trojani

[Toschiba]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Nod32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nod32\nod32krn.exe
C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Tobiba\Data aplikací\U3\0000161A5272998C\LaunchPad.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Tobiba\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Tobiba\LOCALS~1\Temp\ScanningProcess.exe
D:\INSTALL\NA TROJANY\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {bbf8d5e5-8d4d-2d59-7a34-e9fc2509a6d0} - {0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb} - (no file)
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\yaywtsp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B1DC11F-1E2F-4689-8D8E-46E8C4ED9CB7} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\Software\..\Telephony: DomainName = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywtsp - C:\WINDOWS\SYSTEM32\yaywtsp.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6521 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Toschiba]

no tak to jelo..jelo...jelo...psalo,ze pripravuje Log...upozornovalo, ze nemam spoustet zadne programy, nez dojede, ale proste to ani vic nez po hodine nevymyslelo nic jineho, tak jsem to vypnul...

[fredik]

Zkus se podívat jestli nemáš na disku uložený log z ComboFixu, najdeš ho v tomto souboru: C:\ComboFix.txt. Pokud by tam byl a nebyl prázdný tak sem vlož jeho obsah.

Stáhni si Deckard's System Scanner (DSS) a ulož si ho na plochu
- ukonči všechna aktivní okna a spusť ho
- potvrď licenční podmínky a postupuj podle pokynů
- začne prohlídka systému
- po ukončení kontroly program vytvoří dva logy a zobrazí je: main.txt a extra.txt, tak sem vlož obsah souboru/logu main.txt
- jinak jsou logy uloženy v adresáři: c:\Deckard\System Scanner\

[Toschiba]

ok zkusim..dik

[Toschiba]

omboFix 07-11-19.3 - Tobiba 2007-11-22 13:17:39.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.398 [GMT 1:00]
Running from: C:\Documents and Settings\Tobiba\Plocha\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\winsys.exe

[Toschiba]

co je to za knihovnu to SSTTU.DLL????

[fredik]

Ten log z Combofix moc neřekne.

Udělej ten log z Deckard's System Scanner (DSS) a dej ho sem.

Ta knihovna patři k nákaze kterou tam máš.

[Toschiba]

Je to sakra dlouhe...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03, on 2007-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nod32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Tobiba\Plocha\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\INSTALL\NATROJ~1\Tobiba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {bbf8d5e5-8d4d-2d59-7a34-e9fc2509a6d0} - {0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb} - (no file)
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\yaywtsp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\Software\..\Telephony: DomainName = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywtsp - C:\WINDOWS\SYSTEM32\yaywtsp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 5972 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP (Universal) V2\FauxS-XP (Universal) V2 - 67.ico
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP (Universal) V2\FauxS-XP (Universal) V2 - 68.ico
.ini - INIFile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP (Universal) V2\FauxS-XP (Universal) V2 - 64.ico
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP (Universal) V2\FauxS-XP (Universal) V2 - 60.ico


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 ETDrv - c:\windows\system32\drivers\etdrv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
R3 VGAUTI - c:\windows\system32\drivers\vgauti.sys

S3 catchme - c:\docume~1\tobiba\locals~1\temp\catchme.sys (file missing)
S3 GMSIPCI - j:\install\gmsipci.sys (file missing)
S3 NTACCESS - j:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - j:\ntglm7x.sys (file missing)
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Toshiba Bluetooth
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer:
Name: Toshiba Bluetooth
PNP Device ID: BLUETOOTH\0004&0007\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-16 17:18:22 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-22 00:00:00 0 d-------- C:\Program Files\Lavasoft
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\zts2.exe
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\systems.txt
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\rundll16.exe
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\rundl132.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\logo1_.exe
2007-11-21 22:20:46 0 d-------- C:\Program Files\CCleaner
2007-11-21 18:32:36 0 d-------- C:\Program Files\Spyware Doctor
2007-11-19 16:53:20 0 d-------- C:\Program Files\Labtec
2007-11-15 16:51:23 0 d-------- C:\Program Files\CzDC-0699[B1]
2007-11-14 19:34:43 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-11-14 19:27:37 0 d-------- C:\Program Files\AutoCAD 2007
2007-11-14 19:22:55 0 d-------- C:\Program Files\Autodesk
2007-11-13 19:05:47 0 d-------- C:\WINDOWS\system32\fibagbia
2007-11-13 19:05:42 0 d-------- C:\Program Files\Cartyerp
2007-11-13 15:27:49 35840 --a------ C:\WINDOWS\system32\yaywtsp.dll
2007-11-03 12:12:46 97792 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2007-11-03 12:12:46 104960 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2007-11-03 12:12:46 0 d-------- C:\Program Files\Logitech
2007-11-03 12:12:46 0 d-------- C:\Program Files\Common Files\Logitech
2007-10-25 11:02:43 0 d-------- C:\Program Files\Common Files\FINE Shared
2007-10-25 10:56:28 264704 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2007-10-25 10:56:28 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2007-10-25 10:56:28 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-10-25 10:56:28 453632 --a------ C:\WINDOWS\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
2007-10-25 10:52:07 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2007-10-22 21:02:12 0 d-------- C:\Program Files\Common Files\Skype


-- Find3M Report ---------------------------------------------------------------

2007-11-22 19:03:19 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\U3
2007-11-22 13:14:49 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\OpenOffice.org2
2007-11-21 23:59:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 18:34:29 402000 --a------ C:\WINDOWS\system32\perfh005.dat
2007-11-21 18:34:29 74606 --a------ C:\WINDOWS\system32\perfc005.dat
2007-11-21 18:32:36 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\PC Tools
2007-11-21 17:11:13 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-11-21 17:02:03 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\foobar2000
2007-11-19 11:33:18 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\Skype
2007-11-14 23:55:07 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\Autodesk
2007-11-14 19:41:35 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-14 17:33:09 0 d-------- C:\Program Files\totalcmd
2007-11-14 12:35:42 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\WinRAR
2007-11-13 18:43:31 0 d-------- C:\Program Files\HP
2007-11-13 18:37:33 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\HP
2007-11-08 09:51:36 316 --a------ C:\drmHeader.bin
2007-11-08 01:29:37 0 d-------- C:\Program Files\Plaxis72
2007-11-03 12:12:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-03 12:12:46 0 d-------- C:\Program Files\Common Files
2007-10-24 20:37:05 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Operační systém Microsoft® Windows®>
2007-10-24 14:11:57 0 d-------- C:\Program Files\PowerConverter
2007-10-23 07:33:32 0 d-------- C:\Program Files\Java
2007-10-22 21:02:15 0 d-------- C:\Program Files\Skype
2007-10-21 23:56:30 0 d-------- C:\Program Files\QIP
2007-10-15 22:27:14 0 d-------- C:\Program Files\Mv2Player
2007-10-08 20:47:42 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\TuneUp Software
2007-10-03 00:18:32 0 d-------- C:\Program Files\Partion magic
2007-10-02 21:22:12 0 d-------- C:\Program Files\MSI
2007-09-26 12:07:18 0 d-------- C:\Program Files\Google
2007-09-24 04:52:52 0 d-------- C:\Program Files\DivX
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 19:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}]
2007-11-13 15:27 35840 --a------ C:\WINDOWS\system32\yaywtsp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D_V_T"="C:\\dvt.exe" [2006-09-02 12:53]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 13:12 C:\WINDOWS\soundman.exe]
"CHotkey"="mHotkey.exe" [2002-07-05 15:37 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Nod32\nod32kui.exe" [2007-04-24 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"NVCLOCK"="nvclock.dll" [2003-04-14 02:59 C:\WINDOWS\system32\nvclock.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"LWBKEYBOARD"="C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe" [2005-01-28 11:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\Tobiba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LaunchU3.exe.lnk - C:\Documents and Settings\Tobiba\Data aplikacˇ\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-25 00:58:54]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E794189-7575-4306-8F49-CCDD291A59CD}"= C:\WINDOWS\system32\yaywtsp.dll [2007-11-13 15:27 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywtsp]
yaywtsp.dll 2007-11-13 15:27 35840 C:\WINDOWS\system32\yaywtsp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^3D!Turbo Experience.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\3D!Turbo Experience.lnk
backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tobiba^Nabídka Start^Programy^Po spuštění^CZDC++ pro KN HuB.lnk]
path=C:\Documents and Settings\Tobiba\Nabídka Start\Programy\Po spuštění\CZDC++ pro KN HuB.lnk
backup=C:\WINDOWS\pss\CZDC++ pro KN HuB.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tobiba^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Tobiba\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2c25278e]
rundll32.exe "C:\WINDOWS\system32\gdogvkyv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpqtqlwl]
regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\cpqtqlwl.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rmzclgta]
regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\rmzclgta.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xixirkls]
rundll32.exe "C:\Program Files\sdozwdoz\yzspqpqz.dll",Init

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d6d203-757c-11dc-9213-000d6111df14}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2007-11-22 19:04:26 ------------

[fredik]

1)
Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\WINDOWS\system32\yaywtsp.dll

Folders to delete:
C:\Recycled
D:\Recycled

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywtsp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {1E794189-7575-4306-8F49-CCDD291A59CD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | D_V_T

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

2)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2c25278e]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpqtqlwl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rmzclgta]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xixirkls]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d6d203-757c-11dc-9213-000d6111df14}]

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

3)
Restartuj PC a po najetí zpět do Win. spusť znovu DSS a dej sem nový log.

V následujícím příspěvku sem vlož tyto logy:
- log z Avengeru
- nový log z DSS

[Toschiba]

log z dss:
Deckard's System Scanner v20071014.68
Run by Tobiba on 2007-11-24 01:04:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Tobiba.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:05, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Nod32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Nod32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Tobiba\Plocha\dss.exe
D:\INSTALL\NATROJ~1\Tobiba.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {bbf8d5e5-8d4d-2d59-7a34-e9fc2509a6d0} - {0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb} - (no file)
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - C:\WINDOWS\system32\yaywtsp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\Software\..\Telephony: DomainName = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Toscibuv_pc_v_kuchyni
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yaywtsp - C:\WINDOWS\SYSTEM32\yaywtsp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 5888 bytes

-- Files created between 2007-10-24 and 2007-11-24 -----------------------------

2007-11-22 00:00:00 0 d-------- C:\Program Files\Lavasoft
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\zts2.exe
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\systems.txt
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\rundll16.exe
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\rundl132.dll
2007-11-21 22:31:28 0 d-a------ C:\WINDOWS\logo1_.exe
2007-11-21 22:20:46 0 d-------- C:\Program Files\CCleaner
2007-11-21 18:32:36 0 d-------- C:\Program Files\Spyware Doctor
2007-11-19 16:53:20 0 d-------- C:\Program Files\Labtec
2007-11-15 16:51:23 0 d-------- C:\Program Files\CzDC-0699[B1]
2007-11-14 19:34:43 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-11-14 19:27:37 0 d-------- C:\Program Files\AutoCAD 2007
2007-11-14 19:22:55 0 d-------- C:\Program Files\Autodesk
2007-11-13 19:05:47 0 d-------- C:\WINDOWS\system32\fibagbia
2007-11-13 19:05:42 0 d-------- C:\Program Files\Cartyerp
2007-11-13 15:27:49 35840 --a------ C:\WINDOWS\system32\yaywtsp.dll
2007-11-03 12:12:46 97792 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2007-11-03 12:12:46 104960 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2007-11-03 12:12:46 0 d-------- C:\Program Files\Logitech
2007-11-03 12:12:46 0 d-------- C:\Program Files\Common Files\Logitech
2007-10-25 11:02:43 0 d-------- C:\Program Files\Common Files\FINE Shared
2007-10-25 10:56:28 264704 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2007-10-25 10:56:28 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2007-10-25 10:56:28 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-10-25 10:56:28 453632 --a------ C:\WINDOWS\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
2007-10-25 10:52:07 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>


-- Find3M Report ---------------------------------------------------------------

2007-11-23 21:58:22 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\U3
2007-11-22 13:14:49 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\OpenOffice.org2
2007-11-21 23:59:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 18:34:29 402000 --a------ C:\WINDOWS\system32\perfh005.dat
2007-11-21 18:34:29 74606 --a------ C:\WINDOWS\system32\perfc005.dat
2007-11-21 18:32:36 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\PC Tools
2007-11-21 17:11:13 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-11-21 17:02:03 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\foobar2000
2007-11-19 11:33:18 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\Skype
2007-11-14 23:55:07 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\Autodesk
2007-11-14 19:41:35 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-14 17:33:09 0 d-------- C:\Program Files\totalcmd
2007-11-14 12:35:42 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\WinRAR
2007-11-13 18:43:31 0 d-------- C:\Program Files\HP
2007-11-13 18:37:33 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\HP
2007-11-08 09:51:36 316 --a------ C:\drmHeader.bin
2007-11-08 01:29:37 0 d-------- C:\Program Files\Plaxis72
2007-11-03 12:12:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-03 12:12:46 0 d-------- C:\Program Files\Common Files
2007-10-24 20:37:05 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Operační systém Microsoft® Windows®>
2007-10-24 14:11:57 0 d-------- C:\Program Files\PowerConverter
2007-10-23 07:33:32 0 d-------- C:\Program Files\Java
2007-10-22 21:02:15 0 d-------- C:\Program Files\Skype
2007-10-22 21:02:13 0 d-------- C:\Program Files\Common Files\Skype
2007-10-21 23:56:30 0 d-------- C:\Program Files\QIP
2007-10-15 22:27:14 0 d-------- C:\Program Files\Mv2Player
2007-10-08 20:47:42 0 d-------- C:\Documents and Settings\Tobiba\Data aplikací\TuneUp Software
2007-10-03 00:18:32 0 d-------- C:\Program Files\Partion magic
2007-10-02 21:22:12 0 d-------- C:\Program Files\MSI
2007-09-26 12:07:18 0 d-------- C:\Program Files\Google
2007-09-24 04:52:52 0 d-------- C:\Program Files\DivX
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 19:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d6a9052-cf9e-43a7-95d2-d4d85e5d8fbb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}]
2007-11-13 15:27 35840 --a------ C:\WINDOWS\system32\yaywtsp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D_V_T"="C:\\dvt.exe" [2006-09-02 12:53]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 13:12 C:\WINDOWS\soundman.exe]
"CHotkey"="mHotkey.exe" [2002-07-05 15:37 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Nod32\nod32kui.exe" [2007-04-24 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"NVCLOCK"="nvclock.dll" [2003-04-14 02:59 C:\WINDOWS\system32\nvclock.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"LWBKEYBOARD"="C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe" [2005-01-28 11:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\Tobiba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LaunchU3.exe.lnk - C:\Documents and Settings\Tobiba\Data aplikacˇ\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-25 00:58:54]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1E794189-7575-4306-8F49-CCDD291A59CD}"= C:\WINDOWS\system32\yaywtsp.dll [2007-11-13 15:27 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywtsp]
yaywtsp.dll 2007-11-13 15:27 35840 C:\WINDOWS\system32\yaywtsp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^3D!Turbo Experience.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\3D!Turbo Experience.lnk
backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tobiba^Nabídka Start^Programy^Po spuštění^CZDC++ pro KN HuB.lnk]
path=C:\Documents and Settings\Tobiba\Nabídka Start\Programy\Po spuštění\CZDC++ pro KN HuB.lnk
backup=C:\WINDOWS\pss\CZDC++ pro KN HuB.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tobiba^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Tobiba\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp




-- End of Deckard's System Scanner: finished at 2007-11-24 01:05:47 ------------

[Toschiba]

ale bohuzel jsem lama a nemuzu ten log z avengru nikde najit :(