VIRY.CZ

Mam problem s autorun virusom - vytvara my USBManager.exe na kluci.

Bezim na Viste 64-bit.
Po spusteni RSIT dostavam tento error pri "Preforming Registry Dump":

Line -1:
Error: Subscript used with non-Array variable.

Tu je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daniel at 2010-03-24 14:37:46
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 12 GB (14%) free of 82 GB
Total RAM: 4094 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:48, on 24. 3. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Ovi Files\Ovi Files_agent.exe
C:\Program Files (x86)\Compal\Wireless Select Switch\WLSS.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\Daniel\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files (x86)\iRotate\iRotate.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Daniel\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Daniel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O3 - Toolbar: (no name) - {2969BC53-0B3D-4043-9C3C-ED7D3945C23D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [WLSS] "C:\Program Files (x86)\Compal\Wireless Select Switch\WLSS.exe"
O4 - HKLM\..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WinUpdate] C:\Users\Daniel\AppData\Local\Windows Update\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: iRotate.lnk = C:\Program Files (x86)\iRotate\iRotate.exe
O4 - Startup: Lutloader.lnk = ?
O4 - Startup: Miranda IM.lnk = C:\Program Files (x86)\Miranda IM\miranda32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Ovi Files Connector.lnk = C:\Program Files (x86)\Ovi Files\Ovi Files_agent.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O4 - Global Startup: UltraMon.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CCProxy - Unknown owner - C:\Program Files (x86)\CCProxy\CCProxy.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Input Service (InputService) - and-81 - C:\Program Files (x86)\IR Server Suite\Input Service\Input Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16630 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237622181-615154110-2202603100-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237622181-615154110-2202603100-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~2\PCTRAN~1\webie.dll [2004-05-13 319488]
{2969BC53-0B3D-4043-9C3C-ED7D3945C23D}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WLSS"=C:\Program Files (x86)\Compal\Wireless Select Switch\WLSS.exe [2007-04-23 190000]
"SMBTray"=C:\Program Files\Compal\Smart Battery\SMBTray.exe [2007-06-04 683056]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192]
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2007-10-19 286720]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-06-26 25604904]
"Google Update"=C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
"Dexpot"=C:\Program Files (x86)\Dexpot\dexpot.exe [2009-11-23 1277952]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-02-14 486856]
"WinUpdate"=C:\Users\Daniel\AppData\Local\Windows Update\svchost.exe [2009-04-01 33792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Ovi Files Connector.lnk - C:\Program Files (x86)\Ovi Files\Ovi Files_agent.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
UltraMon.lnk - C:\Windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Je to ozaj take zle s tymi keygenmi? Alebo si ich mozem nechat?

LOG:

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3909
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

24. 3. 2010 21:01:40
mbam-log-2010-03-24 (21-01-18).txt

Typ kontroly: Úplná (C:\|D:\|E:\|)
Objektov kontrolovaných: 677173
Uplynutý cas: 2 hour(s), 17 minute(s), 21 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 8

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate (Trojan.Agent) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\keygen.exe (hacktool.Gen) -> No action taken.
E:\Install\Graphic\Google SketchUp Pro\keygen.exe (Trojan.Agent.CK) -> No action taken.
E:\Install\Graphic\Illustrator CS4\Adobe Illustrator CS4\Adobe Illustrator CS4 [FIX - KEYGEN]\FINALKEY\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> No action taken.
E:\Install\Media\players\Blaze HDTV Player 3.5\blazevideo.hdtv.player.3.5-nope.exe (Trojan.Downloader) -> No action taken.
E:\Install\Media\players\Blaze HDTV Player 3.5\Crack\blazevideo.hdtv.player.3.5-nope.exe (Trojan.Downloader) -> No action taken.
E:\Install\Net\Google Earth Plus 5.0\MPT\activator.exe (Trojan.Agent) -> No action taken.
E:\Install\Other\Nero Ultra Editon v8.3.2.1\keygen.exe (Trojan.Agent) -> No action taken.
E:\Install\Utilities\TuneUp Utilities 2009 v8.0.3100.31 - (Malestrom)\Keygen\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> No action taken.

Vše smažte. S cracky nebo keygeny chodí další šmejdy, které mohou způsobit problémy. Kromě toho použití takových úprav softwaru je protizákonné.

Zmazem, aj tento thrad pre istotu potom asi ak to pojde. Inac to, ze mam tan crack to neznamena ze som ho pouzil...
Zmazanie tych crackov - to ma pomoct s mojim USBManager.exe problemom?

To ne. MBAM nepomohl. Budete ještě muset provést sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

Dolezita vec: Mam nainstalovany Eset Smart Security - nebude sa to bit s AVPTool? (Mam take skusenosti, ze aspon vo Win XP mi komplet PC zamrzol pri starte, ak som mal 2* antivir)

Neměl by, je to jen skener. Klidně ale můžete po dobu skenování vypnout rez. štít Esetu.

Takze som spustil Kaspersky Removal TOOL 2010. Som zaskrtol nech preskenuje vsetko a nech to urobi "prisne" teda deep scan ci nieco take.

Este nez to tu pastnem, zdroj nakazi je pravdepodobne
Trojan-Dropper.Win32.Agent.btyq E:\Install\Media\players\winamp plug-ins\TrayIconSetup_v2.8_Beta!.exe
, nakolko ostatne veci hoci hlasi, ale nebolo uz davnejsie nic z toho nejako prejavene (je to proste na PC uz dlzsie). ten winamp plugin je najnovzsi a si myslim ze z toho pravdepodobne pochadza nakaza.
Takze sken zbehol nakoniec nejako, a tu su vysledky:

Autoscan: running (events: 89, objects: 2965551, time: Unknown)
26. 3. 2010 14:08:45 Task started
26. 3. 2010 14:21:33 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@gmail.com (1)-0000000b.pst Read error
26. 3. 2010 14:21:33 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\archive.pst Read error
26. 3. 2010 14:21:33 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst Read error
26. 3. 2010 14:21:33 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldanielson84@ynet.sk (1)-00000010.pst Read error
26. 3. 2010 14:21:34 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outlook.pst Read error
26. 3. 2010 14:21:35 Processing error C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outlxpribula@is.stuba.sk (1)-00000012.pst Read error
26. 3. 2010 14:58:25 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe
26. 3. 2010 14:58:25 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe Postponed
26. 3. 2010 15:03:13 Detected: http://www.viruslist.com/en/advisories/38551 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\AcroForm.api
26. 3. 2010 15:09:38 Detected: http://www.viruslist.com/en/advisories/25023 C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\Plug-ins\Format\BMP.8bi
26. 3. 2010 15:15:38 Detected: http://www.viruslist.com/en/advisories/35948 C:\Program Files (x86)\Adobe\Adobe Device Central CS4\Required\Opera\program\plugins\NPSWF32.dll
26. 3. 2010 15:51:37 Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files (x86)\Common Files\microsoft shared\Office10\MSO.DLL
26. 3. 2010 15:51:43 Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSO.DLL
26. 3. 2010 15:55:38 Detected: http://www.viruslist.com/en/advisories/29760 C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
26. 3. 2010 15:57:00 Detected: http://www.viruslist.com/en/advisories/38187 C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
26. 3. 2010 16:00:34 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe
26. 3. 2010 16:00:35 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe Postponed
26. 3. 2010 16:03:53 Detected: http://www.viruslist.com/en/advisories/37231 C:\Program Files (x86)\Java\jre1.6.0_05\bin\java.exe
26. 3. 2010 16:04:12 Detected: http://www.viruslist.com/en/advisories/37231 C:\Program Files (x86)\Java\jre1.6.0_07\bin\java.exe
26. 3. 2010 16:17:46 Detected: http://www.viruslist.com/en/advisories/38547 C:\Program Files (x86)\Opera\program\plugins\NPSWF32.dll
26. 3. 2010 16:18:14 Detected: http://www.viruslist.com/en/advisories/38435 C:\Program Files (x86)\Picasa2\Picasa3.exe
26. 3. 2010 16:25:50 Detected: http://www.viruslist.com/en/advisories/37495 C:\Program Files (x86)\Winamp\winamp.exe
26. 3. 2010 16:27:48 Detected: http://www.viruslist.com/en/advisories/29407 C:\Program Files (x86)\WinRAR\Rarlng.dll
26. 3. 2010 16:45:44 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@gmail.com (1)-0000000b.pst Read error
26. 3. 2010 16:45:44 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\archive.pst Read error
26. 3. 2010 16:45:44 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outldanielson84@ynet.sk (1)-00000010.pst Read error
26. 3. 2010 16:45:44 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst Read error
26. 3. 2010 16:45:45 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outlook.pst Read error
26. 3. 2010 16:45:45 Processing error C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outlxpribula@is.stuba.sk (1)-00000012.pst Read error
26. 3. 2010 17:41:35 Detected: http://www.viruslist.com/en/advisories/38547 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
26. 3. 2010 19:33:08 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner-archinet.exe
26. 3. 2010 19:33:09 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner.exe
26. 3. 2010 19:33:13 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\OLD\remix-banner.exe
26. 3. 2010 19:33:53 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- ŠKOLA -\Foto EXPO 2007\Untitled-1.exe
26. 3. 2010 20:06:55 Detected: http://www.viruslist.com/en/advisories/38547 E:\Archív\2008 ZIMA\Urbanistická kompozícia II\prezentacia.exe
26. 3. 2010 20:39:22 Detected: Trojan.Win32.Agent.xjc E:\Install\Graphic\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker.rar/Acrobat Pro 9.0.exe/5871.exe/PE_Patch.UPX/UPX
26. 3. 2010 20:39:22 Untreated: Trojan.Win32.Agent.xjc E:\Install\Graphic\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker.rar/Acrobat Pro 9.0.exe/5871.exe/PE_Patch.UPX/UPX Postponed
26. 3. 2010 20:55:47 Detected: http://www.viruslist.com/en/advisories/31744 E:\Install\Graphic\Autodesk AutoCAD 2008 x64\support\VBA\pFiles\Common\MSShared\Office10\mso.dll
26. 3. 2010 21:20:42 Detected: Trojan-Dropper.Win32.Agent.btyq E:\Install\Media\players\winamp plug-ins\TrayIconSetup_v2.8_Beta!.exe
26. 3. 2010 21:20:42 Untreated: Trojan-Dropper.Win32.Agent.btyq E:\Install\Media\players\winamp plug-ins\TrayIconSetup_v2.8_Beta!.exe Postponed
26. 3. 2010 21:21:57 Detected: Trojan.Win32.Small.bqt E:\Install\Net\ccproxysetup.exe/data0024
26. 3. 2010 21:21:57 Untreated: Trojan.Win32.Small.bqt E:\Install\Net\ccproxysetup.exe/data0024 Postponed
26. 3. 2010 23:39:10 Detected: http://www.viruslist.com/en/advisories/37495 C:\Program Files (x86)\Winamp\winamp.exe
27. 3. 2010 9:33:46 Task stopped
27. 3. 2010 9:33:58 Task started
27. 3. 2010 9:46:15 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner.exe
27. 3. 2010 9:46:15 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner-archinet.exe
27. 3. 2010 9:46:17 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\OLD\remix-banner.exe
27. 3. 2010 9:46:56 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- ŠKOLA -\Foto EXPO 2007\Untitled-1.exe
27. 3. 2010 9:55:05 Detected: http://www.viruslist.com/en/advisories/37495 C:\Program Files (x86)\Winamp\winamp.exe
27. 3. 2010 10:12:26 Detected: Exploit.HTML.Iframe.FileDownload C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:mon.s@post.sk][Subject:[virus Win32/Netsky.Q worm] Mail Delivery (failure daniel.pribula@zoznam.sk)][Time:2008/11/07 10:53:53]/RichBody//Html2Rtf
27. 3. 2010 10:12:26 Untreated: Exploit.HTML.Iframe.FileDownload C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:mon.s@post.sk][Subject:[virus Win32/Netsky.Q worm] Mail Delivery (failure daniel.pribula@zoznam.sk)][Time:2008/11/07 10:53:53]/RichBody//Html2Rtf Postponed
27. 3. 2010 10:12:31 Detected: Exploit.HTML.Iframe.FileDownload C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:mon.s@post.sk][Subject:[virus Win32/Netsky.Q worm] Mail Delivery (failure daniel.pribula@zoznam.sk)][Time:2008/11/07 10:53:53]/HTMLBody
27. 3. 2010 10:12:31 Untreated: Exploit.HTML.Iframe.FileDownload C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:mon.s@post.sk][Subject:[virus Win32/Netsky.Q worm] Mail Delivery (failure daniel.pribula@zoznam.sk)][Time:2008/11/07 10:53:53]/HTMLBody Postponed
27. 3. 2010 10:13:38 Detected: Trojan.Win32.Pakes.nzq C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:Facebook Services][Subject:[SPAM] Facebook Password Reset Confirmation! Customer Support.][Time:2010/03/17 12:41:31]/Facebook_password_346.zip/Facebook_password_346.exe
27. 3. 2010 10:13:38 Untreated: Trojan.Win32.Pakes.nzq C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:Facebook Services][Subject:[SPAM] Facebook Password Reset Confirmation! Customer Support.][Time:2010/03/17 12:41:31]/Facebook_password_346.zip/Facebook_password_346.exe Postponed
27. 3. 2010 10:56:04 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe
27. 3. 2010 10:56:04 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe Postponed
27. 3. 2010 11:02:15 Detected: http://www.viruslist.com/en/advisories/38551 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\AcroForm.api
27. 3. 2010 11:09:30 Detected: http://www.viruslist.com/en/advisories/25023 C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\Plug-ins\Format\BMP.8bi
27. 3. 2010 12:07:37 Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files (x86)\Common Files\microsoft shared\Office10\MSO.DLL
27. 3. 2010 12:07:38 Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSO.DLL
27. 3. 2010 12:11:50 Detected: http://www.viruslist.com/en/advisories/29760 C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
27. 3. 2010 12:13:25 Detected: http://www.viruslist.com/en/advisories/38187 C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
27. 3. 2010 12:18:55 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe
27. 3. 2010 12:18:55 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe Postponed
27. 3. 2010 12:24:07 Detected: http://www.viruslist.com/en/advisories/37231 C:\Program Files (x86)\Java\jre1.6.0_05\bin\java.exe
27. 3. 2010 12:24:30 Detected: http://www.viruslist.com/en/advisories/37231 C:\Program Files (x86)\Java\jre1.6.0_07\bin\java.exe
27. 3. 2010 12:48:48 Detected: http://www.viruslist.com/en/advisories/38547 C:\Program Files (x86)\Opera\program\plugins\NPSWF32.dll
27. 3. 2010 12:49:17 Detected: http://www.viruslist.com/en/advisories/38435 C:\Program Files (x86)\Picasa2\Picasa3.exe
27. 3. 2010 12:58:43 Detected: http://www.viruslist.com/en/advisories/37495 C:\Program Files (x86)\Winamp\winamp.exe
27. 3. 2010 13:01:28 Detected: http://www.viruslist.com/en/advisories/29407 C:\Program Files (x86)\WinRAR\Rarlng.dll
27. 3. 2010 13:40:02 Detected: Trojan.Win32.Pakes.nzq C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:Facebook Services][Subject:Message is infected : [SPAM] Facebook Password Reset Confirmation! Customer Support.][Time:2010/03/17 12:41:31]/Facebook_password_346.zip/Facebook_password_346.exe
27. 3. 2010 13:40:02 Untreated: Trojan.Win32.Pakes.nzq C:\Users\Daniel\AppData\Local\Microsoft\Outlook\Outldaniel.pribula@zoznam.sk-00000002.pst/daniel.pribula@zoznam.sk\Najvyššia úroveň osobných priečinkov\Doručená pošta\[From:Facebook Services][Subject:Message is infected : [SPAM] Facebook Password Reset Confirmation! Customer Support.][Time:2010/03/17 12:41:31]/Facebook_password_346.zip/Facebook_password_346.exe Postponed
27. 3. 2010 14:54:26 Detected: http://www.viruslist.com/en/advisories/38547 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
27. 3. 2010 16:32:37 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner.exe
27. 3. 2010 16:32:37 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner-archinet.exe
27. 3. 2010 16:32:38 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\OLD\remix-banner.exe
27. 3. 2010 16:33:14 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- ŠKOLA -\Foto EXPO 2007\Untitled-1.exe
27. 3. 2010 16:47:49 Detected: http://www.viruslist.com/en/advisories/38547 E:\Archív\2008 ZIMA\Urbanistická kompozícia II\prezentacia.exe
27. 3. 2010 16:55:43 Detected: Trojan.Win32.Agent.xjc E:\Install\Graphic\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker.rar/Acrobat Pro 9.0.exe/5871.exe/PE_Patch.UPX/UPX
27. 3. 2010 16:55:43 Untreated: Trojan.Win32.Agent.xjc E:\Install\Graphic\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker.rar/Acrobat Pro 9.0.exe/5871.exe/PE_Patch.UPX/UPX Postponed
27. 3. 2010 17:02:04 Detected: http://www.viruslist.com/en/advisories/31744 E:\Install\Graphic\Autodesk AutoCAD 2008 x64\support\VBA\pFiles\Common\MSShared\Office10\mso.dll
27. 3. 2010 17:03:02 Detected: Trojan-Dropper.Win32.Agent.btyq E:\Install\Media\players\winamp plug-ins\TrayIconSetup_v2.8_Beta!.exe
27. 3. 2010 17:03:02 Untreated: Trojan-Dropper.Win32.Agent.btyq E:\Install\Media\players\winamp plug-ins\TrayIconSetup_v2.8_Beta!.exe Postponed
27. 3. 2010 17:03:09 Detected: Trojan.Win32.Small.bqt E:\Install\Net\ccproxysetup.exe/data0024
27. 3. 2010 17:03:09 Untreated: Trojan.Win32.Small.bqt E:\Install\Net\ccproxysetup.exe/data0024 Postponed
27. 3. 2010 18:08:49 Detected: Trojan.Win32.Agent.xjc E:\Install\Graphic\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker\Adobe Acrobat Professional 2009 Extended 9.0 & Keymaker.rar/Acrobat Pro 9.0.exe/5871.exe/PE_Patch.UPX/UPX

AVP smazal, co mohl. Nastala nějaká změna?

No dal som mu nech sa ma spyta na koniec a mazanie ma este len caka. Nechcem zmazat to vsetko co chce. Su tam aj veci ktore by nemali byt zle, napriklad
Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe

Nepojde zmazat len nieco?
Respektive, co mam pomazat nevyhnutne?

OK, cistim to uz. Odinstaloval som ten iconpack, ale virus je este stale je v systeme (vytvara USBManager.exe na kluci stale)
Pastnem este raz novy log zajtra.

Smažte v každém případě keymakery, cracky apodobné věci. Soubory od legitimních aplikací, které AVP označil před smazáním ještě otestujte online na www.virustotal.com.

V podstate vsetko nebezpecne som dal prec, okrem Archicad uninstall - nerozumiem ako moze to byt trojan... (Rar som uz odstranil tiez, a napr veci ako sketchup pro... to som nechal tak)

Toto tam este mam (a virus sa stale prejavuje - kopirovanie USBManager.exe naUSB):

28. 3. 2010 16:27:55 Detected: http://www.viruslist.com/en/advisories/38551 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\AcroForm.api
28. 3. 2010 16:31:08 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe
28. 3. 2010 16:31:08 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files\Graphisoft\ArchiCAD 13\Uninstall.AC\archive.jar/49c1c6481df833602631213dff72b8d4/win32ppk/LauncherMain.exe Postponed
28. 3. 2010 16:31:14 Detected: http://www.viruslist.com/en/advisories/25023 C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\Plug-ins\Format\BMP.8bi
28. 3. 2010 16:58:29 Detected: http://www.viruslist.com/en/advisories/31744 C:\Program Files (x86)\Common Files\microsoft shared\Office10\MSO.DLL
28. 3. 2010 17:01:09 Detected: http://www.viruslist.com/en/advisories/38187 C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
28. 3. 2010 17:04:26 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe
28. 3. 2010 17:04:26 Untreated: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe Postponed
28. 3. 2010 17:29:33 Detected: http://www.viruslist.com/en/advisories/29407 C:\Program Files (x86)\WinRAR\Rarlng.dll
28. 3. 2010 20:14:52 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner.exe
28. 3. 2010 20:14:53 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\remix workshop banner-archinet.exe
28. 3. 2010 20:14:54 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- WEB -\REMIX\@BANNER\OLD\remix-banner.exe
28. 3. 2010 20:15:30 Detected: http://www.viruslist.com/en/advisories/38547 D:\Documents\@Work\- ŠKOLA -\Foto EXPO 2007\Untitled-1.exe
28. 3. 2010 20:29:11 Detected: http://www.viruslist.com/en/advisories/38547 E:\Archív\2008 ZIMA\Urbanistická kompozícia II\prezentacia.exe
28. 3. 2010 20:41:12 Detected: http://www.viruslist.com/en/advisories/31744 E:\Install\Graphic\Autodesk AutoCAD 2008 x64\support\VBA\pFiles\Common\MSShared\Office10\mso.dll
28. 3. 2010 21:49:56 Detected: Trojan-Downloader.Win32.Agent.dfgv C:\Program Files (x86)\Graphisoft\ArchiCAD 12\Uninstall.AC\archive.jar/74e0c5819afc1240f948d9fc93f0ed71/win32ppk/LauncherMain.exe

Teda este tolko, ze "cervene" su len tie archicad uninstall.