VIRY.CZ

Run by BUBLINKA at 2010-03-06 19:37:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 59 GB (61%) free of 96 GB
Total RAM: 1917 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:57, on 6.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\strs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BUBLINKA\Downloads\RSIT(3).exe
C:\Program Files\trend micro\BUBLINKA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StrSystem] C:\Windows\strs.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Speedmanager plus.lnk = C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 5525 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"StrSystem"=C:\Windows\strs.exe [2009-10-12 2352640]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-10-30 2172416]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-10-30 3055616]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Speedmanager plus.lnk - C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ad7373-c53a-11de-859e-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11ad73a8-c53a-11de-859e-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36781142-c57f-11de-8c8c-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61a0347f-cbef-11de-b701-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{776fc178-c4c4-11de-96b6-806e6f6e6963}]
shell\AutoRun\command - F:\setup.exe
shell\LVIPCAP\command - F:\techsupt\CaptureTest\Amcap8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f3de6-c570-11de-8e41-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f3e36-c570-11de-8e41-001f160cc13a}]
shell\AutoRun\command - G:\Autorun.exe


======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-06 19:30:54 ----D---- C:\Program Files\trend micro
2010-03-06 19:30:52 ----D---- C:\rsit
2010-02-28 18:40:22 ----D---- C:\Windows\pss
2010-02-26 23:27:03 ----D---- C:\Users\BUBLINKA\AppData\Roaming\Facebook
2010-02-26 20:11:15 ----ASH---- C:\Windows\ShellExecuteHook.dll
2010-02-26 20:11:14 ----ASH---- C:\Windows\MmWatch.dll
2010-02-26 20:11:14 ----ASH---- C:\Windows\HkMgrMM.dll
2010-02-26 20:11:08 ----ASH---- C:\Windows\Strsysk.dll
2010-02-26 20:11:08 ----ASH---- C:\Windows\Strsys.dll
2010-02-26 20:11:08 ----ASH---- C:\Windows\HMFAxstr.dll
2010-02-26 20:10:58 ----ASH---- C:\Windows\strs.exe
2010-02-26 20:10:57 ----SHD---- C:\ProgramData\Strazca systemu
2010-02-26 20:10:57 ----A---- C:\Windows\unins000.exe
2010-02-24 11:19:07 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 11:17:24 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 11:17:21 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 11:16:43 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 11:16:38 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 11:16:37 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 11:16:36 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 11:16:30 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 11:16:30 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 11:16:29 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 11:16:20 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 11:16:14 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 11:16:13 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 13:48:01 ----D---- C:\Program Files\WebWasher
2010-02-22 20:09:18 ----D---- C:\Program Files\jv16 PowerTools 2009
2010-02-21 20:42:23 ----AD---- C:\ProgramData\TEMP
2010-02-21 20:40:18 ----D---- C:\Program Files\Registry Mechanic
2010-02-17 20:14:34 ----D---- C:\Program Files\MyFreeCams V2
2010-02-17 20:11:22 ----D---- C:\Users\BUBLINKA\AppData\Roaming\TeamViewer
2010-02-17 20:10:50 ----D---- C:\Program Files\TeamViewer
2010-02-15 14:32:46 ----A---- C:\Windows\system32\LVUI2.dll
2010-02-15 14:32:46 ----A---- C:\Windows\system32\lvcoinst.ini
2010-02-15 14:32:45 ----A---- C:\Windows\system32\LVUI2RC.dll
2010-02-15 14:32:45 ----A---- C:\Windows\system32\lvcodec2.dll
2010-02-15 14:32:45 ----A---- C:\Windows\system32\lvci1150.dll
2010-02-15 14:29:01 ----D---- C:\ProgramData\Logishrd
2010-02-15 14:28:53 ----D---- C:\Program Files\Common Files\LogiShrd
2010-02-15 14:28:31 ----D---- C:\ProgramData\Logitech
2010-02-15 14:28:30 ----D---- C:\Program Files\Logitech
2010-02-10 13:26:11 ----D---- C:\Program Files\MSXML 4.0
2010-02-10 10:42:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 10:42:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 10:42:21 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 10:42:20 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 10:42:20 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 10:42:20 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 10:42:20 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 10:42:19 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 10:42:19 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 10:42:19 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 10:42:19 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 18:57:19 ----ASH---- C:\Users\BUBLINKA\AppData\Roaming\desktop.ini
2010-02-09 18:50:49 ----D---- C:\Users\BUBLINKA\AppData\Roaming\ArcSoft
2010-02-09 18:50:24 ----D---- C:\ProgramData\ArcSoft
2010-02-09 18:49:01 ----D---- C:\Program Files\ArcSoft
2010-02-09 18:49:00 ----D---- C:\Program Files\Common Files\ArcSoft
2010-02-09 18:49:00 ----A---- C:\Windows\system32\unicows.dll
2010-02-09 17:37:11 ----D---- C:\Users\BUBLINKA\AppData\Roaming\Nero
2010-02-09 15:12:17 ----D---- C:\Program Files\Nero
2010-02-09 15:11:18 ----D---- C:\ProgramData\Nero
2010-02-09 15:11:16 ----D---- C:\Program Files\Common Files\Nero
2010-02-09 15:10:03 ----A---- C:\Windows\system32\d3dx9_30.dll

======List of files/folders modified in the last 1 months======

2010-03-06 19:37:39 ----D---- C:\Windows\Temp
2010-03-06 19:30:54 ----RD---- C:\Program Files
2010-03-06 19:18:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-06 19:18:14 ----D---- C:\Windows\system32\drivers
2010-03-06 19:03:51 ----D---- C:\Users\BUBLINKA\AppData\Roaming\Skype
2010-03-06 17:36:44 ----D---- C:\Users\BUBLINKA\AppData\Roaming\skypePM
2010-03-06 17:35:55 ----D---- C:\Users\BUBLINKA\AppData\Roaming\ICQ
2010-03-06 13:16:12 ----SHD---- C:\System Volume Information
2010-03-05 16:02:00 ----D---- C:\Users\BUBLINKA\AppData\Roaming\Spyware Terminator
2010-03-05 10:49:21 ----D---- C:\ProgramData\Spyware Terminator
2010-02-28 18:40:22 ----D---- C:\Windows
2010-02-26 20:10:57 ----HD---- C:\ProgramData
2010-02-26 14:29:19 ----D---- C:\Windows\Prefetch
2010-02-25 20:29:12 ----D---- C:\ProgramData\NOS
2010-02-25 14:44:49 ----D---- C:\Windows\System32
2010-02-25 14:44:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-25 14:44:47 ----D---- C:\Windows\inf
2010-02-25 14:44:46 ----D---- C:\Windows\rescache
2010-02-25 12:38:52 ----RSD---- C:\Windows\Fonts
2010-02-25 12:38:52 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 12:38:52 ----D---- C:\Windows\AppPatch
2010-02-25 12:10:08 ----D---- C:\Windows\winsxs
2010-02-25 12:05:42 ----D---- C:\Windows\system32\catroot
2010-02-24 11:15:47 ----D---- C:\Windows\system32\catroot2
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-21 21:24:37 ----D---- C:\Program Files\Common Files
2010-02-21 20:47:11 ----D---- C:\Windows\system32\config
2010-02-18 18:00:10 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 17:28:54 ----D---- C:\Windows\system32\Tasks
2010-02-15 14:36:49 ----D---- C:\Windows\twain_32
2010-02-15 14:34:28 ----SHD---- C:\Windows\Installer
2010-02-15 14:33:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 16:02:32 ----D---- C:\Program Files\Windows Mail
2010-02-10 13:27:33 ----D---- C:\Windows\Debug
2010-02-09 18:48:23 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-09 15:08:52 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-08 18:42:57 ----D---- C:\Program Files\T-Mobile

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-10-30 142592]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 690176]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
R3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-10-12 1920920]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-10-12 3647384]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
R3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-07-30 101120]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-03 692224]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MsMpSvc;@C:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-10-30 487936]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Moc vám Děkuji

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Caroprd111 píše: Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Tak doufám že je to co potřebujete?

ComboFix 10-03-06.01 - BUBLINKA 06.03.2010 20:01:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1917.984 [GMT 1:00]
Spuštěný z: c:\users\BUBLINKA\Downloads\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 19:17 . 2010-03-06 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 18:30 . 2010-03-06 18:37 -------- d-----w- c:\program files\trend micro
2010-03-06 18:30 . 2010-03-06 18:31 -------- d-----w- C:\rsit
2010-02-26 22:27 . 2010-02-26 22:28 50354 ----a-w- c:\users\BUBLINKA\AppData\Roaming\Facebook\uninstall.exe
2010-02-26 22:27 . 2010-02-26 22:27 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\Facebook
2010-02-26 19:11 . 2009-05-02 14:13 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2010-02-26 19:11 . 2009-05-01 14:28 166400 --sha-w- c:\windows\MmWatch.dll
2010-02-26 19:11 . 2009-04-14 09:59 28672 --sha-w- c:\windows\HkMgrMM.dll
2010-02-26 19:11 . 2008-04-30 17:41 926968 --sha-w- c:\windows\HMFAxstr.dll
2010-02-26 19:11 . 2008-03-04 16:50 44544 --sha-w- c:\windows\Strsysk.dll
2010-02-26 19:11 . 2007-03-21 22:10 24064 --sha-w- c:\windows\Strsys.dll
2010-02-26 19:10 . 2009-10-12 22:07 2352640 --sha-w- c:\windows\strs.exe
2010-02-26 19:10 . 2010-02-26 19:11 7284 ----a-w- c:\windows\unins000.dat
2010-02-26 19:10 . 2010-02-26 19:11 -------- d-sh--w- c:\programdata\Strazca systemu
2010-02-26 19:10 . 2010-02-26 19:10 709668 ----a-w- c:\windows\unins000.exe
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\BUBLINKA\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\BUBLINKA\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 10:19 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:17 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:17 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:16 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:16 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:16 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:16 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:16 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:16 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:16 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 10:16 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 10:16 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 10:16 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 12:48 . 2010-02-23 13:01 -------- d-----w- c:\program files\WebWasher
2010-02-22 19:10 . 2010-02-22 19:10 23 --sha-w- c:\windows\system32\edacded0.dat
2010-02-22 19:09 . 2010-02-22 19:10 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-02-17 19:14 . 2010-03-06 18:06 -------- d-----w- c:\program files\MyFreeCams V2
2010-02-17 19:11 . 2010-02-17 19:11 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\TeamViewer
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- c:\program files\TeamViewer
2010-02-15 13:32 . 2007-10-12 02:00 3647384 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-02-15 13:32 . 2007-10-12 02:00 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-15 13:32 . 2007-10-12 02:00 490008 ----a-w- c:\windows\system32\LVUI2.dll
2010-02-15 13:32 . 2007-10-12 01:18 21138 ----a-w- c:\windows\system32\Repository.reg
2010-02-15 13:32 . 2007-10-12 02:00 465432 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-02-15 13:32 . 2007-10-12 01:57 195096 ----a-w- c:\windows\system32\lvci1150.dll
2010-02-15 13:32 . 2007-10-12 01:57 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-02-15 13:32 . 2007-10-12 01:59 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-02-15 13:29 . 2010-02-15 13:39 -------- d-----w- c:\programdata\Logishrd
2010-02-15 13:28 . 2010-02-15 13:36 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-02-15 13:28 . 2010-02-15 13:28 -------- d-----w- c:\programdata\Logitech
2010-02-15 13:28 . 2010-02-15 13:40 -------- d-----w- c:\program files\Logitech
2010-02-10 18:04 . 2010-02-10 18:05 5299337 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-10 12:26 . 2010-02-10 12:26 -------- d-----w- c:\program files\MSXML 4.0
2010-02-09 17:57 . 2010-02-09 17:57 -------- d-sh--we c:\windows\system32\config\systemprofile\Soubory cookie
2010-02-09 17:57 . 2010-02-09 17:57 -------- d-sh--we c:\windows\system32\config\systemprofile\Data aplikací
2010-02-09 17:50 . 2010-02-09 18:02 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\ArcSoft
2010-02-09 17:50 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-02-09 17:50 . 2010-02-09 17:51 -------- d-----w- c:\users\BUBLINKA\AppData\Local\ArcSoft
2010-02-09 17:50 . 2010-02-10 18:04 -------- d-----w- c:\programdata\ArcSoft
2010-02-09 17:49 . 2010-02-09 17:49 -------- d-----w- c:\program files\ArcSoft
2010-02-09 17:49 . 2010-02-09 17:50 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-09 17:49 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-02-09 16:37 . 2010-02-09 16:45 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\Nero
2010-02-09 14:12 . 2010-02-09 14:42 -------- d-----w- c:\program files\Nero
2010-02-09 14:11 . 2010-02-09 14:20 -------- d-----w- c:\programdata\Nero
2010-02-09 14:11 . 2010-02-09 14:43 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 19:02 . 2009-10-30 16:54 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\Skype
2010-03-06 18:18 . 2009-10-30 12:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 18:17 . 2009-10-30 12:34 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 18:00 . 2010-02-15 13:36 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-06 16:36 . 2009-12-13 17:58 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\skypePM
2010-03-06 16:35 . 2009-10-30 12:43 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\ICQ
2010-03-05 15:02 . 2009-10-30 14:20 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\Spyware Terminator
2010-03-05 09:49 . 2009-10-30 14:20 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-25 19:29 . 2010-01-09 14:09 -------- d-----w- c:\programdata\NOS
2010-02-25 13:44 . 2009-10-28 06:02 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 13:44 . 2009-10-28 06:02 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-02-25 11:41 . 2009-10-27 23:18 49168 ----a-w- c:\users\BUBLINKA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-30 12:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 13:33 . 2009-10-29 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 15:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 17:48 . 2009-10-29 19:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-08 17:42 . 2009-10-30 10:03 -------- d-----w- c:\program files\T-Mobile
2010-02-04 09:24 . 2009-10-30 14:20 -------- d-----w- c:\program files\Spyware Terminator
2010-01-31 19:01 . 2010-01-31 19:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-31 18:55 . 2010-01-31 18:02 -------- d-----w- c:\program files\Common Files\Adobe-BackupByPhotoshopPortable
2010-01-16 19:27 . 2010-01-16 19:27 -------- d-----w- c:\program files\VideoLAN
2010-01-16 19:05 . 2010-01-16 19:05 -------- d-----w- c:\program files\Common Files\Apple
2010-01-16 19:05 . 2010-01-16 19:04 -------- d-----w- c:\program files\Apple Software Update
2010-01-16 19:04 . 2010-01-16 19:04 -------- d-----w- c:\programdata\Apple
2010-01-15 17:01 . 2009-10-30 12:42 -------- d-----w- c:\program files\ICQ6.5
2010-01-12 17:42 . 2010-01-12 17:16 -------- d-----w- c:\program files\Common Files\Pointstone
2010-01-12 17:42 . 2010-01-12 17:16 -------- d-----w- c:\program files\Pointstone
2010-01-12 17:37 . 2010-01-12 17:37 -------- d-----w- c:\program files\CCleaner
2010-01-12 14:32 . 2009-10-30 16:51 -------- d-----r- c:\program files\Skype
2010-01-10 19:28 . 2010-01-10 18:47 -------- d-----w- c:\program files\Thegrideon Software
2010-01-09 19:23 . 2010-01-09 19:23 -------- d-----w- c:\users\BUBLINKA\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-01-09 14:31 . 2010-01-09 14:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 14:14 . 2010-01-09 14:14 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-09 14:10 . 2010-01-09 14:10 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-01-07 15:07 . 2009-10-30 12:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-30 12:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-02-24 10:16 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 10:16 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 10:16 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 10:16 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-12-18 13:01 . 2010-01-22 11:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 11:08 . 2009-12-18 11:08 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-16 11:44 . 2010-01-22 11:04 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 17:58 . 2009-12-13 17:58 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-11 11:43 . 2010-02-10 09:42 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 09:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 09:42 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 09:42 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 09:42 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 09:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-14 09:59 . 2010-02-26 19:11 28672 --sha-w- c:\windows\HkMgrMM.dll
2008-04-30 17:41 . 2010-02-26 19:11 926968 --sha-w- c:\windows\HMFAxstr.dll
2009-05-01 14:28 . 2010-02-26 19:11 166400 --sha-w- c:\windows\MmWatch.dll
2009-05-02 14:13 . 2010-02-26 19:11 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2009-10-12 22:07 . 2010-02-26 19:10 2352640 --sha-w- c:\windows\strs.exe
2007-03-21 22:10 . 2010-02-26 19:11 24064 --sha-w- c:\windows\Strsys.dll
2008-03-04 16:50 . 2010-02-26 19:11 44544 --sha-w- c:\windows\Strsysk.dll
2007-08-01 15:12 . 2007-08-01 15:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-10-30 3055616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"StrSystem"="c:\windows\strs.exe" [2009-10-12 2352640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-30 2172416]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Speedmanager plus.lnk - c:\program files\T-Mobile\Speedmanager plus\Spawner.exe [2009-10-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,f9,da,f4,32,71,ca,01

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-10-30 142592]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
FF - ProfilePath - c:\users\BUBLINKA\AppData\Roaming\Mozilla\Firefox\Profiles\lpzfu8uq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\BUBLINKA\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-06 20:25:42
ComboFix-quarantined-files.txt 2010-03-06 19:25

Před spuštěním: Volných bajtů: 61 721 047 040
Po spuštění: Volných bajtů: 61 707 223 040

- - End Of File - - 96AEFB5660FF92394859363702A46530

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Caroprd111 píše: Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Tak když stáhnu MBR a otevřu ho tak se mi vyskoči okno a hned se to stratí,tak nevím kde může mít problém(

Omlouvám se, musíte zadat:

Caroprd111 píše:Omlouvám se, musíte zadat:

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

To okénko které se mi otevře tak se okamžitě zavře tak to tam nestíhám právě ani skopírovat

Tak MBR vynechte.

Caroprd111 píše:Tak MBR vynechte.

Tak v programu Gmer mi to nic nevyhodilo

Přečtěte si návod, musíte log uložit.

Caroprd111 píše:Přečtěte si návod, musíte log uložit.

Aha)))tak to se omlouvám,budu to muset dodělat zítra.Jinak Vám moc Děkuji za pomoc a hlavně trpělivost,zítra se ozvu.Děkuji

OK

Caroprd111 píše:OK

Dobrý večer.Tak ten první log z toho Gameru mi nic nevyjel a momentálně provádím druhý log.