Facebook vir - prosím o pomoc

[vorejda]

Dobrý den,
už je to asi týden co jsem od kamaráda dostal v chatu zprávu abych si stáhnul flash player, a já blbec tak učinil, tak Vás tímto žádám, zda-li byste mi nepomohli.
Pokoušel jsem se asi 3x instalovat AVG a jak už jsem viděl v ostatních tématech, je to nejspíš ten malware.

Zde je můj log z RSIT :

Logfile of random's system information tool 1.09 (written by random/random)
Run by John at 2011-07-31 15:28:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 200 GB (69%) free of 291 GB
Total RAM: 3326 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:08, on 31.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\update.tray-12-0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.3\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\update.5.0\9447.exe
C:\WINDOWS\update.5.0\9447.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\update.2\6479.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\John\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\John.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Documents and Settings\John\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [omg123] C:\WINDOWS\system32\omg123.exe
O4 - HKLM\..\Run: [Systemx32] C:\Program Files\WindowsSecurity\SystemR1.exe
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [5322298.exe] "C:\DOCUME~1\John\LOCALS~1\Temp\5322298.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [23581.exe] "C:\WINDOWS\TEMP\23581.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [50074450-loader2.exe] "C:\WINDOWS\TEMP\50074450-loader2.exe"
O4 - HKLM\..\Run: [w_distrib.exe] "C:\WINDOWS\update.3\svchost.exe" stand
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [9180168.exe] "C:\WINDOWS\TEMP\9180168.exe"
O4 - HKLM\..\Run: [5080047.exe] "C:\WINDOWS\TEMP\5080047.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\win32Gl\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\win32Gl\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.23.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\9447.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\6479.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 9139 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-861567501-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-861567501-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, illimitux@illimitux.net:4.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, plugin2@gameplaylabs.com:2.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\extensions\
illimitux@illimitux.net
plugin2@gameplaylabs.com
{800b5000-a755-47e1-992b-48a1c1357f07}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\searchplugins\
club-penguin-cc-search.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Documents and Settings\John\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"omg123"=C:\WINDOWS\system32\omg123 [2009-10-30 71777]
"Systemx32"=C:\Program Files\WindowsSecurity\SystemR1.exe []
"PAC7311_Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-05-27 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5322298.exe"=C:\DOCUME~1\John\LOCALS~1\Temp\5322298.exe [2011-07-25 247296]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"23581.exe"=C:\WINDOWS\TEMP\23581.exe [2011-07-25 247296]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-25 114176]
"50074450-loader2.exe"=C:\WINDOWS\TEMP\50074450-loader2.exe [2011-07-25 247296]
"w_distrib.exe"=C:\WINDOWS\update.3\svchost.exe [2011-07-25 272896]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe []
"9180168.exe"=C:\WINDOWS\TEMP\9180168.exe [2011-07-25 256000]
"5080047.exe"=C:\WINDOWS\TEMP\5080047.exe [2011-07-31 502272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\win32Gl\svchost.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Exetender_298"=C:\Program Files\Frag Games\GPlayer.exe /runonstartup []
"Google Update"=C:\Documents and Settings\John\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-09 136176]
"PowerSuite"=C:\Program Files\Uniblue\PowerSuite\launcher.exe delay 20000 -m []
"Steam"=C:\Program Files\Steam\steam.exe [2011-06-30 1242448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\win32Gl\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\John\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-09 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2011-06-30 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
C:\Program Files\Eset\UpdateReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsErrorHook]
C:\Cache\\WindowsErrorHook.exe [2009-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2011-05-27 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2011-05-27 738776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\John\Nabídka Start\Programy\Po spuštění
fliptoast.lnk - C:\Program Files\fliptoast\fliptoast.exe
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Left4Dead\hl2.exe"="C:\Program Files\Left4Dead\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\fotroubek\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\fotroubek\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX01.750\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX01.750\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX03.687\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX03.687\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX03.516\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX03.516\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX05.516\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX05.516\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX11.391\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX11.391\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Documents and Settings\John\Local Settings\Temp\Rar$EX27.578\SteamStats.exe"="C:\Documents and Settings\John\Local Settings\Temp\Rar$EX27.578\SteamStats.exe:*:Enabled:Drunken F00l's Steam Stats Modifier and Tools"
"C:\Program Files\Steam\steamapps\fotroubek\source 2007 dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\fotroubek\source 2007 dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam 732897"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\John\Plocha\EmuImproved.exe"="C:\Documents and Settings\John\Plocha\EmuImproved.exe:*:Enabled:EmuImproved"
"C:\Documents and Settings\John\Plocha\Game_master_Hack__3.2.2_.exe"="C:\Documents and Settings\John\Plocha\Game_master_Hack__3.2.2_.exe:*:Enabled:Game_master_Hack__3.2.2_"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Repair.exe"
"C:\Program Files\THQ\Titan Quest\Titan Quest.exe"="C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe"="C:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe:*:Enabled:ZeroGearServer"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe"="C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood"
"C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe"="C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Steam\steamapps\common\altitude\altitude.exe"="C:\Program Files\Steam\steamapps\common\altitude\altitude.exe:*:Enabled:altitude"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.dat"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.dat:*:Enabled:iw4mp"
"C:\Program Files\Activision\Modern Warfare 2\iw4sp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Ascaron Entertainment\Sacred Underworld\Sacred.exe"="C:\Program Files\Ascaron Entertainment\Sacred Underworld\Sacred.exe:*:Enabled:Sacred"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe:*:Disabled:BlackOpsMP"
"C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Vindictus\en-US\NMService.exe"="C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Documents and Settings\John\Plocha\WotC Games\Magic\Manalink.exe"="C:\Documents and Settings\John\Plocha\WotC Games\Magic\Manalink.exe:*:Enabled:manalink"
"C:\Program Files\Steam\steamapps\fotroubek\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\steamapps\fotroubek\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Paradox Interactive\Magicka\Magicka.exe"="C:\Program Files\Paradox Interactive\Magicka\Magicka.exe:*:Enabled:Magicka"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Valve\Portal 2\portal2.exe"="C:\Program Files\Valve\Portal 2\portal2.exe:*:Enabled:portal2"
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe"="C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\Program Files\Black_Box\The Witcher 2 Assassins of Kings\bin\witcher2.exe"="C:\Program Files\Black_Box\The Witcher 2 Assassins of Kings\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"C:\Program Files\Steam\steamapps\common\warincbattlezone\WarInc.exe"="C:\Program Files\Steam\steamapps\common\warincbattlezone\WarInc.exe:*:Enabled:War Inc. Battlezone"
"C:\Documents and Settings\John\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\John\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\John\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-12-0\svchost.exe"="C:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-12-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.3\svchost.exe"="C:\WINDOWS\update.3\svchost.exe:*:Enabled:C:\WINDOWS\update.3\svchost.exe"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\WINDOWS\update.2\6479.exe"="C:\WINDOWS\update.2\6479.exe:*:Enabled:C:\WINDOWS\update.2\6479.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm

======List of files/folders created in the last 1 month======

2011-07-26 15:59:01 ----D---- C:\rsit
2011-07-26 15:59:01 ----D---- C:\Program Files\trend micro
2011-07-25 14:14:13 ----D---- C:\Program Files\Defraggler
2011-07-25 11:17:36 ----D---- C:\Program Files\Sid Meier's Civilization V
2011-07-25 10:49:15 ----D---- C:\Documents and Settings\John\Data aplikací\WinRAR
2011-07-25 10:13:27 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-07-25 08:55:01 ----A---- C:\WINDOWS\w_distrib_iplist.txt
2011-07-25 08:54:03 ----HD---- C:\WINDOWS\update.3
2011-07-25 08:23:29 ----D---- C:\Temp
2011-07-25 08:18:42 ----D---- C:\WINDOWS\ufa
2011-07-25 08:18:42 ----D---- C:\WINDOWS\rpcminer
2011-07-25 08:18:42 ----D---- C:\WINDOWS\phoenix
2011-07-25 08:06:32 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 08:05:49 ----A---- C:\WINDOWS\systemup.exe
2011-07-25 08:05:36 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 08:05:09 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 08:04:29 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 08:04:21 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 08:03:57 ----HD---- C:\WINDOWS\update.2
2011-07-25 08:02:27 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 08:01:54 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 07:58:46 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 07:58:13 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 07:57:58 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 07:57:56 ----D---- C:\WINDOWS\av_ico
2011-07-25 07:56:14 ----HD---- C:\WINDOWS\update.1
2011-07-25 07:56:04 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-25 07:56:04 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-25 07:46:04 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 07:46:04 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 07:46:00 ----A---- C:\WINDOWS\services32.exe
2011-07-22 19:29:53 ----D---- C:\Program Files\Black_Box
2011-07-22 18:28:30 ----D---- C:\Documents and Settings\John\Data aplikací\AVG10
2011-07-22 18:27:07 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-22 18:22:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-19 10:37:38 ----D---- C:\Program Files\terraria 1.0.5
2011-07-17 16:28:05 ----D---- C:\Program Files\Common Files\Java
2011-07-16 20:03:26 ----D---- C:\Program Files\Terraria
2011-07-16 19:15:12 ----D---- C:\Program Files\Microsoft.NET

======List of files/folders modified in the last 1 month======

2011-07-31 15:28:13 ----D---- C:\WINDOWS\Prefetch
2011-07-31 15:27:29 ----D---- C:\Program Files\Mozilla Firefox
2011-07-31 15:25:39 ----D---- C:\Program Files\Steam
2011-07-31 15:25:27 ----D---- C:\WINDOWS\Temp
2011-07-31 15:23:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 22:33:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 15:59:01 ----RD---- C:\Program Files
2011-07-26 15:48:03 ----D---- C:\WINDOWS
2011-07-25 14:00:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-25 13:14:28 ----D---- C:\Program Files\7-Zip
2011-07-25 12:33:25 ----D---- C:\Documents and Settings\John\Data aplikací\uTorrent
2011-07-25 11:31:22 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-25 11:31:22 ----D---- C:\Program Files\Ubisoft
2011-07-25 11:31:17 ----SHD---- C:\WINDOWS\Installer
2011-07-25 11:31:03 ----D---- C:\WINDOWS\system32\DirectX
2011-07-25 11:31:01 ----HD---- C:\WINDOWS\inf
2011-07-25 11:30:48 ----RSD---- C:\WINDOWS\assembly
2011-07-25 11:24:33 ----D---- C:\WINDOWS\WinSxS
2011-07-25 11:11:39 ----D---- C:\Documents and Settings\John\Data aplikací\DAEMON Tools Lite
2011-07-25 10:33:51 ----D---- C:\Documents and Settings\John\Data aplikací\Mozilla
2011-07-25 10:31:43 ----D---- C:\Documents and Settings\John\Data aplikací\vlc
2011-07-25 10:30:47 ----D---- C:\Documents and Settings\John\Data aplikací\DivX
2011-07-25 10:27:59 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-07-25 10:25:48 ----D---- C:\Program Files\TeamViewer
2011-07-25 10:25:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\NexonUS
2011-07-25 10:24:55 ----D---- C:\Program Files\Mumble
2011-07-25 10:24:13 ----D---- C:\WINDOWS\system32
2011-07-25 10:23:15 ----D---- C:\Program Files\Opera
2011-07-25 10:21:12 ----D---- C:\Program Files\Google
2011-07-25 10:20:56 ----D---- C:\Program Files\DAP
2011-07-25 10:20:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\SpeedBit
2011-07-25 10:20:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-25 10:17:27 ----A---- C:\boot.ini
2011-07-25 10:14:04 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 10:13:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-25 08:06:35 ----SHD---- C:\System Volume Information
2011-07-25 08:06:35 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 08:04:23 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-24 20:21:59 ----D---- C:\Documents and Settings\John\Data aplikací\Skype
2011-07-24 13:35:43 ----D---- C:\Documents and Settings\John\Data aplikací\GARMIN
2011-07-24 12:38:42 ----SD---- C:\Documents and Settings\John\Data aplikací\Microsoft
2011-07-24 12:35:23 ----D---- C:\Documents and Settings\John\Data aplikací\Nokia
2011-07-24 12:35:20 ----D---- C:\Documents and Settings\John\Data aplikací\Adobe
2011-07-24 12:35:19 ----D---- C:\Documents and Settings\John\Data aplikací\.minecraft
2011-07-22 19:08:37 ----D---- C:\Documents and Settings\John\Data aplikací\Ubisoft
2011-07-22 19:08:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2011-07-22 18:16:27 ----D---- C:\Program Files\ESET
2011-07-19 10:43:28 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-19 10:04:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-19 10:02:10 ----D---- C:\WINDOWS\system32\en-us
2011-07-17 16:28:05 ----D---- C:\Program Files\Common Files
2011-07-17 16:27:17 ----D---- C:\Program Files\Java
2011-07-17 16:26:22 ----RD---- C:\Program Files\Skype
2011-07-17 16:26:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-17 16:25:45 ----D---- C:\Documents and Settings\John\Data aplikací\skypePM
2011-07-16 19:18:39 ----D---- C:\WINDOWS\system32\cs-CZ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-03 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-12 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-12 25888]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-22 9623680]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 anw2iozr;anw2iozr; C:\WINDOWS\system32\drivers\anw2iozr.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\John\LOCALS~1\Temp\TTAC79.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-06-26 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 PAC7311;Trust WB-3400T Webcam; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-02-25 25216]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-26 75136]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\9447.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\6479.exe [2011-07-31 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 133104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Předem díky za odpověď.

Vorejda

[Danstahr]

Dobré odpoledne ,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

[vorejda]

Prosím o chvilinku strpení, mám toho v počítači hodně

[vorejda]

Zde je log z úplné kontroly v MBAMu :

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7338

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31.7.2011 16:38:55
mbam-log-2011-07-31 (16-38-46).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 262118
Uplynulý čas: 35 minut, 14 sekund

Infikované procesy v paměti: 8
Infikované moduly v paměti: 0
Infikované klíče v registru: 17
Infikované hodnoty v registru: 16
Infikované datové položky v registru: 3
Infikované složky: 2
Infikované soubory: 51

Infikované procesy v paměti:
c:\WINDOWS\update.tray-12-0\svchost.exe (Backdoor.Agent.H) -> 236 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 424 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> 2328 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Backdoor.Agent.H) -> 2444 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 416 -> No action taken.
c:\WINDOWS\update.3\svchost.exe (Trojan.Agent) -> 476 -> No action taken.
c:\WINDOWS\update.5.0\9447.exe (Trojan.Downloader) -> 1580 -> No action taken.
c:\WINDOWS\update.5.0\9447.exe (Trojan.Downloader) -> 1928 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Backdoor.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO.1 (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO (Spyware.GamePlayLabs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Backdoor.Agent.H) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent.H) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent.H) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent.H) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9180168.exe (Trojan.Agent.H) -> Value: 9180168.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5322298.exe (Trojan.Agent) -> Value: 5322298.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5080047.exe (Trojan.Agent) -> Value: 5080047.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50074450-loader2.exe (Trojan.Agent) -> Value: 50074450-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systemx32 (Backdoor.IRCBot) -> Value: Systemx32 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\system32\win32Gl (Backdoor.Bot) -> No action taken.

Infikované soubory:
c:\WINDOWS\update.tray-12-0\svchost.exe (Backdoor.Agent.H) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Backdoor.Agent.H) -> No action taken.
c:\WINDOWS\services32.exe (Backdoor.Agent.H) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\9180168.exe (Trojan.Agent.H) -> No action taken.
c:\program files\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\system volume information\_restore{dadaf141-f81c-4c77-b1ed-41a57492d65c}\RP381\A0557589.exe (Backdoor.Agent.H) -> No action taken.
c:\system volume information\_restore{dadaf141-f81c-4c77-b1ed-41a57492d65c}\RP381\A0557590.exe (Backdoor.Agent.H) -> No action taken.
c:\system volume information\_restore{dadaf141-f81c-4c77-b1ed-41a57492d65c}\RP383\A0558595.exe (Backdoor.Agent.H) -> No action taken.
c:\system volume information\_restore{dadaf141-f81c-4c77-b1ed-41a57492d65c}\RP383\A0558596.exe (Backdoor.Agent.H) -> No action taken.
c:\WINDOWS\Temp\2311735.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\34481488.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\4337237.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\4730123.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7871553.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8029278.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\88832_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\9585566.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-12-0-lnk\svchost.exe (Backdoor.Agent.H) -> No action taken.
c:\documents and settings\John\local settings\Temp\5322298.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3999339.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4119335.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5080047.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5721744.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6777318.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8744636.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9701019.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\50074450-loader2.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\John\data aplikací\logs.dat (Bifrose.Trace) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\update.3\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.5.0\9447.exe (Trojan.Downloader) -> No action taken.

[Danstahr]

Infekci nalezenou MBAMem smažte.


Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
Spusťte ComboFix s administrátorským oprávněním.
Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
Během skenu nechte počítač naprosto v klidu.
Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
ComboFixu si do dalšího pokynu nevšímejte

[vorejda]

Prosím Vás, při spuštění combofixu mi program sdělí že by do nasledujiciho procesu mohlo zasáhnout avg. Zkusil jsem hledat a avg ještě existuje v souboru C/windows/system32/drivers odkud ho ale nemuzu odstranit. Mám s tím něco dělat, nebo to mám nechat proběhnout?

[Danstahr]

Hlášení ComboFixu ignorujte, AVG je stejně virem vyřazeno z provozu.

[vorejda]

Zde je log z combofixu (podle mě proběhl úspěšně).

ComboFix 11-07-31.03 - John 31.07.2011 17:26:56.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2640 [GMT 2:00]
Spuštěný z: c:\documents and settings\John\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ErrLog.txt
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\16b92a81cfc84b80ba945bb555ec2062.elf
c:\windows\phoenix\kernels\phatk\51e15bffdc6016cd464995fab5b5d07a.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\a5643c7218cb1b3bb938d6609f5039fd.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\c7afbba6d3a9c53759255c7ce04d8ff5.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.2\6479.exe
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 15:00 . 2011-07-31 15:00 -------- d--h--w- c:\documents and settings\John\Okolní tiskárny
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\John\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:00 . 2011-07-31 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:00 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 13:59 . 2011-07-31 13:29 -------- d-----w- c:\program files\trend micro
2011-07-26 13:59 . 2011-07-26 13:59 -------- d-----w- C:\rsit
2011-07-25 12:14 . 2011-07-25 12:14 -------- d-----w- c:\program files\Defraggler
2011-07-25 09:17 . 2011-07-25 09:23 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-07-25 08:32 . 2011-07-25 08:32 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\WMTools Downloaded Files
2011-07-25 06:23 . 2011-07-25 06:23 -------- d-----w- C:\Temp
2011-07-25 06:20 . 2011-07-25 06:20 -------- d--h--w- c:\documents and settings\John\Okolní síť
2011-07-25 06:18 . 2011-07-25 06:18 -------- d-----w- c:\windows\ufa
2011-07-25 06:02 . 2011-07-25 06:18 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 05:57 . 2011-07-25 05:57 -------- d-----w- c:\windows\av_ico
2011-07-25 05:56 . 2011-07-31 14:56 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 05:56 . 2011-07-31 14:54 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-25 05:46 . 2011-07-25 05:46 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-24 16:38 . 2011-07-24 16:38 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\CrashRpt
2011-07-22 17:29 . 2011-07-22 17:29 -------- d-----w- c:\program files\Black_Box
2011-07-22 16:28 . 2011-07-22 16:28 -------- d-----w- c:\documents and settings\John\Data aplikací\AVG10
2011-07-22 16:27 . 2011-07-22 16:27 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-22 16:22 . 2011-07-25 08:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-19 08:37 . 2011-07-19 08:37 -------- d-----w- c:\program files\terraria 1.0.5
2011-07-17 14:28 . 2011-07-17 14:28 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 18:03 . 2011-07-16 18:04 -------- d-----w- c:\program files\Terraria
2011-07-16 17:15 . 2011-07-16 17:15 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 17:24 . 2011-05-26 15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 12:17 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-07 18:25 . 2011-05-07 18:25 2970 ----a-w- C:\STFDCB.tmp
2011-05-04 02:52 . 2010-04-23 12:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-01-16 09:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 16:41 . 2011-05-02 16:41 2936 ----a-w- C:\STF118.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-06-30 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\John\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\John\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-09 17:46 136176 ----atw- c:\documents and settings\John\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-30 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsErrorHook]
2009-03-10 21:09 45056 ----a-w- c:\cache\WindowsErrorHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Documents and Settings\\John\\Plocha\\ComboFix.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57350:TCP"= 57350:TCP:Pando Media Booster
"57350:UDP"= 57350:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2009 14:24 691696]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.8.2009 11:13 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp --> c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.8.2009 11:13 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 20:42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 20:42 8320]
S3 PAC7311;Trust WB-3400T Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14.3.2007 10:57 449024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 09:13]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 09:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 93.91.144.25 212.80.67.98
FF - ProfilePath - c:\documents and settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - c:\progra~1\DAP\SBSearch.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Exetender_298 - c:\program files\Frag Games\GPlayer.exe
HKCU-Run-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe
HKLM-Run-omg123 - c:\windows\system32\omg123.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
HKU-Default-Run-Exetender_298 - c:\program files\Frag Games\GPlayer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
HKLM_ActiveSetup-{54F6C59F-6A65-DAA6-3A00-37211BF9CF57} - c:\windows\system32\License\license.exe
HKLM_ActiveSetup-{63B43C3B-A373-61B7-E883-E0BF2695222B} - c:\windows\system32\omg123.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Minecraft - c:\documents and settings\John\Data aplikací\.minecraft\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 17:31
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
omg123 = c:\windows\system32\omg123.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:51,28,1c,de,cb,cd,33,cf,91,11,32,37,bb,6b,9b,0a,b0,f4,b8,59,42,
ab,e2,21,f2,5c,64,33,83,4c,1d,7d,9a,2c,43,4f,44,ff,a0,ab,ff,c1,16,8d,dd,6b,\
"rkeysecu"=hex:8d,da,f7,c0,78,c4,75,d3,d9,12,7a,3d,6f,18,56,20
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 17:32:41 - počítač byl restartován

ComboFix-quarantined-files.txt 2011-07-31 15:32
.
Před spuštěním: Volných bajtů: 218 381 176 832
Po spuštění: Volných bajtů: 218 356 191 232
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 0D566AB41938F05424E4F310A2E0B31D

[vorejda]

Prosím Vás, jste tu ještě?

[Danstahr]

Strpení prosím, máme nával a témata beru popořadě.

[Danstahr]

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Kód: Vybrat vše

killall::

folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

files::
c:\windows\unrar.exe
C:\STFDCB.tmp
C:\STF118.tmp
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\cache\WindowsErrorHook.exe
c:\windows\system32\omg123.exe

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7311_Monitor"=-
"NvMediaCenter"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"omg123"=-

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsErrorHook]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

DDS::
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.toggle.com/en/index.php?rvs=google


firefox::
FF - ProfilePath - c:\documents and settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

Driver::
gupdate
gupdatem
ICQ Service

reboot::

[vorejda]

Zde je log, který se ukázal po restartu :

ComboFix 11-07-31.04 - John 31.07.2011 18:47:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2785 [GMT 2:00]
Spuštěný z: c:\documents and settings\John\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\John\Plocha\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre6\lib\deploy\jqs\ff
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\windows\av_ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 15:00 . 2011-07-31 15:00 -------- d--h--w- c:\documents and settings\John\Okolní tiskárny
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\John\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:00 . 2011-07-31 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:00 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 13:59 . 2011-07-31 13:29 -------- d-----w- c:\program files\trend micro
2011-07-26 13:59 . 2011-07-26 13:59 -------- d-----w- C:\rsit
2011-07-25 12:14 . 2011-07-25 12:14 -------- d-----w- c:\program files\Defraggler
2011-07-25 09:17 . 2011-07-25 09:23 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-07-25 08:32 . 2011-07-25 08:32 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\WMTools Downloaded Files
2011-07-25 06:23 . 2011-07-25 06:23 -------- d-----w- C:\Temp
2011-07-25 06:20 . 2011-07-25 06:20 -------- d--h--w- c:\documents and settings\John\Okolní síť
2011-07-25 06:02 . 2011-07-25 06:18 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 05:46 . 2011-07-25 05:46 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-24 16:38 . 2011-07-24 16:38 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\CrashRpt
2011-07-22 17:29 . 2011-07-22 17:29 -------- d-----w- c:\program files\Black_Box
2011-07-22 16:28 . 2011-07-22 16:28 -------- d-----w- c:\documents and settings\John\Data aplikací\AVG10
2011-07-22 16:27 . 2011-07-22 16:27 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-22 16:22 . 2011-07-25 08:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-19 08:37 . 2011-07-19 08:37 -------- d-----w- c:\program files\terraria 1.0.5
2011-07-17 14:28 . 2011-07-17 14:28 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 18:03 . 2011-07-16 18:04 -------- d-----w- c:\program files\Terraria
2011-07-16 17:15 . 2011-07-16 17:15 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 17:24 . 2011-05-26 15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 12:17 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-07 18:25 . 2011-05-07 18:25 2970 ----a-w- C:\STFDCB.tmp
2011-05-04 02:52 . 2010-04-23 12:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-01-16 09:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_15.30.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-31 16:53 . 2011-07-31 16:53 16384 c:\windows\temp\Perflib_Perfdata_760.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-06-30 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\John\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\John\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-30 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Documents and Settings\\John\\Plocha\\ComboFix.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57350:TCP"= 57350:TCP:Pando Media Booster
"57350:UDP"= 57350:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2009 14:24 691696]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp --> c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 20:42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 20:42 8320]
S3 PAC7311;Trust WB-3400T Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14.3.2007 10:57 449024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 09:13]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 09:13]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 93.91.144.25 212.80.67.98
FF - ProfilePath - c:\documents and settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 18:53
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:51,28,1c,de,cb,cd,33,cf,91,11,32,37,bb,6b,9b,0a,b0,f4,b8,59,42,
ab,e2,21,f2,5c,64,33,83,4c,1d,7d,9a,2c,43,4f,44,ff,a0,ab,ff,c1,16,8d,dd,6b,\
"rkeysecu"=hex:8d,da,f7,c0,78,c4,75,d3,d9,12,7a,3d,6f,18,56,20
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 18:55:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 16:55
ComboFix2.txt 2011-07-31 15:32
.
Před spuštěním: Volných bajtů: 217 474 019 328
Po spuštění: Volných bajtů: 217 457 385 472
.
- - End Of File - - 44DA0720645C55BA057C0E7F3B524A66

[Danstahr]

Do předchozího skriptu se mi vloudila chybka, opakujte prosím použití CF s tímto skriptem :

Kód: Vybrat vše

killall::

file::
c:\windows\unrar.exe
C:\STFDCB.tmp
C:\STF118.tmp
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\cache\WindowsErrorHook.exe
c:\windows\system32\omg123.exe

reboot::

[vorejda]

ComboFix 11-07-31.04 - John 31.07.2011 19:03:03.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3326.2808 [GMT 2:00]
Spuštěný z: c:\documents and settings\John\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\John\Plocha\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\cache\WindowsErrorHook.exe"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk"
"C:\STF118.tmp"
"C:\STFDCB.tmp"
"c:\windows\system32\omg123.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\cache\WindowsErrorHook.exe
C:\STF118.tmp
C:\STFDCB.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 15:00 . 2011-07-31 15:00 -------- d--h--w- c:\documents and settings\John\Okolní tiskárny
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\John\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2011-07-31 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-31 14:01 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:00 . 2011-07-31 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 14:00 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 13:59 . 2011-07-31 13:29 -------- d-----w- c:\program files\trend micro
2011-07-26 13:59 . 2011-07-26 13:59 -------- d-----w- C:\rsit
2011-07-25 12:14 . 2011-07-25 12:14 -------- d-----w- c:\program files\Defraggler
2011-07-25 09:17 . 2011-07-25 09:23 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-07-25 08:32 . 2011-07-25 08:32 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\WMTools Downloaded Files
2011-07-25 06:23 . 2011-07-25 06:23 -------- d-----w- C:\Temp
2011-07-25 06:20 . 2011-07-25 06:20 -------- d--h--w- c:\documents and settings\John\Okolní síť
2011-07-25 05:46 . 2011-07-25 05:46 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-24 16:38 . 2011-07-24 16:38 -------- d-----w- c:\documents and settings\John\Local Settings\Data aplikací\CrashRpt
2011-07-22 17:29 . 2011-07-22 17:29 -------- d-----w- c:\program files\Black_Box
2011-07-22 16:28 . 2011-07-22 16:28 -------- d-----w- c:\documents and settings\John\Data aplikací\AVG10
2011-07-22 16:27 . 2011-07-22 16:27 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-22 16:22 . 2011-07-25 08:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-19 08:37 . 2011-07-19 08:37 -------- d-----w- c:\program files\terraria 1.0.5
2011-07-17 14:28 . 2011-07-17 14:28 -------- d-----w- c:\program files\Common Files\Java
2011-07-16 18:03 . 2011-07-16 18:04 -------- d-----w- c:\program files\Terraria
2011-07-16 17:15 . 2011-07-16 17:15 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 17:24 . 2011-05-26 15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 12:17 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-04 02:52 . 2010-04-23 12:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-01-16 09:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_15.30.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-31 17:08 . 2011-07-31 17:08 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-06-30 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\John\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\John\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-30 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Documents and Settings\\John\\Plocha\\ComboFix.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57350:TCP"= 57350:TCP:Pando Media Booster
"57350:UDP"= 57350:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2009 14:24 691696]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp --> c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 20:42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 20:42 8320]
S3 PAC7311;Trust WB-3400T Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14.3.2007 10:57 449024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 93.91.144.25 212.80.67.98
FF - ProfilePath - c:\documents and settings\John\Data aplikací\Mozilla\Firefox\Profiles\0g7dsn5o.default\
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 19:08
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\John\LOCALS~1\Temp\TTAC79.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:51,28,1c,de,cb,cd,33,cf,91,11,32,37,bb,6b,9b,0a,b0,f4,b8,59,42,
ab,e2,21,f2,5c,64,33,83,4c,1d,7d,9a,2c,43,4f,44,ff,a0,ab,ff,c1,16,8d,dd,6b,\
"rkeysecu"=hex:8d,da,f7,c0,78,c4,75,d3,d9,12,7a,3d,6f,18,56,20
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 19:10:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 17:10
ComboFix2.txt 2011-07-31 16:55
ComboFix3.txt 2011-07-31 15:32
.
Před spuštěním: Volných bajtů: 217 464 524 800
Po spuštění: Volných bajtů: 217 447 383 040
.
- - End Of File - - 36073D5B167F3DCC8C046BF8ABD6C3E1

[Danstahr]

To je lepší, omlouvám se.

Stáhněte a uložte na plochu http://jpshortstuff.247fixes.com/SystemLook.exe nebo http://images.malwareremoval.com/jpshor ... emLook.exe

• Dvojklikem na ikonu program spusťte.
• Do bílého okénka zkopírujte text z následujícího bílého pole.

Kód: Vybrat vše

:filefind
*omg123*

• Klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.
• Log se také bude nacházet na ploše v souboru SystemLook.txt