zdravim...mam problem s nejakym virem ktery avast detekoval ale nedari se mu ho smazat....
tady posilam log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by uživatel at 2010-12-13 16:01:12
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (15%) free of 50 GB
Total RAM: 1023 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:46, on 13.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\spool\drivers\Distributed.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\nvsvc32.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [coudef] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\uživatel\mqf.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0uupllh.exe
O4 - Startup: 0vrmm70.exe
O4 - Startup: 2xidtze.exe
O4 - Startup: 2zkpq0m.exe
O4 - Startup: 70dtze3.exe
O4 - Startup: 70xtoo6.exe
O4 - Startup: 9s69e1a.exe
O4 - Startup: a0b0rns8.exe
O4 - Startup: aa6mm70tp.exe
O4 - Startup: avmmhyytkk.exe
O4 - Startup: bxnnjzzvll.exe
O4 - Startup: fl870njz.exe
O4 - Startup: g69so0e3qq.exe
O4 - Startup: hdttpffb.exe
O4 - Startup: o9k1gccxoo.exe
O4 - Startup: ooz83q3ssn.exe
O4 - Startup: u86bc70dzpf.exe
O4 - Startup: zvllhxxt.exe
O4 - Startup: zzvllhxxi3k.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: TMMonitor.lnk = D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DistributedAgentServices - BrainWork - C:\WINDOWS\system32\spool\drivers\Distributed.exe
O23 - Service: Služba Google Update (gupdate1ca3f42ddb1aee2) (gupdate1ca3f42ddb1aee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: ASUSKeyboardService (y6ajoaoakfxs) - Unknown owner - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe (file missing)
--
End of file - 13111 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for uživatel.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-29 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-27 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-27 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-27 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-20 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-03 16116224]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-07 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-10-15 1783808]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-29 185896]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-02-15 111928]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-14 61440]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-23 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-14 61440]
"coudef"=C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe [2010-12-02 461824]
"MSConfig"=C:\Documents and Settings\uživatel\mqf.exe [2010-11-24 18432]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
TMMonitor.lnk - D:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění
0uupllh.exe
0vrmm70.exe
2xidtze.exe
2zkpq0m.exe
70dtze3.exe
70xtoo6.exe
9s69e1a.exe
a0b0rns8.exe
aa6mm70tp.exe
avmmhyytkk.exe
bxnnjzzvll.exe
fl870njz.exe
g69so0e3qq.exe
hdttpffb.exe
o9k1gccxoo.exe
ooz83q3ssn.exe
u86bc70dzpf.exe
zvllhxxt.exe
zzvllhxxi3k.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crhcwhpk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gfwctunh]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kujtfczr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\trtnetbs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xorsbsab]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\crhcwhpk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gfwctunh]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\kujtfczr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\trtnetbs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xorsbsab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\uživatel\Plocha\bulanci.exe"="C:\Documents and Settings\uživatel\Plocha\bulanci.exe:*:Enabled:bulanci"
"D:\Hry\hl.exe"="D:\Hry\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\hltv.exe"="D:\Hry\hltv.exe:*:Disabled:HLTV Launcher"
"D:\cod\iw3mp.exe"="D:\cod\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"D:\MARTIM\koš\hry\bulanci.exe"="D:\MARTIM\koš\hry\bulanci.exe:*:Enabled:bulanci"
"D:\Hry\nfs_undergroun_2\speed2.exe"="D:\Hry\nfs_undergroun_2\speed2.exe:*:Enabled:speed2"
"D:\Hry\Counter-Strike Source\hl2.exe"="D:\Hry\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\MARTIM\koš\dirt2_game.exe"="D:\MARTIM\koš\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"D:\Hry\cod\iw3mp.exe"="D:\Hry\cod\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\vafy.exe"="C:\WINDOWS\system32\vafy.exe:*:Enabled:joorin64"
"C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe"="C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\gefasojys.exe"="C:\WINDOWS\system32\gefasojys.exe:*:Enabled:joorin64"
"C:\WINDOWS\system32\zoonehoum.exe"="C:\WINDOWS\system32\zoonehoum.exe:*:Enabled:joorin64"
"D:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="D:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe"="C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe:*:Disabled:vafy"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"
"C:\Documents and Settings\užvatel\Data aplikací\lsass.exe"="C:\Documents and Settings\užvatel\Data aplikací\lsass.exe:*:Disabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======File associations======
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-13 16:01:12 ----D---- C:\rsit
2010-12-13 16:01:12 ----D---- C:\Program Files\trend micro
2010-12-13 15:53:47 ----A---- C:\WINDOWS\system32\drivers\zcvsxnap.sys
2010-12-05 11:23:12 ----A---- C:\WINDOWS\system32\drivers\vtwmfzao.sys
2010-11-28 12:37:25 ----A---- C:\WINDOWS\system32\drivers\kujtfczr.sys
2010-11-26 04:29:47 ----A---- C:\pen.exe
2010-11-26 04:25:09 ----N---- C:\kmedia.exe
2010-11-26 02:20:50 ----N---- C:\bejewled.exe
2010-11-25 19:21:59 ----A---- C:\psp.exe
2010-11-25 18:05:22 ----A---- C:\WINDOWS\system32\drivers\ipnrnerj.sys
2010-11-25 17:43:38 ----A---- C:\WINDOWS\system32\drivers\hkqzsabn.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-11-25 17:09:41 ----A---- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys
2010-11-25 17:09:31 ----D---- C:\Program Files\NewSoft
2010-11-25 17:09:31 ----A---- C:\WINDOWS\system32\RTKFMSOURCE.dll
2010-11-25 16:56:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-11-25 16:52:31 ----A---- C:\WINDOWS\system32\unicows.dll
2010-11-24 20:07:53 ----D---- C:\Program Files\Common Files\ArcSoft
2010-11-21 23:10:23 ----RA---- C:\Documents and Settings\uživatel\Data aplikací\BG0Ai.txt
2010-11-21 23:09:11 ----RSH---- C:\Documents and Settings\uživatel\Data aplikací\juzjf.exe
2010-11-21 23:09:10 ----A---- C:\HDTV.exe
2010-11-17 12:20:14 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-11-17 12:20:04 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-11-17 12:19:53 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-11-17 12:19:43 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-11-17 12:19:42 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-11-14 21:49:47 ----A---- C:\t6.exe
2010-11-14 09:41:10 ----RSH---- C:\WINDOWS\nvsvc32.exe
======List of files/folders modified in the last 1 months======
2010-12-13 16:01:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-13 16:01:12 ----RD---- C:\Program Files
2010-12-13 15:54:58 ----AD---- C:\WINDOWS\Temp
2010-12-13 15:53:47 ----D---- C:\WINDOWS\system32\drivers
2010-12-13 15:53:37 ----D---- C:\Program Files\Crawler
2010-12-13 15:52:59 ----D---- C:\Program Files\Mozilla Firefox
2010-12-13 15:52:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 22:56:01 ----D---- C:\Program Files\Spyware Terminator
2010-12-08 16:13:36 ----D---- C:\Program Files\TrackMania Nations ESWC
2010-12-06 19:25:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-12-06 05:43:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-12-06 00:00:28 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Spyware Terminator
2010-12-05 15:05:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-03 18:58:46 ----D---- C:\Documents and Settings\uživatel\Data aplikací\dvdcss
2010-12-02 16:27:47 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-11-30 17:03:54 ----SHD---- C:\WINDOWS\Installer
2010-11-30 00:16:28 ----D---- C:\WINDOWS\Prefetch
2010-11-28 16:04:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-26 18:19:29 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ICQ
2010-11-26 18:19:05 ----D---- C:\Program Files\ICQ7.0
2010-11-26 17:08:52 ----RSHD---- C:\RECYCLER
2010-11-26 17:00:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 15:04:59 ----D---- C:\WINDOWS
2010-11-26 15:04:13 ----D---- C:\WINDOWS\system32
2010-11-25 17:12:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-25 17:11:27 ----HD---- C:\WINDOWS\inf
2010-11-25 16:56:33 ----D---- C:\Documents and Settings\uživatel\Data aplikací\ArcSoft
2010-11-24 20:07:53 ----D---- C:\Program Files\Common Files
2010-11-24 19:54:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-20 13:01:21 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-11-17 12:20:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-03 717296]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 9216]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-02-03 4474368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 kujtfczr;kujtfczr; C:\WINDOWS\system32\drivers\kujtfczr.sys [2010-11-28 82944]
S3 aewhqeml;aewhqeml; C:\WINDOWS\system32\drivers\aewhqeml.sys []
S3 anlhltyi;anlhltyi; \??\C:\WINDOWS\System32\Drivers\anlhltyi.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmqklrsk;cmqklrsk; \??\C:\WINDOWS\System32\Drivers\cmqklrsk.sys []
S3 dlckeors;dlckeors; \??\C:\WINDOWS\System32\Drivers\dlckeors.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ecbzrioj;ecbzrioj; \??\C:\WINDOWS\System32\Drivers\ecbzrioj.sys []
S3 eeibohyo;eeibohyo; \??\C:\WINDOWS\System32\Drivers\eeibohyo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fpndnmck;fpndnmck; \??\C:\WINDOWS\System32\Drivers\fpndnmck.sys []
S3 gewtffud;gewtffud; \??\C:\WINDOWS\System32\Drivers\gewtffud.sys []
S3 gtmihavu;gtmihavu; \??\C:\WINDOWS\System32\Drivers\gtmihavu.sys []
S3 gvfnzodb;gvfnzodb; \??\C:\WINDOWS\System32\Drivers\gvfnzodb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 iuzjcxli;iuzjcxli; \??\C:\WINDOWS\System32\Drivers\iuzjcxli.sys []
S3 jdiotjfh;jdiotjfh; \??\C:\WINDOWS\System32\Drivers\jdiotjfh.sys []
S3 kvxqhzyc;kvxqhzyc; \??\C:\WINDOWS\System32\Drivers\kvxqhzyc.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nzfrikij;nzfrikij; \??\C:\WINDOWS\System32\Drivers\nzfrikij.sys []
S3 nzqvahpo;nzqvahpo; \??\C:\WINDOWS\System32\Drivers\nzqvahpo.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
S3 sdbiemqa;sdbiemqa; \??\C:\WINDOWS\System32\Drivers\sdbiemqa.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tvjjdavm;tvjjdavm; \??\C:\WINDOWS\System32\Drivers\tvjjdavm.sys []
S3 ughwdinq;ughwdinq; \??\C:\WINDOWS\System32\Drivers\ughwdinq.sys []
S3 ujoorlbo;ujoorlbo; \??\C:\WINDOWS\System32\Drivers\ujoorlbo.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vtwmfzao;vtwmfzao; \??\C:\WINDOWS\System32\Drivers\vtwmfzao.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 wzndoylh;wzndoylh; \??\C:\WINDOWS\System32\Drivers\wzndoylh.sys []
S3 xjwlnzku;xjwlnzku; \??\C:\WINDOWS\System32\Drivers\xjwlnzku.sys []
S3 yqqolonw;yqqolonw; \??\C:\WINDOWS\System32\Drivers\yqqolonw.sys []
S3 zvykjxdv;zvykjxdv; \??\C:\WINDOWS\System32\Drivers\zvykjxdv.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 DistributedAgentServices;DistributedAgentServices; C:\WINDOWS\system32\spool\drivers\Distributed.exe [2010-12-04 117732]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-14 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-07 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-15 570880]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S2 gupdate1ca3f42ddb1aee2;Služba Google Update (gupdate1ca3f42ddb1aee2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
S2 y6ajoaoakfxs;ASUSKeyboardService; C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-05 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
diky za pomoc
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
nakazene PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: nakazene PC
Zdravim a pekny den preji 
Vypnu Vam rezindetni stit u Spyware Terminatora, at neni v kolizi s Avastem = ST tak budeme mit pouze na obcasny rucni sken
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
Tam teda te haveti je 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnu Vam rezindetni stit u Spyware Terminatora, at neni v kolizi s Avastem = ST tak budeme mit pouze na obcasny rucni sken Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
services.msc- Kliknete na OK
- Najdete sluzby nize
- Služba Google Update
Google Software Updater
Nero BackItUp Scheduler 3
Nero BackItUp Scheduler 4.0
Spyware Terminator Realtime Shield Service - U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK
Tam teda te haveti je Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: nakazene PC
zdravim a omlouvam se za zpozdeni se kterym reaguji na vasi pomoc (byl sem par dni mimo)....
zde vkladam log z combofixu a doufam ze se jeste najde pro me nejaka rada....dekuji...
ComboFix 10-12-21.03 - uživatel 22.12.2010 10:00:56.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.631 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\uživatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\quukou.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
c:\documents and settings\užvatel\Data aplikací\lsass.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\dovogig.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\vafy.exe
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\jllrtrmc.sys
c:\windows\System32\Drivers\vtwmfzao.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_jllrtrmc
-------\Service_jllrtrmc
-------\Service_vtwmfzao
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-22 do 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- C:\rsit
2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- c:\program files\trend micro
2010-11-28 11:37 . 2010-11-28 11:37 82944 ----a-w- c:\windows\system32\drivers\kujtfczr.sys
2010-11-27 08:35 . 2010-11-27 08:35 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GRETECH
2010-11-26 16:59 . 2010-11-26 16:59 -------- d-----w- c:\documents and settings\užvatel\Local Settings\Data aplikací\ArcSoft
2010-11-26 03:29 . 2010-11-26 03:29 184951 ----a-w- C:\pen.exe
2010-11-26 03:25 . 2010-11-26 03:25 194560 ------w- C:\kmedia.exe
2010-11-26 01:20 . 2010-11-26 01:42 194560 ------w- C:\bejewled.exe
2010-11-25 18:21 . 2010-11-26 03:27 184951 ----a-w- C:\psp.exe
2010-11-25 17:05 . 2010-11-25 17:05 0 ----a-w- c:\windows\system32\drivers\ipnrnerj.sys
2010-11-25 16:43 . 2010-11-25 16:43 0 ----a-w- c:\windows\system32\drivers\hkqzsabn.sys
2010-11-25 16:09 . 2009-07-13 14:46 37280 ----a-w- c:\windows\system32\drivers\RTL2832U_IRHID.sys
2010-11-25 16:09 . 2009-07-06 16:37 32800 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-11-25 16:09 . 2009-07-06 16:36 91168 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\program files\NewSoft
2010-11-25 16:09 . 2009-04-02 13:22 127085 ----a-w- c:\windows\system32\RTKFMSOURCE.dll
2010-11-25 15:56 . 2010-11-25 15:56 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ArcSoft
2010-11-25 15:56 . 2010-11-26 16:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ArcSoft
2010-11-25 15:52 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-11-24 19:07 . 2010-11-25 15:55 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-11-24 18:33 . 2010-11-24 18:33 18432 ---ha-w- c:\documents and settings\uživatel\mqf.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 18:26 . 2008-06-26 12:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 18:25 . 2008-06-26 12:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-30 16:02 . 2010-11-21 21:34 97792 --sh--r- c:\documents and settings\užvatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 --sh--r- c:\documents and settings\uživatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 ----a-w- C:\HDTV.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-03 14:00 . 2010-11-03 06:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-03 14:00 . 2010-11-03 06:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-14 19:05 . 2010-10-14 19:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-14 19:05 . 2010-10-14 19:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-02-15 111928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\u§vatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0tjjpq6.exe [2010-11-30 50688]
1a2hcco.exe [2010-12-4 42496]
1okkflh.exe [2010-12-1 50688]
1yjkflg.exe [2010-11-28 50688]
3o6v6wc.exe [2010-11-27 50688]
5r5nde0.exe [2010-11-21 43008]
6d19u1q.exe [2010-11-25 50688]
6d8p58x.exe [2010-11-25 42496]
6iiuupv.exe [2010-11-25 50688]
6s81pkv.exe [2010-11-28 50688]
6wrms5t.exe [2010-11-22 43008]
70y6kk1.exe [2010-12-1 42496]
9ejfvvr.exe [2010-12-2 50688]
9y2p3wh.exe [2010-11-29 50688]
bssneezqqlc.exe [2010-11-22 43008]
c1yzzvlr.exe [2010-11-30 42496]
cc6ejfaqg.exe [2010-11-25 50688]
cnnjzpplbb.exe [2010-12-1 50688]
cxytz60gbs.exe [2010-11-28 50688]
djzkg0h1so.exe [2010-11-27 50688]
epak769xtt.exe [2010-11-29 50688]
fggbsidopp.exe [2010-11-30 42496]
fvvrhhs3.exe [2010-12-2 42496]
hsoojffgw6.exe [2010-11-27 42496]
hyytkkfl.exe [2010-12-1 50688]
i9j60llwhi.exe [2010-11-30 50688]
ju3wccxooj.exe [2010-11-26 50688]
lr5nde0u3.exe [2010-11-21 43008]
m6yy6kk6.exe [2010-11-22 43008]
miidzppggr.exe [2010-11-27 42496]
mmhyytkkfw.exe [2010-11-22 43008]
n1o21a9cc.exe [2010-11-29 50688]
nt66k6lm.exe [2010-11-28 42496]
oju3wccxooj.exe [2010-11-26 50688]
okffwccxoo.exe [2010-11-26 50688]
okkfwwrii9.exe [2010-12-1 42496]
pu30rrc0.exe [2010-11-30 50688]
qmmhyytkkf.exe [2010-12-10 43008]
qw5sdjo3.exe [2010-11-21 43008]
qw9c1yzzv.exe [2010-11-30 50688]
r2too6ag.exe [2010-11-30 50688]
s3o3f0lhccy.exe [2010-12-2 50688]
toupl2hcco.exe [2010-12-4 50688]
tppl2hccooj.exe [2010-12-4 50688]
tukk6ww6.exe [2010-12-4 50688]
uka9ccn8.exe [2010-11-29 42496]
vmmhyytk.exe [2010-12-10 43008]
vmmhyytkkfw.exe [2010-12-10 42496]
w5sdjo3aa3.exe [2010-11-21 43008]
w765j1uq.exe [2010-12-1 50688]
ww9c1yzzvl.exe [2010-11-30 50688]
xyj1uqql.exe [2010-12-1 50688]
y2zqqlccn3.exe [2010-12-2 50688]
y69k1r5x0dz.exe [2010-11-26 42496]
yy6kk1wrs.exe [2010-12-1 50688]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0uupllh.exe [2010-11-24 43008]
0vrmm70.exe [2010-11-22 43008]
2xidtze.exe [2010-11-22 43008]
2zkpq0m.exe [2010-11-24 43008]
70dtze3.exe [2010-11-22 43008]
70xtoo6.exe [2010-11-22 43008]
9s69e1a.exe [2010-11-22 43008]
a0b0rns8.exe [2010-11-21 43008]
aa6mm70tp.exe [2010-11-22 43008]
avmmhyytkk.exe [2010-11-22 43008]
bxnnjzzvll.exe [2010-11-22 43008]
fl870njz.exe [2010-11-21 43008]
g69so0e3qq.exe [2010-11-22 43008]
hdttpffb.exe [2010-11-22 43008]
o9k1gccxoo.exe [2010-11-22 43008]
ooz83q3ssn.exe [2010-11-24 43008]
u86bc70dzpf.exe [2010-11-21 43008]
zvllhxxt.exe [2010-11-22 43008]
zzvllhxxi3k.exe [2010-11-24 43008]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-25 258048]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\MARTIM\\koš\\hry\\bulanci.exe"=
"d:\\Hry\\nfs_undergroun_2\\speed2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\MARTIM\\koš\\dirt2_game.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"d:\\Hry\\cod\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20030:TCP"= 20030:TCP:BitComet 20030 TCP
"20030:UDP"= 20030:UDP:BitComet 20030 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2008 12:42 717296]
R2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [4.12.2010 11:21 117732]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.1.2009 13:19 246520]
S2 gupdate1ca3f42ddb1aee2;Služba Google Update (gupdate1ca3f42ddb1aee2);c:\program files\Google\Update\GoogleUpdate.exe [27.9.2009 8:19 133104]
S2 kujtfczr;kujtfczr;c:\windows\system32\drivers\kujtfczr.sys [28.11.2010 12:37 82944]
S2 y6ajoaoakfxs;ASUSKeyboardService;c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe --> c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe [?]
S3 anlhltyi;anlhltyi;\??\c:\windows\System32\Drivers\anlhltyi.sys --> c:\windows\System32\Drivers\anlhltyi.sys [?]
S3 cmqklrsk;cmqklrsk;\??\c:\windows\System32\Drivers\cmqklrsk.sys --> c:\windows\System32\Drivers\cmqklrsk.sys [?]
S3 dlckeors;dlckeors;\??\c:\windows\System32\Drivers\dlckeors.sys --> c:\windows\System32\Drivers\dlckeors.sys [?]
S3 ecbzrioj;ecbzrioj;\??\c:\windows\System32\Drivers\ecbzrioj.sys --> c:\windows\System32\Drivers\ecbzrioj.sys [?]
S3 eeibohyo;eeibohyo;\??\c:\windows\System32\Drivers\eeibohyo.sys --> c:\windows\System32\Drivers\eeibohyo.sys [?]
S3 fpndnmck;fpndnmck;\??\c:\windows\System32\Drivers\fpndnmck.sys --> c:\windows\System32\Drivers\fpndnmck.sys [?]
S3 gewtffud;gewtffud;\??\c:\windows\System32\Drivers\gewtffud.sys --> c:\windows\System32\Drivers\gewtffud.sys [?]
S3 gtmihavu;gtmihavu;\??\c:\windows\System32\Drivers\gtmihavu.sys --> c:\windows\System32\Drivers\gtmihavu.sys [?]
S3 gvfnzodb;gvfnzodb;\??\c:\windows\System32\Drivers\gvfnzodb.sys --> c:\windows\System32\Drivers\gvfnzodb.sys [?]
S3 iuzjcxli;iuzjcxli;\??\c:\windows\System32\Drivers\iuzjcxli.sys --> c:\windows\System32\Drivers\iuzjcxli.sys [?]
S3 jdiotjfh;jdiotjfh;\??\c:\windows\System32\Drivers\jdiotjfh.sys --> c:\windows\System32\Drivers\jdiotjfh.sys [?]
S3 kvxqhzyc;kvxqhzyc;\??\c:\windows\System32\Drivers\kvxqhzyc.sys --> c:\windows\System32\Drivers\kvxqhzyc.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 nzfrikij;nzfrikij;\??\c:\windows\System32\Drivers\nzfrikij.sys --> c:\windows\System32\Drivers\nzfrikij.sys [?]
S3 nzqvahpo;nzqvahpo;\??\c:\windows\System32\Drivers\nzqvahpo.sys --> c:\windows\System32\Drivers\nzqvahpo.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 11:29 162176]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [25.11.2010 17:09 37280]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [25.11.2010 17:09 91168]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [25.11.2010 17:09 32800]
S3 sdbiemqa;sdbiemqa;\??\c:\windows\System32\Drivers\sdbiemqa.sys --> c:\windows\System32\Drivers\sdbiemqa.sys [?]
S3 tvjjdavm;tvjjdavm;\??\c:\windows\System32\Drivers\tvjjdavm.sys --> c:\windows\System32\Drivers\tvjjdavm.sys [?]
S3 ughwdinq;ughwdinq;\??\c:\windows\System32\Drivers\ughwdinq.sys --> c:\windows\System32\Drivers\ughwdinq.sys [?]
S3 ujoorlbo;ujoorlbo;\??\c:\windows\System32\Drivers\ujoorlbo.sys --> c:\windows\System32\Drivers\ujoorlbo.sys [?]
S3 wzndoylh;wzndoylh;\??\c:\windows\System32\Drivers\wzndoylh.sys --> c:\windows\System32\Drivers\wzndoylh.sys [?]
S3 xjwlnzku;xjwlnzku;\??\c:\windows\System32\Drivers\xjwlnzku.sys --> c:\windows\System32\Drivers\xjwlnzku.sys [?]
S3 yqqolonw;yqqolonw;\??\c:\windows\System32\Drivers\yqqolonw.sys --> c:\windows\System32\Drivers\yqqolonw.sys [?]
S3 zvykjxdv;zvykjxdv;\??\c:\windows\System32\Drivers\zvykjxdv.sys --> c:\windows\System32\Drivers\zvykjxdv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]
2010-12-09 c:\windows\Tasks\Norton Security Scan for uživatel.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\vf6f5zm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - %profile%\extensions\{f592709f-ff4a-4862-b659-4afabda56312}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-coudef - c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
SafeBoot-crhcwhpk
SafeBoot-gfwctunh
SafeBoot-jllrtrmc.sys
SafeBoot-kujtfczr
SafeBoot-trtnetbs
SafeBoot-xorsbsab
AddRemove-Counter-Strike 1.6 - d:\hry\Uninstal.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 10:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-12-22 10:12:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-22 09:12
Před spuštěním: 7 917 101 056
Po spuštění: Volných bajtů: 14 924 161 024
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 1B4E387C49F8693C74FC0034BD829ADD
zde vkladam log z combofixu a doufam ze se jeste najde pro me nejaka rada....dekuji...
ComboFix 10-12-21.03 - uživatel 22.12.2010 10:00:56.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.631 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\uživatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\quukou.exe
c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
c:\documents and settings\užvatel\Data aplikací\lsass.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\dovogig.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\petabu.exe
c:\documents and settings\užvatel\Data aplikací\Microsoft\vafy.exe
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\jllrtrmc.sys
c:\windows\System32\Drivers\vtwmfzao.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\spool\drivers\systempro.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_jllrtrmc
-------\Service_jllrtrmc
-------\Service_vtwmfzao
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-22 do 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- C:\rsit
2010-12-13 15:01 . 2010-12-13 15:01 -------- d-----w- c:\program files\trend micro
2010-11-28 11:37 . 2010-11-28 11:37 82944 ----a-w- c:\windows\system32\drivers\kujtfczr.sys
2010-11-27 08:35 . 2010-11-27 08:35 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GRETECH
2010-11-26 16:59 . 2010-11-26 16:59 -------- d-----w- c:\documents and settings\užvatel\Local Settings\Data aplikací\ArcSoft
2010-11-26 03:29 . 2010-11-26 03:29 184951 ----a-w- C:\pen.exe
2010-11-26 03:25 . 2010-11-26 03:25 194560 ------w- C:\kmedia.exe
2010-11-26 01:20 . 2010-11-26 01:42 194560 ------w- C:\bejewled.exe
2010-11-25 18:21 . 2010-11-26 03:27 184951 ----a-w- C:\psp.exe
2010-11-25 17:05 . 2010-11-25 17:05 0 ----a-w- c:\windows\system32\drivers\ipnrnerj.sys
2010-11-25 16:43 . 2010-11-25 16:43 0 ----a-w- c:\windows\system32\drivers\hkqzsabn.sys
2010-11-25 16:09 . 2009-07-13 14:46 37280 ----a-w- c:\windows\system32\drivers\RTL2832U_IRHID.sys
2010-11-25 16:09 . 2009-07-06 16:37 32800 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-11-25 16:09 . 2009-07-06 16:36 91168 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\program files\NewSoft
2010-11-25 16:09 . 2009-04-02 13:22 127085 ----a-w- c:\windows\system32\RTKFMSOURCE.dll
2010-11-25 15:56 . 2010-11-25 15:56 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ArcSoft
2010-11-25 15:56 . 2010-11-26 16:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ArcSoft
2010-11-25 15:52 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-11-24 19:07 . 2010-11-25 15:55 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-11-24 18:33 . 2010-11-24 18:33 18432 ---ha-w- c:\documents and settings\uživatel\mqf.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 18:26 . 2008-06-26 12:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 18:25 . 2008-06-26 12:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-30 16:02 . 2010-11-21 21:34 97792 --sh--r- c:\documents and settings\užvatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 --sh--r- c:\documents and settings\uživatel\Data aplikací\juzjf.exe
2010-11-21 22:09 . 2010-11-21 22:09 85504 ----a-w- C:\HDTV.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-21 21:35 . 2010-11-21 21:35 18432 ---ha-w- c:\documents and settings\užvatel\jwyad.exe
2010-11-03 14:00 . 2010-11-03 06:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-03 14:00 . 2010-11-03 06:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-14 19:05 . 2010-10-14 19:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-14 19:05 . 2010-10-14 19:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-02-15 111928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\u§vatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0tjjpq6.exe [2010-11-30 50688]
1a2hcco.exe [2010-12-4 42496]
1okkflh.exe [2010-12-1 50688]
1yjkflg.exe [2010-11-28 50688]
3o6v6wc.exe [2010-11-27 50688]
5r5nde0.exe [2010-11-21 43008]
6d19u1q.exe [2010-11-25 50688]
6d8p58x.exe [2010-11-25 42496]
6iiuupv.exe [2010-11-25 50688]
6s81pkv.exe [2010-11-28 50688]
6wrms5t.exe [2010-11-22 43008]
70y6kk1.exe [2010-12-1 42496]
9ejfvvr.exe [2010-12-2 50688]
9y2p3wh.exe [2010-11-29 50688]
bssneezqqlc.exe [2010-11-22 43008]
c1yzzvlr.exe [2010-11-30 42496]
cc6ejfaqg.exe [2010-11-25 50688]
cnnjzpplbb.exe [2010-12-1 50688]
cxytz60gbs.exe [2010-11-28 50688]
djzkg0h1so.exe [2010-11-27 50688]
epak769xtt.exe [2010-11-29 50688]
fggbsidopp.exe [2010-11-30 42496]
fvvrhhs3.exe [2010-12-2 42496]
hsoojffgw6.exe [2010-11-27 42496]
hyytkkfl.exe [2010-12-1 50688]
i9j60llwhi.exe [2010-11-30 50688]
ju3wccxooj.exe [2010-11-26 50688]
lr5nde0u3.exe [2010-11-21 43008]
m6yy6kk6.exe [2010-11-22 43008]
miidzppggr.exe [2010-11-27 42496]
mmhyytkkfw.exe [2010-11-22 43008]
n1o21a9cc.exe [2010-11-29 50688]
nt66k6lm.exe [2010-11-28 42496]
oju3wccxooj.exe [2010-11-26 50688]
okffwccxoo.exe [2010-11-26 50688]
okkfwwrii9.exe [2010-12-1 42496]
pu30rrc0.exe [2010-11-30 50688]
qmmhyytkkf.exe [2010-12-10 43008]
qw5sdjo3.exe [2010-11-21 43008]
qw9c1yzzv.exe [2010-11-30 50688]
r2too6ag.exe [2010-11-30 50688]
s3o3f0lhccy.exe [2010-12-2 50688]
toupl2hcco.exe [2010-12-4 50688]
tppl2hccooj.exe [2010-12-4 50688]
tukk6ww6.exe [2010-12-4 50688]
uka9ccn8.exe [2010-11-29 42496]
vmmhyytk.exe [2010-12-10 43008]
vmmhyytkkfw.exe [2010-12-10 42496]
w5sdjo3aa3.exe [2010-11-21 43008]
w765j1uq.exe [2010-12-1 50688]
ww9c1yzzvl.exe [2010-11-30 50688]
xyj1uqql.exe [2010-12-1 50688]
y2zqqlccn3.exe [2010-12-2 50688]
y69k1r5x0dz.exe [2010-11-26 42496]
yy6kk1wrs.exe [2010-12-1 50688]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0uupllh.exe [2010-11-24 43008]
0vrmm70.exe [2010-11-22 43008]
2xidtze.exe [2010-11-22 43008]
2zkpq0m.exe [2010-11-24 43008]
70dtze3.exe [2010-11-22 43008]
70xtoo6.exe [2010-11-22 43008]
9s69e1a.exe [2010-11-22 43008]
a0b0rns8.exe [2010-11-21 43008]
aa6mm70tp.exe [2010-11-22 43008]
avmmhyytkk.exe [2010-11-22 43008]
bxnnjzzvll.exe [2010-11-22 43008]
fl870njz.exe [2010-11-21 43008]
g69so0e3qq.exe [2010-11-22 43008]
hdttpffb.exe [2010-11-22 43008]
o9k1gccxoo.exe [2010-11-22 43008]
ooz83q3ssn.exe [2010-11-24 43008]
u86bc70dzpf.exe [2010-11-21 43008]
zvllhxxt.exe [2010-11-22 43008]
zzvllhxxi3k.exe [2010-11-24 43008]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-11-25 258048]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\MARTIM\\koš\\hry\\bulanci.exe"=
"d:\\Hry\\nfs_undergroun_2\\speed2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\MARTIM\\koš\\dirt2_game.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"d:\\Hry\\cod\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\Distributed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20030:TCP"= 20030:TCP:BitComet 20030 TCP
"20030:UDP"= 20030:UDP:BitComet 20030 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2008 12:42 717296]
R2 DistributedAgentServices;DistributedAgentServices;c:\windows\system32\spool\drivers\Distributed.exe [4.12.2010 11:21 117732]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.1.2009 13:19 246520]
S2 gupdate1ca3f42ddb1aee2;Služba Google Update (gupdate1ca3f42ddb1aee2);c:\program files\Google\Update\GoogleUpdate.exe [27.9.2009 8:19 133104]
S2 kujtfczr;kujtfczr;c:\windows\system32\drivers\kujtfczr.sys [28.11.2010 12:37 82944]
S2 y6ajoaoakfxs;ASUSKeyboardService;c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe --> c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe [?]
S3 anlhltyi;anlhltyi;\??\c:\windows\System32\Drivers\anlhltyi.sys --> c:\windows\System32\Drivers\anlhltyi.sys [?]
S3 cmqklrsk;cmqklrsk;\??\c:\windows\System32\Drivers\cmqklrsk.sys --> c:\windows\System32\Drivers\cmqklrsk.sys [?]
S3 dlckeors;dlckeors;\??\c:\windows\System32\Drivers\dlckeors.sys --> c:\windows\System32\Drivers\dlckeors.sys [?]
S3 ecbzrioj;ecbzrioj;\??\c:\windows\System32\Drivers\ecbzrioj.sys --> c:\windows\System32\Drivers\ecbzrioj.sys [?]
S3 eeibohyo;eeibohyo;\??\c:\windows\System32\Drivers\eeibohyo.sys --> c:\windows\System32\Drivers\eeibohyo.sys [?]
S3 fpndnmck;fpndnmck;\??\c:\windows\System32\Drivers\fpndnmck.sys --> c:\windows\System32\Drivers\fpndnmck.sys [?]
S3 gewtffud;gewtffud;\??\c:\windows\System32\Drivers\gewtffud.sys --> c:\windows\System32\Drivers\gewtffud.sys [?]
S3 gtmihavu;gtmihavu;\??\c:\windows\System32\Drivers\gtmihavu.sys --> c:\windows\System32\Drivers\gtmihavu.sys [?]
S3 gvfnzodb;gvfnzodb;\??\c:\windows\System32\Drivers\gvfnzodb.sys --> c:\windows\System32\Drivers\gvfnzodb.sys [?]
S3 iuzjcxli;iuzjcxli;\??\c:\windows\System32\Drivers\iuzjcxli.sys --> c:\windows\System32\Drivers\iuzjcxli.sys [?]
S3 jdiotjfh;jdiotjfh;\??\c:\windows\System32\Drivers\jdiotjfh.sys --> c:\windows\System32\Drivers\jdiotjfh.sys [?]
S3 kvxqhzyc;kvxqhzyc;\??\c:\windows\System32\Drivers\kvxqhzyc.sys --> c:\windows\System32\Drivers\kvxqhzyc.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 nzfrikij;nzfrikij;\??\c:\windows\System32\Drivers\nzfrikij.sys --> c:\windows\System32\Drivers\nzfrikij.sys [?]
S3 nzqvahpo;nzqvahpo;\??\c:\windows\System32\Drivers\nzqvahpo.sys --> c:\windows\System32\Drivers\nzqvahpo.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 11:29 162176]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [25.11.2010 17:09 37280]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [25.11.2010 17:09 91168]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [25.11.2010 17:09 32800]
S3 sdbiemqa;sdbiemqa;\??\c:\windows\System32\Drivers\sdbiemqa.sys --> c:\windows\System32\Drivers\sdbiemqa.sys [?]
S3 tvjjdavm;tvjjdavm;\??\c:\windows\System32\Drivers\tvjjdavm.sys --> c:\windows\System32\Drivers\tvjjdavm.sys [?]
S3 ughwdinq;ughwdinq;\??\c:\windows\System32\Drivers\ughwdinq.sys --> c:\windows\System32\Drivers\ughwdinq.sys [?]
S3 ujoorlbo;ujoorlbo;\??\c:\windows\System32\Drivers\ujoorlbo.sys --> c:\windows\System32\Drivers\ujoorlbo.sys [?]
S3 wzndoylh;wzndoylh;\??\c:\windows\System32\Drivers\wzndoylh.sys --> c:\windows\System32\Drivers\wzndoylh.sys [?]
S3 xjwlnzku;xjwlnzku;\??\c:\windows\System32\Drivers\xjwlnzku.sys --> c:\windows\System32\Drivers\xjwlnzku.sys [?]
S3 yqqolonw;yqqolonw;\??\c:\windows\System32\Drivers\yqqolonw.sys --> c:\windows\System32\Drivers\yqqolonw.sys [?]
S3 zvykjxdv;zvykjxdv;\??\c:\windows\System32\Drivers\zvykjxdv.sys --> c:\windows\System32\Drivers\zvykjxdv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 07:19]
2010-12-09 c:\windows\Tasks\Norton Security Scan for uživatel.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\vf6f5zm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Mininova Toolbar: {f592709f-ff4a-4862-b659-4afabda56312} - %profile%\extensions\{f592709f-ff4a-4862-b659-4afabda56312}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-coudef - c:\documents and settings\uživatel\Data aplikací\Microsoft\vafy.exe
SafeBoot-crhcwhpk
SafeBoot-gfwctunh
SafeBoot-jllrtrmc.sys
SafeBoot-kujtfczr
SafeBoot-trtnetbs
SafeBoot-xorsbsab
AddRemove-Counter-Strike 1.6 - d:\hry\Uninstal.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 10:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\spool\drivers\systempro.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-12-22 10:12:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-22 09:12
Před spuštěním: 7 917 101 056
Po spuštění: Volných bajtů: 14 924 161 024
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 1B4E387C49F8693C74FC0034BD829ADD
Re: nakazene PC
Omlouvam se za zpozdeni, ale pracovni povinnosti me k tomu drive nepustily 
Stahnete OTM (viz muj podpis)
Pokud nemate, tak presunte Combofix na plochu
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe"=- "C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe"=- "C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe"=- "C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe"=- "C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe"=- "C:\WINDOWS\system32\vafy.exe"=- "C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe"=- "C:\WINDOWS\system32\gefasojys.exe"=- "C:\WINDOWS\system32\zoonehoum.exe"=- "C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe"=- "C:\Documents and Settings\užvatel\Data aplikací\lsass.exe"=- :files C:\Documents and Settings\uživatel\Data aplikací\Microsoft\zoonehoum.exe C:\Documents and Settings\uživatel\Data aplikací\Microsoft\gefasojys.exe C:\WINDOWS\system32\vafy.exe C:\Documents and Settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe C:\WINDOWS\system32\gefasojys.exe C:\WINDOWS\system32\zoonehoum.exe C:\Documents and Settings\uživatel\Plocha\P1876832.JPG-www.facebook.exe C:\Documents and Settings\užvatel\Data aplikací\Microsoft\vafy.exe C:\Documents and Settings\užvatel\Data aplikací\lsass.exe C:\Documents and Settings\uživatel\Data aplikací\Microsoft\petabu.exe C:\Documents and Settings\uživatel\Data aplikací\Microsoft\vafy.exe C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\*.exe %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [ClearAllRestorePoints] [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Collect:: c:\windows\system32\drivers\kujtfczr.sys C:\pen.exe C:\kmedia.exe C:\bejewled.exe C:\psp.exe c:\windows\system32\drivers\ipnrnerj.sys c:\windows\system32\drivers\hkqzsabn.sys c:\documents and settings\uživatel\mqf.exe c:\documents and settings\užvatel\Data aplikací\juzjf.exe c:\documents and settings\uživatel\Data aplikací\juzjf.exe c:\documents and settings\užvatel\jwyad.exe c:\documents and settings\užvatel\jwyad.exe c:\windows\system32\drivers\kujtfczr.sys c:\documents and settings\uživatel\Data aplikací\Microsoft\rougaruvih.exe c:\windows\System32\Drivers\anlhltyi.sys c:\windows\System32\Drivers\cmqklrsk.sys c:\windows\System32\Drivers\dlckeors.sys c:\windows\System32\Drivers\ecbzrioj.sys c:\windows\System32\Drivers\eeibohyo.sys c:\windows\System32\Drivers\fpndnmck.sys c:\windows\System32\Drivers\gewtffud.sys c:\windows\System32\Drivers\gtmihavu.sys c:\windows\System32\Drivers\gvfnzodb.sys c:\windows\System32\Drivers\iuzjcxli.sys c:\windows\System32\Drivers\jdiotjfh.sys c:\windows\System32\Drivers\kvxqhzyc.sys c:\windows\System32\Drivers\nzfrikij.sys c:\windows\System32\Drivers\nzqvahpo.sys c:\windows\System32\Drivers\sdbiemqa.sys c:\windows\System32\Drivers\tvjjdavm.sys c:\windows\System32\Drivers\ughwdinq.sys c:\windows\System32\Drivers\ujoorlbo.sys c:\windows\System32\Drivers\wzndoylh.sys c:\windows\System32\Drivers\xjwlnzku.sys c:\windows\System32\Drivers\yqqolonw.sys c:\windows\System32\Drivers\zvykjxdv.sys Folder:: c:\program files\SweetIM c:\program files\ICQ6Toolbar Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"=- [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=- "swg"=- "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=- "TkBellExe"=- "NeroFilterCheck"=- "NBKeyScan"=- "SweetIM"=- "DivXUpdate"=- "SunJavaUpdateSched"=- Driver:: ICQ Service kujtfczr y6ajoaoakfxs anlhltyi cmqklrsk dlckeors ecbzrioj eeibohyo fpndnmck gewtffud gtmihavu gvfnzodb iuzjcxli jdiotjfh kvxqhzyc nzfrikij nzqvahpo sdbiemqa tvjjdavm ughwdinq ujoorlbo wzndoylh xjwlnzku yqqolonw zvykjxdv DDS:: uStart Page = hxxp://googleure.com mStart Page = hxxp://home.sweetim.com IE: Crawler Search - tbr:iemenu Firefox:: FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\vf6f5zm6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.1&q= FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} RegLock:: [HKEY_USERS\S-1-5-21-823518204-602162358-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?