[EmptyTemp]
[Reboot]

tovyx · #5 Příspěvek od **tovyx** » 03 bře 2010 17:16

Spybot odinstalovan, Ad Aware odinstalovat neslo (mozna souvisi s nouzovym rezimem, ve kterem ted pracuji?)

Flashky nepouzivam (mozna nakaza mohla byt z jednorazove zapujcene flashky)

Skript aplikovan, po dobehnuti procesu potvrzen restart.

Prikladam log C:\_OTMoveIt\MovedFiles :

All processes killed
========== FILES ==========
C:\ProgramData\31846729\31846729.exe moved successfully.
C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe moved successfully.
File/Folder c:\Autorun.inf not found.
File/Folder D:\Autorun.inf not found.
File/Folder E:\Autorun.inf not found.
File/Folder F:\Autorun.inf not found.
File/Folder G:\Autorun.inf not found.
File/Folder H:\Autorun.inf not found.
File/Folder I:\Autorun.inf not found.
File/Folder K:\Autorun.inf not found.
File/Folder L:\Autorun.inf not found.
File/Folder C:\recycler not found.
File/Folder D:\recycler not found.
File/Folder e:\recycler not found.
File/Folder f:\recycler not found.
File/Folder g:\recycler not found.
File/Folder h:\recycler not found.
File/Folder I:\recycler not found.
File/Folder C:\resycled not found.
File/Folder D:\resycled not found.
File/Folder e:\resycled not found.
File/Folder f:\resycled not found.
File/Folder g:\resycled not found.
File/Folder h:\resycled not found.
File/Folder I:\resycled not found.
c:\$Recycle.Bin\S-1-5-21-918056312-2952985149-2686913973-500 folder moved successfully.
c:\$Recycle.Bin\S-1-5-21-2067051260-1960990550-2698688816-500 folder moved successfully.
c:\$Recycle.Bin\S-1-5-21-1174011171-2297701796-382527344-500 folder moved successfully.
c:\$Recycle.Bin\S-1-5-21-1174011171-2297701796-382527344-1000 folder moved successfully.
c:\$Recycle.Bin folder moved successfully.
d:\$RECYCLE.BIN\S-1-5-21-1174011171-2297701796-382527344-500 folder moved successfully.
d:\$RECYCLE.BIN\S-1-5-21-1174011171-2297701796-382527344-1000 folder moved successfully.
d:\$RECYCLE.BIN folder moved successfully.
File/Folder e:\$recycle.bin not found.
File/Folder f:\$recycle.bin not found.
File/Folder g:\$recycle.bin not found.
File/Folder h:\$recycle.bin not found.
File/Folder I:\$recycle.bin not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\31846729 deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"credssp.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f22a817-be0f-11dc-8283-001dd9eb924c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f22a817-be0f-11dc-8283-001dd9eb924c}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e56ace-e86e-11dc-8772-000c7697fe05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e56ace-e86e-11dc-8772-000c7697fe05}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a99572a-25ea-11df-a5cf-000c7697fe05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a99572a-25ea-11df-a5cf-000c7697fe05}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c515892a-c923-11dc-a9c1-0016d43da58f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c515892a-c923-11dc-a9c1-0016d43da58f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca606728-e07d-11dd-aeb3-000c7697fe05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca606728-e07d-11dd-aeb3-000c7697fe05}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Radek
->Temp folder emptied: 3720393587 bytes
->Java cache emptied: 92070606 bytes
->Google Chrome cache emptied: 425253008 bytes
->Opera cache emptied: 134121376 bytes
->Flash cache emptied: 137408 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 143469 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 816541329 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 421102 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 949,00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03032010_164750

#6 Příspěvek od **Caroprd111** » 03 bře 2010 17:18

Jak to vypadá s PC

tovyx · #7 Příspěvek od **tovyx** » 03 bře 2010 17:51

Po dalsim restartu jsem nechal pocitac nabehnout normalne do Windows (tedy jiz ne do Nouzoveho rezimu).

Oproti predchozim spustenim jiz nevyskakuje "aplikace" Security Tools se svym hlasenim o nakazach.

Spustil jsem Operu a Spravce uloh. Ve spravci uloh jsem pozoroval narust vyuziti pameti u Opery (otevreno vetsi mnozstvi zalozek) a u Adobe Acrobat Readeru (Reader nebyl otevren a pokud vim, tak ani v zadne zalozce nebylo otvereno zadne pdf.). Proces (Adobe) jsem tedy ve Spravci rucne ukoncil. Priblizne v te chvili svchvost.exe a TrsutedInstaller.exe zacali vyuzivat CPU na 100%. Toto pokracovalo nejakou chvili i po zavreni Opery. Nyni TrustedInstaller.exe uz neni v seznamu bezicich procesu, svchvost.exe stale vyuziva temer naplno jedno ze dvou jader CPU.

Je mozne, ze virus je na nektere ze stranek otevrenych v Opere? (a po predchozim vymazani jsem ho opet chytil?)

Zminovany narust vyuziti pameti Adobe Acrobatem pozoruji cca od zacatku tohoto tydne (kdyz proces neukoncim rucne, pokracuje az cca k 0,75 GB a pak spadne). "Aplikace" Security Tools se objevila az dnes.

#8 Příspěvek od **Caroprd111** » 03 bře 2010 18:03

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

tovyx · #9 Příspěvek od **tovyx** » 03 bře 2010 19:51

Omlouvam se za prodlevu - trvalo to trosku dele a navic jsem se musel presunout ze skoly domu.

Avira nesla nijak vypnout, spustil jsem ComboFix i presto.

Zde je log:

ComboFix 10-03-03.02 - Radek 03.03.2010 19:16:27.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2045.786 [GMT 1:00]
Spuštěný z: c:\users\Radek\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Radek\AppData\Roaming\avdrn.dat
c:\users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
c:\users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\oem52.inf
c:\windows\system32\stacsv.exe
c:\windows\system32\twain_32.dll
c:\windows\system32\userini.exe
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_STacSV

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 15:47 . 2010-03-03 15:47 -------- d-----w- C:\_OTM
2010-03-03 14:16 . 2010-03-03 14:48 -------- d-----w- c:\program files\trend micro
2010-03-03 14:15 . 2010-03-03 14:16 -------- d-----w- C:\rsit
2010-03-03 13:59 . 2010-03-03 13:59 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-03 13:58 . 2010-03-03 15:47 -------- d-----w- c:\programdata\31846729
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:10 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 20:10 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 20:10 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-11 20:35 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 20:35 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 18:32 . 2009-11-11 19:54 319992 ----a-w- c:\programdata\nvModes.dat
2010-03-03 18:31 . 2007-12-22 13:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 16:27 . 2009-04-20 18:33 -------- d-----w- c:\programdata\Google Updater
2010-03-03 15:37 . 2008-01-08 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 15:37 . 2008-01-08 16:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-03 15:03 . 2008-04-12 03:19 1356 ----a-w- c:\users\Radek\AppData\Local\d3d9caps.dat
2010-03-03 13:58 . 2010-03-03 13:58 16 ----a-w- c:\users\Radek\AppData\Roaming\rbuwzv.dat
2010-03-03 13:54 . 2008-08-14 19:47 -------- d-----w- c:\users\Radek\AppData\Roaming\Skype
2010-03-03 12:17 . 2009-12-07 19:54 -------- d-----w- c:\users\Radek\AppData\Roaming\skypePM
2010-03-02 23:50 . 2009-06-26 21:16 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-03-02 13:54 . 2007-01-08 21:12 602092 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 13:54 . 2007-01-08 21:12 116204 ----a-w- c:\windows\system32\perfc005.dat
2010-02-24 06:41 . 2007-12-28 16:14 133960 ----a-w- c:\users\Radek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 19:41 . 2008-01-08 21:26 -------- d-----w- c:\programdata\Microsoft Help
2010-02-06 23:58 . 2008-07-26 14:05 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-04 12:23 . 2008-01-09 21:29 2383 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-20 17:59 . 2009-05-31 12:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-05 14:33 . 2009-03-23 01:41 -------- d-----w- c:\program files\HP
2010-01-05 14:33 . 2010-01-05 14:33 -------- d-----w- c:\programdata\HP Product Assistant
2010-01-02 06:38 . 2010-01-24 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-24 05:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-24 05:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-24 05:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 11:43 . 2010-02-11 19:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 19:38 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 19:38 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 19:38 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-07 19:54 . 2009-12-07 19:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-07 18:16 . 2009-07-12 13:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-11 19:38 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 19:38 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 19:38 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 19:38 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 19:38 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 19:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 19:38 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 19:38 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 19:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 19:38 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 19:38 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-12-22 13:25 . 2007-12-22 13:25 76 --sh--r- c:\windows\CT4CET.bin
2007-12-22 21:07 . 2007-12-22 20:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"Google Update"="c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-27 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-09 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-6-10 25214]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):11,5c,c4,e3,6e,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1174011171-2297701796-382527344-1000]
"EnableNotificationsRef"=dword:00000002

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.7.2009 14:30 108289]
S2 gupdate1c9c1e6b1f8b7d8;Služba Google Update (gupdate1c9c1e6b1f8b7d8);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2009 19:34 133104]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\System32\drivers\aabed2.sys [20.3.2008 10:35 23040]
S3 usb2vcom;USB Data Cable;c:\windows\System32\drivers\usb2vcom.sys [10.5.2009 10:44 28704]
S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27.10.2008 17:03 759072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 18:33]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:34]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:34]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000Core.job
- c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:55]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000UA.job
- c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.108.140.3/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 19:33
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F91C2081DC456D91C4B446BE18984483D6CA815BF02E8DBF45F519E60841C82D8B9FA7840B701EDA81B97E482E5C7D0251C518DBB10FDFD38A2297F77442149A43B6E02DA0E1102D3F6933FD61EDE329B457E3C223A6318997F79CE8EE88B6057977ACF3D31666BDF8F0EEDC56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A2D97226D213B5553DADED9085B9226B11BA4552A09E4885001DF783BC210EE9E424743A6C8C76D79FE3ED10457BA9F8DD4E8E9210BA47573D606FC1CF3B13E33356F41E9494EC8E4C7FE248A01917EBB511D72DDCF250691D1507C79E613D9ADADFC96D386E9E84EFA284AA64CBDB11D0FDCFB571AC59FA83AF7FEA4EC0A55A8BCEEEDBDB30EA3A271322EB8FB23BB95832BA8169ACAC4DC74833C13AE7BB7AEA52EE623652843304BA9E06D750D0BD6DF2F0A9182068A7B79A8DA6F14D42CF1241EB3DB232F4780DA86FB5250B06F3A2255A8E03157D5411868EB835C84FB68D129BEBF09197183C8C9EFB152D1EBCFC557950E100B12289114CDCFC154F8FDE644632C4969BA1803DCB9D77E4AC76F9B0E0D524B89EE448DFECB772D4FE3E7B76CA99B54985A9B836A72550C49B8A080C36496A79B2716941AD37750B72A84BAF19ED00172D493E92795F59C3A5DF09DC36998BE1AF23FDA2DE089721903CAB97B63E90D2BC9DDA171B5CFD3B5E64D43F30F70F742BD8881AE41E1F6293676E5B3DDF0E30B5C54A287AF160E9A70BB6F087DAB39A0EF302DD373108000B1FD7CB5AEACE4A6BE6404E9BB852733C49ED55B27CE91F98DD564B623C7E0ED75AA0DDCDB9DC9C852A623A920F5E5DA7972DF2BC5AD8B1597F64E188FDE705B294762A6EEE7A0B00BC4B3C0B15C090CBF49A75C5B75964B8460345DAF8D7C1254C7AED266D99D7A94E88CAC230E9DDDCE251AA0199F82FEE27773DA3F61B838F87410AEF5E612FA7149B7F8C8A7EF6E4E46286B5CAF8ED0B18FEB53F7FAE6F22CCD4835D2C2E9DF0C5FA184D8FD6703E08CE9F3F59CE60EC13493F1D65460FE6A7300495888F14D121117600717F479A570EB10C982428CB16FA8C413948CC3628C5565066C868E9673B213425395880E50C99211CD6CD31A62A7645524E7A3F617BECDBFE5153AC5BCC418AE3F7E64648A6DB14BFF7BD7B48667854CCA74B856B28DC984DD47362C58A25BA2AE3989A18319F9022CCC65B88ACB3AF88D6D8DF629ADEFC92B1C8A6F4AE3F0E3A5B79FCF4F3AE55A3509AD673F1E92A26121FF7E4144E1153FDB968B8E6A462186D7543FE2877B76CADD2C89C9E04AC8F447DCC97472E7256FE0FEC65568F2B0EDF60145B7D0F9CE5C9E9DD9A8D0F356D0C3A32A05FA25329B0F74A54925D6D"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0bf43c04-2115-42ed-a94f-ea66ae56700e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{10894788-4b56-431e-b422-b3a3b06c4f3c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001dd9
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{20a2d91e-5b53-4043-bddb-5a1884840467}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001c23
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2805e90c-341c-495d-8d89-0c1a790bfd7c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a12c173c-9123-4563-a028-ffa3ba0cc8d7}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001372
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c31ca8ff-9f6f-4d5a-bb0f-3c80bb61b408}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001e4c
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f8b9ab0c-f9e8-47f4-ba0b-9ddcc01bffb2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5616)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\System32\bcmwltry.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\conime.exe
c:\windows\system32\Taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-03 19:44:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-03 18:44

Před spuštěním: Volných bajtů: 22 663 630 848
Po spuštění: Volných bajtů: 36 895 535 104

- - End Of File - - C73A5276D3BEEC8A28C7F764806D0CBE

#10 Příspěvek od **Caroprd111** » 03 bře 2010 20:04

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File:: 
c:\windows\system32\fjhdyfhsn.bat

REGLOCK::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f8b9ab0c-f9e8-47f4-ba0b-9ddcc01bffb2}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c31ca8ff-9f6f-4d5a-bb0f-3c80bb61b408}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a12c173c-9123-4563-a028-ffa3ba0cc8d7}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2805e90c-341c-495d-8d89-0c1a790bfd7c}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{20a2d91e-5b53-4043-bddb-5a1884840467}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{10894788-4b56-431e-b422-b3a3b06c4f3c}]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0bf43c04-2115-42ed-a94f-ea66ae56700e}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

tovyx · #11 Příspěvek od **tovyx** » 03 bře 2010 20:50

hotovo:

ComboFix 10-03-03.02 - Radek 03.03.2010 20:34:27.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2045.770 [GMT 1:00]
Spuštěný z: c:\users\Radek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Radek\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 19:43 . 2010-03-03 19:43 -------- d-----w- c:\users\Radek\AppData\Local\temp
2010-03-03 19:43 . 2010-03-03 19:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-03 19:43 . 2010-03-03 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 15:47 . 2010-03-03 15:47 -------- d-----w- C:\_OTM
2010-03-03 14:16 . 2010-03-03 14:48 -------- d-----w- c:\program files\trend micro
2010-03-03 14:15 . 2010-03-03 14:16 -------- d-----w- C:\rsit
2010-03-03 13:58 . 2010-03-03 15:47 -------- d-----w- c:\programdata\31846729
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:10 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 20:10 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 20:10 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-11 20:35 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 20:35 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 19:14 . 2009-11-11 19:54 319992 ----a-w- c:\programdata\nvModes.dat
2010-03-03 19:13 . 2007-12-22 13:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 19:13 . 2008-08-14 19:47 -------- d-----w- c:\users\Radek\AppData\Roaming\Skype
2010-03-03 18:53 . 2009-12-07 19:54 -------- d-----w- c:\users\Radek\AppData\Roaming\skypePM
2010-03-03 16:27 . 2009-04-20 18:33 -------- d-----w- c:\programdata\Google Updater
2010-03-03 15:37 . 2008-01-08 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 15:37 . 2008-01-08 16:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-03 15:03 . 2008-04-12 03:19 1356 ----a-w- c:\users\Radek\AppData\Local\d3d9caps.dat
2010-03-03 13:58 . 2010-03-03 13:58 16 ----a-w- c:\users\Radek\AppData\Roaming\rbuwzv.dat
2010-03-02 23:50 . 2009-06-26 21:16 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-03-02 13:54 . 2007-01-08 21:12 602092 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 13:54 . 2007-01-08 21:12 116204 ----a-w- c:\windows\system32\perfc005.dat
2010-02-24 06:41 . 2007-12-28 16:14 133960 ----a-w- c:\users\Radek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 19:41 . 2008-01-08 21:26 -------- d-----w- c:\programdata\Microsoft Help
2010-02-06 23:58 . 2008-07-26 14:05 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-04 12:23 . 2008-01-09 21:29 2383 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-20 17:59 . 2009-05-31 12:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-06 15:38 . 2010-02-23 20:10 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 20:10 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-23 20:10 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 20:10 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-05 14:33 . 2009-03-23 01:41 -------- d-----w- c:\program files\HP
2010-01-05 14:33 . 2010-01-05 14:33 -------- d-----w- c:\programdata\HP Product Assistant
2010-01-02 06:38 . 2010-01-24 05:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-24 05:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-24 05:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-24 05:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 11:43 . 2010-02-11 19:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 19:38 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 19:38 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 19:38 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-07 19:54 . 2009-12-07 19:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-07 18:16 . 2009-07-12 13:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-11 19:38 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 19:38 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 19:38 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 19:38 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 19:38 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 19:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 19:38 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 19:38 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 19:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 19:38 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 19:38 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-12-22 13:25 . 2007-12-22 13:25 76 --sh--r- c:\windows\CT4CET.bin
2007-12-22 21:07 . 2007-12-22 20:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"Google Update"="c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-27 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-09 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-6-10 25214]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):11,5c,c4,e3,6e,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1174011171-2297701796-382527344-1000]
"EnableNotificationsRef"=dword:00000002

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.7.2009 14:30 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [8.1.2008 18:26 685816]
S2 gupdate1c9c1e6b1f8b7d8;Služba Google Update (gupdate1c9c1e6b1f8b7d8);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2009 19:34 133104]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\System32\drivers\aabed2.sys [20.3.2008 10:35 23040]
S3 usb2vcom;USB Data Cable;c:\windows\System32\drivers\usb2vcom.sys [10.5.2009 10:44 28704]
S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [27.10.2008 17:03 759072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 18:33]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:34]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 18:34]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000Core.job
- c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:55]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174011171-2297701796-382527344-1000UA.job
- c:\users\Radek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.108.140.3/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 20:43
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F91C2081DC456D91C4B446BE18984483D6CA815BF02E8DBF45F519E60841C82D8B9FA7840B701EDA81B97E482E5C7D0251C518DBB10FDFD38A2297F77442149A43B6E02DA0E1102D3F6933FD61EDE329B457E3C223A6318997F79CE8EE88B6057977ACF3D31666BDF8F0EEDC56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A2D97226D213B5553DADED9085B9226B11BA4552A09E4885001DF783BC210EE9E424743A6C8C76D79FE3ED10457BA9F8DD4E8E9210BA47573D606FC1CF3B13E33356F41E9494EC8E4C7FE248A01917EBB511D72DDCF250691D1507C79E613D9ADADFC96D386E9E84EFA284AA64CBDB11D0FDCFB571AC59FA83AF7FEA4EC0A55A8BCEEEDBDB30EA3A271322EB8FB23BB95832BA8169ACAC4DC74833C13AE7BB7AEA52EE623652843304BA9E06D750D0BD6DF2F0A9182068A7B79A8DA6F14D42CF1241EB3DB232F4780DA86FB5250B06F3A2255A8E03157D5411868EB835C84FB68D129BEBF09197183C8C9EFB152D1EBCFC557950E100B12289114CDCFC154F8FDE644632C4969BA1803DCB9D77E4AC76F9B0E0D524B89EE448DFECB772D4FE3E7B76CA99B54985A9B836A72550C49B8A080C36496A79B2716941AD37750B72A84BAF19ED00172D493E92795F59C3A5DF09DC36998BE1AF23FDA2DE089721903CAB97B63E90D2BC9DDA171B5CFD3B5E64D43F30F70F742BD8881AE41E1F6293676E5B3DDF0E30B5C54A287AF160E9A70BB6F087DAB39A0EF302DD373108000B1FD7CB5AEACE4A6BE6404E9BB852733C49ED55B27CE91F98DD564B623C7E0ED75AA0DDCDB9DC9C852A623A920F5E5DA7972DF2BC5AD8B1597F64E188FDE705B294762A6EEE7A0B00BC4B3C0B15C090CBF49A75C5B75964B8460345DAF8D7C1254C7AED266D99D7A94E88CAC230E9DDDCE251AA0199F82FEE27773DA3F61B838F87410AEF5E612FA7149B7F8C8A7EF6E4E46286B5CAF8ED0B18FEB53F7FAE6F22CCD4835D2C2E9DF0C5FA184D8FD6703E08CE9F3F59CE60EC13493F1D65460FE6A7300495888F14D121117600717F479A570EB10C982428CB16FA8C413948CC3628C5565066C868E9673B213425395880E50C99211CD6CD31A62A7645524E7A3F617BECDBFE5153AC5BCC418AE3F7E64648A6DB14BFF7BD7B48667854CCA74B856B28DC984DD47362C58A25BA2AE3989A18319F9022CCC65B88ACB3AF88D6D8DF629ADEFC92B1C8A6F4AE3F0E3A5B79FCF4F3AE55A3509AD673F1E92A26121FF7E4144E1153FDB968B8E6A462186D7543FE2877B76CADD2C89C9E04AC8F447DCC97472E7256FE0FEC65568F2B0EDF60145B7D0F9CE5C9E9DD9A8D0F356D0C3A32A05FA25329B0F74A54925D6D"
.
Celkový čas: 2010-03-03 20:46:37
ComboFix-quarantined-files.txt 2010-03-03 19:46
ComboFix2.txt 2010-03-03 18:44

Před spuštěním: Volných bajtů: 37 129 347 072
Po spuštění: Volných bajtů: 36 953 944 064

- - End Of File - - 069511447AFADEADA09F1731EEB65C09

#12 Příspěvek od **Caroprd111** » 03 bře 2010 20:52

Jak se chová PC

tovyx · #13 Příspěvek od **tovyx** » 03 bře 2010 20:56

V teto chvili vypada vse v poradku, zkusim restart a spustit Operu.

#14 Příspěvek od **Caroprd111** » 03 bře 2010 21:03

tovyx · #15 Příspěvek od **tovyx** » 03 bře 2010 21:19

Tak situace se vicemene opakuje - tentokrat bez TrustedInstalleru.exe (respektive TrustedInstaller.exe v bezicich procesech je, ale nic nedela). Kratce po spusteni Opery se A) prideli velke mnozstvi Adobe Acrobat Readeru (ted cca 220 MB), prestoze aplikace Adobe Acrobat Reader neni spustena a v zadne zalozce neni otevrene pdf. Po chvili proces spadne (coz se i ohlasi windows hlaskou, ze byl proces neocekavane ukoncen atd.). Za B) proces svchost.exe neustale vytezuje procesor na 50% (jedno ze dvou jader jede temer naplno, zatimco druhe temer nic)

VIRY.CZ

virus Security Tools - log z RSIT

virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT

Re: virus Security Tools - log z RSIT