VIRY.CZ

HKU\S-1-5-21-1935655697-2025429265-1177238915-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 29. 11. 2007 13:21 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 12. 7. 2005 7:51 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12. 7. 2005 7:51 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 16. 2. 2010 7:44 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 23. 3. 2010 10:21 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 24. 6. 2009 10:07 0 bytes Access is denied.
C:\Documents and Settings\Horej 23. 3. 2010 10:50 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:07 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:04 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:34 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:37 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:55 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:31 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:01 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:42 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:10 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:58 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:12 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:52 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:45 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:15 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:28 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:00 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:11 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:47 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:05 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:02 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:57 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:26 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:30 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:51 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:14 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:54 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:44 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:36 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:40 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:08 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:33 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:43 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:56 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:47 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:35 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:59 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:38 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:02 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:16 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:13 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:53 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:05 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:10 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:50 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:32 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:29 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:07 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:00 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:31 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:12 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:09 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:57 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:33 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:27 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:36 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:06 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:45 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:41 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:15 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:49 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:52 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 11:03 42 bytes Hidden from Windows API.
C:\Documents and Settings\Horej 23. 3. 2010 10:55 42 bytes Hidden from Windows API.
C:\Program Files\GoQ - NetRadio\goq.tt 23. 3. 2010 11:16 42 bytes Hidden from Windows API.
C:\WINDOWS\Temp\6bef4d21-cb8f-4b0e-b57d-18e0aefc5b16.tmp 23. 3. 2010 11:16 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\88bcaa35-c3f6-479d-a0e6-96b0182db7ad.tmp 23. 3. 2010 10:26 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\978ef2db-1302-42ee-b5cd-6f39fcc2f5ba.tmp 23. 3. 2010 11:17 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Temp\ee21c3db-85e1-43bd-8918-061c294888a3.tmp 23. 3. 2010 11:13 0 bytes Visible in Windows API, but not in MFT or directory index.

vycisti PC s MBAM a potom vloz log RSIT

Díky za pomoc, vyčistil jsem PC pomocí MBAM ( celkem ukázal 11 infekcí) a zasílám nový log RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Horejš at 2010-03-24 08:12:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (21%) free of 38 GB
Total RAM: 503 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:47, on 24.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GoQ - NetRadio\NetRadio.exe
C:\Program Files\GoQ - NetRadio\goq.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Stahování z internetu\RSIT - Random system information tools\RSIT.exe
C:\Program Files\trend micro\Horejš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: NetRadio.lnk = C:\Program Files\GoQ - NetRadio\NetRadio.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6333131390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0658134093
O17 - HKLM\System\CCS\Services\Tcpip\..\{146E65AD-EE4B-49E5-93AC-704E7D890948}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 5BEmyP - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: bIMUQ7 - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: Ezl5j5 - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: feV5nR - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: i17Cem - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: iFlBpS - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lrjn0b - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Y Soft Local Monitor (SQLocalMon) - Unknown owner - C:\WINDOWS\system32\SQLocalM.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: V5cHDR - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe
O23 - Service: YSks4m - CPUID - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe

--
End of file - 9177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-2025429265-1177238915-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-2025429265-1177238915-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-15 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"SmartRAM"=C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe [2007-10-29 662016]
"PAC7302_Monitor"=C:\WINDOWS\P [2009-02-25 260]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-15 202256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2008-08-24 4067328]
"Svátky a výročí"=C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe [2006-04-28 1019904]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\Horejš\Nabídka Start\Programy\Po spuštění
NetRadio.lnk - C:\Program Files\GoQ - NetRadio\NetRadio.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-07 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-05-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\ProgramFiles\Portable Skype\Phone\Skype.exe"="G:\ProgramFiles\Portable Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe"="C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fe42f93-bb2f-11db-afd9-000802bc3e8c}]
shell\AutoRun\command - RECYCLER.exe I:\
shell\Explore\command - RECYCLER.exe I:\
shell\Open\command - RECYCLER.exe I:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e743fb-c97b-11dc-b0a2-000802bc3e8c}]
shell\Open(0)\command - F:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7339dc8-8128-11dc-b0c4-000802bc3e8c}]
shell\AutoRun\command - RECYCLER.exe E:\
shell\Explore\command - RECYCLER.exe E:\
shell\Open\command - RECYCLER.exe E:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b102811e-8b50-11db-afa4-000802bc3e8c}]
shell\AutoRun\command - F:\RECYCLER.exe H:\
shell\Explore\command - F:\RECYCLER.exe H:\
shell\Open\command - F:\RECYCLER.exe H:\

======List of files/folders created in the last 1 months======

2010-03-24 08:13:01 ----D---- C:\Program Files\trend micro
2010-03-24 08:12:55 ----D---- C:\rsit
2010-03-24 08:12:06 ----A---- C:\mbam-log-2010-03-24 (08-10-37).txt
2010-03-24 07:34:06 ----D---- C:\Documents and Settings\Horejš\Data aplikací\Malwarebytes
2010-03-24 07:33:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-24 07:33:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-23 11:23:53 ----A---- C:\RootkitReveal.txt
2010-03-17 11:09:46 ----D---- C:\Školní vzdělávací program
2010-03-15 07:38:05 ----D---- C:\Program Files\Common Files\xing shared
2010-03-10 08:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-03-24 08:13:28 ----D---- C:\Program Files\GoQ - NetRadio
2010-03-24 08:13:02 ----D---- C:\WINDOWS\Temp
2010-03-24 08:13:01 ----AD---- C:\Program Files
2010-03-24 08:12:47 ----D---- C:\WINDOWS\Prefetch
2010-03-24 08:11:54 ----D---- C:\Documents and Settings\Horejš\Data aplikací\Skype
2010-03-24 08:04:37 ----D---- C:\Stahování z internetu
2010-03-24 07:33:49 ----D---- C:\WINDOWS\system32\drivers
2010-03-24 07:31:51 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-24 07:20:11 ----SD---- C:\WINDOWS\Tasks
2010-03-24 07:16:56 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-23 13:12:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 12:41:00 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 10:26:58 ----D---- C:\WINDOWS\system32
2010-03-23 08:03:24 ----D---- C:\Documents and Settings\Horejš\Data aplikací\skypePM
2010-03-23 07:16:14 ----HD---- C:\$AVG8.VAULT$
2010-03-22 12:14:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-03-22 11:41:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 11:31:58 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-22 07:21:11 ----D---- C:\Program Files\OKsoftware
2010-03-17 11:08:01 ----D---- C:\Stahování programů
2010-03-15 08:04:20 ----D---- C:\Documents and Settings\Horejš\Data aplikací\Real
2010-03-15 08:04:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-03-15 07:39:46 ----D---- C:\Program Files\Common Files\Real
2010-03-15 07:39:30 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-15 07:38:30 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-15 07:38:30 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-15 07:38:24 ----SHD---- C:\WINDOWS\Installer
2010-03-15 07:38:24 ----HD---- C:\Config.Msi
2010-03-15 07:38:23 ----D---- C:\Program Files\real
2010-03-15 07:38:05 ----D---- C:\Program Files\Common Files
2010-03-15 07:34:45 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-03-15 07:34:45 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-03-15 07:34:44 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-12 12:53:47 ----D---- C:\DOKUMENTY
2010-03-11 07:12:21 ----D---- C:\WINDOWS
2010-03-10 08:09:53 ----D---- C:\WINDOWS\inf
2010-03-10 08:09:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 08:09:39 ----D---- C:\Program Files\Movie Maker
2010-03-10 08:08:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 08:08:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-03 13:27:41 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 as6eio;as6eio; C:\WINDOWS\System32\drivers\as6eio.sys [1997-12-09 3616]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-07 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-07 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-27 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-29 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-29 25416]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 U3sHlpDr;U3sHlpDr; \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-08-06 139776]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-09-16 91678]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-09-16 71514]
S3 aitv28oo;aitv28oo; C:\WINDOWS\system32\drivers\aitv28oo.sys []
S3 ARCSOFTVIRTUALCAPTURE;ArcSoft Magic-i Driver; C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys [2006-12-07 15104]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\Program Files\CPUID\PC Wizard 2009\pcwiz32.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-27 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-05-22 717320]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-07 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-07 297752]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WSearch;Vyhledávání systému Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
S2 SQLocalMon;Y Soft Local Monitor; C:\WINDOWS\system32\SQLocalM.exe [2008-04-23 1155072]
S3 5BEmyP;5BEmyP; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bIMUQ7;bIMUQ7; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Ezl5j5;Ezl5j5; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 feV5nR;feV5nR; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 i17Cem;i17Cem; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iFlBpS;iFlBpS; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 lrjn0b;lrjn0b; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-12 355584]
S3 V5cHDR;V5cHDR; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S3 WMConnectCDS;Služba Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 YSks4m;YSks4m; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe [2009-06-23 22016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fe42f93-bb2f-11db-afd9-000802bc3e8c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e743fb-c97b-11dc-b0a2-000802bc3e8c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7339dc8-8128-11dc-b0c4-000802bc3e8c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b102811e-8b50-11db-afa4-000802bc3e8c}]

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

Něco se mi podařilo vytvořit, snad je to dobře a ještě jednou díky za pomoc.

ComboFix 10-03-23.04 - Horejš 24.03.2010 13:20:08.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.128 [GMT 1:00]
Spuštěný z: c:\documents and settings\Horejš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Horejš\Plocha\CFScript.txt
AV: AVG Internet Security Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\dxsetup.exe
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-24 07:13 . 2010-03-24 07:13 -------- d-----w- c:\program files\trend micro
2010-03-24 07:12 . 2010-03-24 07:13 -------- d-----w- C:\rsit
2010-03-24 06:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 06:33 . 2010-03-24 06:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 06:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 10:09 . 2010-03-17 10:10 -------- d-----w- C:\Školní vzdělávací program
2010-03-15 06:38 . 2010-03-15 06:38 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-10 06:22 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-24 09:07 . 2010-02-24 09:07 -------- d-----w- c:\program files\SomePDF
2010-02-24 07:04 . 2010-02-24 07:05 -------- d-----w- c:\program files\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 12:09 . 2007-12-19 10:19 -------- d-----w- c:\program files\GoQ - NetRadio
2010-03-24 11:59 . 2006-09-22 10:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-22 10:41 . 2003-04-16 12:00 483098 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 10:41 . 2003-04-16 12:00 104506 ----a-w- c:\windows\system32\perfc005.dat
2010-03-22 06:21 . 2008-02-06 07:00 -------- d-----w- c:\program files\OKsoftware
2010-03-15 06:39 . 2008-10-22 07:41 -------- d-----w- c:\program files\Common Files\Real
2010-03-15 06:38 . 2009-10-15 07:03 -------- d-----w- c:\program files\real
2010-03-15 06:34 . 2006-09-12 05:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-15 06:34 . 2006-09-12 05:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-16 12:16 . 2010-02-16 12:16 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-01-25 07:53 . 2005-07-12 09:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 09:58 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2008-12-17 09:01 . 2008-12-17 09:00 24 --sh--w- c:\windows\SCA1319AB.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SmartRAM"="c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Horejç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NetRadio.lnk - c:\program files\GoQ - NetRadio\NetRadio.exe [2007-12-19 364544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 05:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 10:32 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 3\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5800:TCP"= 5800:TCP:5800TCP
"5900:TCP"= 5900:TCP:5900TCP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"13057:TCP"= 13057:TCP:BitComet 13057 TCP
"13057:UDP"= 13057:UDP:BitComet 13057 UDP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.5.2009 7:00 12552]
R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [2.7.2007 12:41 3616]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.5.2009 7:00 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.5.2009 7:00 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12.11.2008 13:17 717320]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27.5.2009 6:59 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27.5.2009 6:59 297752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2007 10:58 721904]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 SQLocalMon;Y Soft Local Monitor;c:\windows\system32\SQLocalM.exe [17.9.2008 6:48 1155072]
S3 5BEmyP;5BEmyP;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 bIMUQ7;bIMUQ7;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 Ezl5j5;Ezl5j5;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 feV5nR;feV5nR;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 i17Cem;i17Cem;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 iFlBpS;iFlBpS;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 lrjn0b;lrjn0b;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 V5cHDR;V5cHDR;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]
S3 YSks4m;YSks4m;c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-2025429265-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-2025429265-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {146E65AD-EE4B-49E5-93AC-704E7D890948} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Horejš\Data aplikací\Mozilla\Firefox\Profiles\ibllt3qu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (ÄŚesky)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 13:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-03-24 13:34:47
ComboFix-quarantined-files.txt 2010-03-24 12:34

Před spuštěním: 8 408 440 832
Po spuštění: 8 498 606 080

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7DD10E026E5439E0BBF00A60FAB1ED07

su este nejake problemy

Zkusím to projet antivirákem a uvidím. Pokud bude nějaký problém, tak se ještě ozvu a díky moc za perfektní pomoc.

za malo

Jsem tu znovu, projel jsem PC Antivirákem a opět mi ukázal nějaké smetí, tak jsem to zkopíroval a tady to je, nevím co s tím a tak prosím o radu. Je to prakticky to co se mi tam objevovalo. Když to odstraním, naskočí tam opět s jiným názvem ....

"C:\WINDOWS\System32\Drivers\aj6yqysa.SYS";"Skrytý ovladač";"Objekt je skrytý"

to bude skor nejaky vymysel AVG

pre klud svedomia prescanuj PC s AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

prosím o radu, AVPTool za pět hodin ukazuje pouze 1%, zdá se mi to nějak pomalé. Lze to ověřit i jiným způsobem ? Díky.

to iste vykona aj CureIT - uplna kontrola

VIRY.CZ

Prosím o kontrolu logu objevil se mi rootkit

Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit

Re: Prosím o kontrolu logu objevil se mi rootkit