log z HiJackThis a MWAV Vyřešeno

[bereline]

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:02, on 28.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Users\RedFish\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\RedFish\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6285 bytes


MWAV

Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting Registry Key igfxcui.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.NetScreenWatch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.ExpressKeylog Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Users\RedFish\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\Plugins\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\Language\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".2003". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".21_YAG". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".3_Live_152". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".des". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".int". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".key". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mkv". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".NET". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".smplayer". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tsk". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".u". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\ESET\infected\2LHCXPCA.NQF je infikovaný virem Trojan.Agent.AJYB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\ESET\infected\ASNFMIAA.NQF je infikovaný virem Packer.Malware.Crypter.C (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Program Files\ESET\infected\FLNOI5DA.NQF je infikovaný virem Trojan.PWS.LdPinch.TSC (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\TeamViewer\TeamViewer_Setup.exe je infikovaný virem Trojan.Generic.1338349 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\TeamViewer\TeamViewer_Setup.exe je infikovaný virem Trojan.Generic.1338349 (DB) !! Provedené akce: Ponecháno, neodstraněno!.


Vše se vztahuje k tomuto tématu: viewtopic.php?f=45&t=41973

[Reklama]

[jaro3]

Najdi a smaž:
Soubor C:\Program Files\ESET\infected\2LHCXPCA.NQF
Soubor C:\Program Files\ESET\infected\ASNFMIAA.NQF
Soubor C:\Program Files\ESET\infected\FLNOI5DA.NQF

Toto otestuj na Virustotal
C:\TeamViewer\TeamViewer_Setup.exe
Vlož sem pak odkaz výsledku.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[bereline]

VIRUSTOTAL

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.29 -
AhnLab-V3 5.0.0.2 2009.06.29 -
AntiVir 7.9.0.199 2009.06.28 -
Antiy-AVL 2.0.3.1 2009.06.29 -
Authentium 5.1.2.4 2009.06.28 -
Avast 4.8.1335.0 2009.06.28 -
AVG 8.5.0.339 2009.06.28 -
BitDefender 7.2 2009.06.29 Trojan.Generic.1338349
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.29 -
Comodo 1481 2009.06.29 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.29 -
eSafe 7.0.17.0 2009.06.28 Suspicious File
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.28 -
F-Secure 8.0.14470.0 2009.06.29 -
Fortinet 3.117.0.0 2009.06.29 -
GData 19 2009.06.29 Trojan.Generic.1338349
Ikarus T3.1.1.64.0 2009.06.29 -
Jiangmin 11.0.706 2009.06.29 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.29 -
McAfee 5660 2009.06.28 -
McAfee+Artemis 5660 2009.06.28 -
McAfee-GW-Edition 6.7.6 2009.06.28 -
Microsoft 1.4803 2009.06.29 -
NOD32 4194 2009.06.28 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.29 -
Panda 10.0.0.16 2009.06.28 -
PCTools 4.4.2.0 2009.06.28 -
Prevx 3.0 2009.06.29 Medium Risk Malware
Rising 21.36.00.00 2009.06.29 -
Sophos 4.43.0 2009.06.29 -
Sunbelt 3.2.1858.2 2009.06.28 Trojan.1
Symantec 1.4.4.12 2009.06.29 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.29 -
VBA32 3.12.10.7 2009.06.29 -
ViRobot 2009.6.29.1809 2009.06.29 -
VirusBuster 4.6.5.0 2009.06.28 Trojan.Agent.JAQH
Rozšiřující informace
File size: 1477392 bytes
MD5...: d4703774d0c287ebc7a4d1a6d551d7f4
SHA1..: 216216930b3577411166f9495c899ebff82a8371
SHA256: 75b855af2b42f4617272dca26a62716335c96b51594dbbacd7bd77aceebd8ed6
ssdeep: 24576:aUG+Xw9lKNOQkeVYuL60ExIHRx9MG7jOnSDoeMmJBObxcQmT8q8Te8W2i4
4L9:S+Xw7KNJVYueP0nOleMmdQmT8ReYi4a
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x331b0
timedatestamp.....: 0x46325623 (Fri Apr 27 19:59:31 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x2e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x2f000 0x5000 0x4400 7.86 be19a116282edb83d6c93fc6ef380184
.rsrc 0x34000 0x6000 0x6000 5.13 5910440004ea5b9528370c8c8443e6ea

( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> ADVAPI32.dll: RegEnumKeyA
> COMCTL32.dll: -
> GDI32.dll: SetBkMode
> ole32.dll: CoTaskMemFree
> SHELL32.dll: ShellExecuteA
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueA

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=d4703774d0c287ebc7a4d1a6d551d7f4' target='_blank'>http://www.threatexpert.com/report.aspx?md5=d4703774d0c287ebc7a4d1a6d551d7f4</a>
packers (Kaspersky): UPX, UPX
packers (F-Prot): UPX
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4758777910DB8D008B2716D2A036C2005608A077' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4758777910DB8D008B2716D2A036C2005608A077</a>

MALWARE

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2348
Windows 6.0.6001 Service Pack 1

29.6.2009 8:43:51
mbam-log-2009-06-29 (08-43-51).txt

Typ skenu: Rychlý sken
Objektu skenováno: 75831
Uplynulý cas: 2 minute(s), 59 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Najdi a smaž:
C:\TeamViewer\TeamViewer_Setup.exe

Stáhni si DDS :
http://download.bleepingcomputer.com/sUBs/dds.scr
a ulož ho na plochu.Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.Až skončí, tak by měl vytvořit 2 logy proto se Ti 2krát otevře notepad. Jeden log bude mít název DDS.txt a druhý attach.txt. Tak sem zkopíruj oba.

Vlož sem ještě také log z LopFind
Stáhni, vybal a spusť LopFind - Po jeho spuštění se během chvíle zobrazí textový dokument, jinak také uložený na disku pod umístěním C:\lop.txt, zkopíruj celý jeho obsah sem.

[bereline]

DDS

DDS (Ver_09-06-26.01) - NTFSx86
Run by RedFish at 9:09:02,79 on po 29.06.2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.2020 [GMT 2:00]

AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Users\RedFish\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Users\RedFish\Desktop\dds.scr
C:\Users\RedFish\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\redfish\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [SMail] "c:\program files\seznam\postak\Postak.exe"
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\redfish\appdata\roaming\mozilla\firefox\profiles\n69m2b2d.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2009-6-10 2911848]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-6-19 15424]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-16 7168]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-7-16 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]

=============== Created Last 30 ================

2009-06-29 08:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 08:40 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 08:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 22:20 <DIR> a-d----- c:\windows\system32\runouce.exe
2009-06-28 22:14 54 a------- c:\windows\Lic.xxx
2009-06-28 22:14 626,688 a------- c:\windows\system32\msvcr80.dll
2009-06-28 22:14 548,864 a------- c:\windows\system32\msvcp80.dll
2009-06-28 22:14 28,672 a------- c:\windows\system32\eEmpty.exe
2009-06-28 22:14 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-06-28 22:14 <DIR> --d----- c:\program files\common files\MicroWorld
2009-06-28 22:14 <DIR> --d----- c:\programdata\MicroWorld
2009-06-28 22:14 <DIR> --d----- c:\progra~2\MicroWorld
2009-06-28 22:09 <DIR> --d----- c:\users\redfish\DoctorWeb
2009-06-28 22:06 <DIR> --d----- c:\users\redfish\appdata\roaming\PeerNetworking
2009-06-26 10:03 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-06-25 22:14 50,688 a------- C:\ATF-Cleaner.exe
2009-06-25 20:17 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-25 10:23 <DIR> --d----- c:\users\redfish\appdata\roaming\Malwarebytes
2009-06-25 10:23 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-25 10:23 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-25 10:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-24 22:07 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-24 22:07 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-24 22:07 <DIR> --d----- c:\users\redfish\appdata\roaming\SUPERAntiSpyware.com
2009-06-24 21:05 <DIR> --d----- c:\program files\Trend Micro
2009-06-24 20:51 <DIR> --d----- c:\programdata\ConeXware
2009-06-24 20:51 <DIR> --d----- c:\progra~2\ConeXware
2009-06-24 20:51 <DIR> --d----- c:\program files\PowerArchiver
2009-06-20 22:01 <DIR> --d----- c:\program files\Miranda IM
2009-06-19 16:06 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-06-19 16:06 4,682 a------- c:\windows\system32\npptNT2.sys
2009-06-19 15:38 <DIR> --d----- c:\program files\Lineage
2009-06-19 15:31 512,096 a------- c:\windows\system32\drivers\amon.sys
2009-06-19 15:31 298,104 a------- c:\windows\system32\imon.dll
2009-06-19 15:31 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2009-06-19 15:30 <DIR> --d----- c:\program files\ESET
2009-06-18 16:16 <DIR> --d----- c:\users\redfish\appdata\roaming\Canneverbe_Limited
2009-06-16 22:11 <DIR> --d----- c:\users\redfish\appdata\roaming\PeaZip
2009-06-14 11:01 468,992 a------- c:\windows\system32\newdev.dll
2009-06-14 11:01 74,752 a------- c:\windows\system32\newdev.exe
2009-06-12 12:29 34,064 a------- c:\windows\system32\lhacm.acm
2009-06-12 12:29 <DIR> --d----- c:\program files\Teamspeak2_RC2
2009-06-11 16:41 <DIR> --d----- c:\users\redfish\fontconfig
2009-06-11 16:40 <DIR> --d----- c:\users\redfish\.smplayer
2009-06-10 21:40 <DIR> --d----- c:\program files\common files\INCA Shared
2009-06-10 13:16 2,911,848 a------- c:\windows\system32\drivers\appdrv01.sys
2009-06-10 13:05 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-06-10 11:40 <DIR> --d----- c:\program files\GameSpy Arcade
2009-06-10 11:31 <DIR> --d----- c:\program files\EA GAMES
2009-06-10 11:01 <DIR> --d----- c:\program files\Empire Interactive
2009-06-10 10:54 737,280 a------- c:\windows\iun6002.exe
2009-06-10 10:54 <DIR> --d----- c:\program files\Codec Pack - All In 1
2009-06-10 10:53 <DIR> --d----- c:\program files\Webteh
2009-06-10 10:46 <DIR> --d----- c:\program files\CCleaner
2009-06-10 10:44 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-06-10 10:44 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-06-10 10:44 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-06-10 10:44 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-10 10:39 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-10 10:39 <DIR> --d----- c:\users\redfish\appdata\roaming\DAEMON Tools Lite
2009-06-10 10:38 <DIR> --d----- c:\program files\IObit
2009-06-10 10:33 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-06-10 10:33 <DIR> --d----- c:\program files\Hamachi
2009-06-10 10:32 <DIR> --d----- c:\program files\SMPlayer
2009-06-10 10:30 <DIR> --d----- c:\program files\uTorrent
2009-06-10 10:29 <DIR> --d----- c:\users\redfish\appdata\roaming\uTorrent
2009-06-10 10:28 <DIR> --d----- c:\users\redfish\appdata\roaming\XnView
2009-06-10 10:27 <DIR> --d----- c:\program files\XnView
2009-06-10 10:24 545 a------- c:\windows\UC.PIF
2009-06-10 10:24 545 a------- c:\windows\RAR.PIF
2009-06-10 10:24 545 a------- c:\windows\PKZIP.PIF
2009-06-10 10:24 545 a------- c:\windows\PKUNZIP.PIF
2009-06-10 10:24 545 a------- c:\windows\NOCLOSE.PIF
2009-06-10 10:24 545 a------- c:\windows\LHA.PIF
2009-06-10 10:24 545 a------- c:\windows\ARJ.PIF
2009-06-10 10:24 <DIR> --d----- c:\users\redfish\appdata\roaming\GHISLER
2009-06-10 10:24 <DIR> --d----- C:\totalcmd
2009-06-10 00:09 <DIR> --d--r-- c:\program files\Skype
2009-06-10 00:09 <DIR> --d----- c:\programdata\Skype
2009-06-10 00:06 <DIR> --d----- c:\program files\Sun
2009-06-10 00:02 <DIR> --d----- c:\program files\Seznam
2009-06-09 22:04 2,048 a------- c:\windows\system32\tzres.dll
2009-06-09 21:44 97,800 a------- c:\windows\system32\infocardapi.dll
2009-06-09 21:44 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-09 21:44 622,080 a------- c:\windows\system32\icardagt.exe
2009-06-09 21:44 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-06-09 21:44 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-06-09 21:44 11,264 a------- c:\windows\system32\icardres.dll
2009-06-09 21:44 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-06-09 21:44 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-06-09 21:35 96,760 a------- c:\windows\system32\dfshim.dll
2009-06-09 21:35 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-09 21:35 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-09 21:34 158,720 a------- c:\windows\system32\mscorier.dll
2009-06-09 21:33 83,968 a------- c:\windows\system32\mscories.dll
2009-06-09 21:30 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-09 21:30 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-09 21:30 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-09 21:30 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-09 21:30 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-09 21:30 827,904 a------- c:\windows\system32\wininet.dll
2009-06-09 21:29 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-09 21:29 389,632 a------- c:\windows\system32\html.iec
2009-06-09 21:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-09 21:29 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-06-09 21:26 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-06-09 21:26 38,912 a------- c:\windows\system32\xolehlp.dll
2009-06-09 21:25 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-06-09 21:25 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-06-09 21:25 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-06-09 21:24 296,960 a------- c:\windows\system32\gdi32.dll
2009-06-09 21:24 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-06-09 21:24 72,704 a------- c:\windows\system32\secur32.dll
2009-06-09 21:24 24,064 a------- c:\windows\system32\amxread.dll
2009-06-09 21:24 13,824 a------- c:\windows\system32\apilogen.dll
2009-06-09 21:22 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-06-09 21:15 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-09 21:15 <DIR> --d----- c:\users\redfish\temp
2009-06-09 21:06 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-09 21:06 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-06-09 21:06 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-09 21:06 45,056 a------- c:\windows\system32\dataclen.dll
2009-06-09 21:06 36,864 a------- c:\windows\system32\cdd.dll
2009-06-09 21:06 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-06-09 21:06 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-09 21:05 268,288 a------- c:\windows\system32\schannel.dll
2009-06-09 21:03 <DIR> --d----- c:\program files\RocketDock
2009-06-09 20:54 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-09 20:47 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-09 20:46 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-09 20:46 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-09 20:46 31,232 a------- c:\windows\system32\wuapp.exe
2009-06-09 20:44 <DIR> --d----- c:\programdata\IsolatedStorage
2009-06-09 20:44 <DIR> --d----- c:\progra~2\IsolatedStorage
2009-06-09 19:42 <DIR> --d----- c:\programdata\ATI
2009-06-09 19:40 128,113 a------- c:\windows\system32\csellang.ini
2009-06-09 19:40 77,824 a------- c:\windows\system32\tosmreg.exe
2009-06-09 19:40 10,129 a------- c:\windows\system32\tosmreg.ini
2009-06-09 19:40 7,671 a------- c:\windows\system32\cseltbl.ini
2009-06-09 19:40 491,520 a------- c:\windows\system32\cselect.exe
2009-06-09 19:40 45,056 a------- c:\windows\system32\csellang.dll
2009-06-09 19:40 <DIR> --d----- c:\program files\ltmoh
2009-06-09 19:40 <DIR> --d----- c:\windows\Options
2009-06-09 19:39 279,376 a------- c:\windows\system32\drivers\tos_sps32.sys
2009-06-09 19:39 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-09 19:36 <DIR> --d----- c:\programdata\ToshibaEurope
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Soubory cookie
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Okolní tiskárny
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Okolní síť
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Šablony
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Nabídka Start
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Dokumenty
2009-06-09 19:35 <DIR> --dsh--- c:\users\redfish\Data aplikací
2009-06-09 19:35 <DIR> --d----- c:\users\RedFish
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Plocha
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Oblíbené položky
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Šablony
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Nabídka Start
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Dokumenty
2009-06-09 19:32 <DIR> --dsh--- c:\programdata\Data aplikací
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Plocha
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Oblíbené položky
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Šablony
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Nabídka Start
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Dokumenty
2009-06-09 19:32 <DIR> --dsh--- c:\progra~2\Data aplikací
2009-06-09 18:29 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_Satellite A300_08786-CZ_PSAGCE-0CQ00.MRK
2009-06-09 18:26 <DIR> --d----- c:\program files\common files\Toshiba Shared
2009-06-09 18:25 17,960 a------- c:\windows\system32\drivers\UVCFTR_S.SYS
2009-06-09 18:25 <DIR> --d----- c:\program files\Camera Assistant Software for Toshiba
2009-06-09 18:25 118,784 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-06-09 18:24 <DIR> --d----- c:\program files\ATI Technologies
2009-06-09 18:24 0 a------- c:\windows\ativpsrm.bin
2009-06-09 18:23 <DIR> --d----- c:\program files\ATI
2009-06-09 18:23 <DIR> --d----- c:\windows\system32\CSY
2009-06-09 18:23 1,034,776 a------- c:\windows\system32\imsmudlg.exe
2009-06-09 18:23 312,344 a------- c:\windows\system32\drivers\iaStor.sys

==================== Find3M ====================

2009-06-25 19:54 598,832 a------- c:\windows\system32\perfh005.dat
2009-06-25 19:54 114,992 a------- c:\windows\system32\perfc005.dat
2009-06-09 19:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-09 19:41 51,200 a------- c:\windows\inf\infpub.dat
2009-06-09 19:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-23 14:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 14:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-21 13:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-07-16 18:29 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:45 286,912 a------- c:\windows\inf\perflib\0405\perfi.dat
2008-01-21 08:45 286,912 a------- c:\windows\inf\perflib\0405\perfh.dat
2008-01-21 08:45 34,724 a------- c:\windows\inf\perflib\0405\perfd.dat
2008-01-21 08:45 34,724 a------- c:\windows\inf\perflib\0405\perfc.dat
2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:09:21,56 ===============

ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9.6.2009 18:28:02
System Uptime: 29.6.2009 8:24:50 (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 98,347 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 148 GiB total, 119,572 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP132: 24.6.2009 19:52:14 - Naplánovaný kontrolní bod
RP133: 24.6.2009 20:51:19 - Nainstalováno: PowerArchiver 2007 Czech
RP134: 24.6.2009 22:07:13 - Installed SUPERAntiSpyware Free Edition
RP135: 25.6.2009 10:01:08 - Windows Update
RP136: 25.6.2009 10:17:25 - Removed Java(TM) 6 Update 6
RP137: 25.6.2009 10:18:40 - Removed Java(TM) 6 Update 7
RP138: 25.6.2009 10:20:42 - Installed Java(TM) 6 Update 14
RP139: 26.6.2009 9:39:26 - Windows Update
RP140: 27.6.2009 17:14:20 - Naplánovaný kontrolní bod
RP141: 28.6.2009 17:26:05 - Removed Google Earth.
RP142: 28.6.2009 21:36:50 - Removed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Antivirový systém NOD32
ATI Catalyst Install Manager
µTorrent
Battlefield 2: Deluxe Edition
Bluetooth Stack for Windows by Toshiba
BSPlayer
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner (remove only)
CDBurnerXP
Codec Pack - All In 1 6.0.3.0
DAEMON Tools Toolbar
DVD MovieFactory for TOSHIBA
FlatOut Ultimate Carnage
Game Booster
GameSpy Arcade
Google Talk (remove only)
Hamachi 1.0.3.0
HDMI Control Manager
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Java(TM) 6 Update 14
Lineage II
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Microsoft XML Parser
Miranda IM 0.8.0
Mozilla Firefox (3.0.11)
NOD32 FiX
OpenOffice.org Installer 1.0
PowerArchiver 2007 Czech
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Registry Mechanic 6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RocketDock 1.3.5
Security Update for Windows Media Encoder (KB954156)
Seznam Pošťák
Skins
Skype™ 4.0
SMPlayer 0.6.7
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
Total Commander (Remove or Repair)
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
XnView 1.96.1
Ztlumení jednotky CD/DVD

==== End Of File ===========================

LOGFIND

LopFind v4 © Čas: 9:27:26,31 Datum: po 29.06.2009

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\RedFish\DATAAP~1

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\All Users\DATAAP~1

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\Default\DATAAP~1

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\Default User\DATAAP~1

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\All Users\Application Data

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\Default\Application Data

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Users\Default User\Application Data


******************************************

2) Zjišťování přítomnosti ve složce Program Files:

a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Program Files

29.06.2009 08:40 <DIR> .
29.06.2009 08:40 <DIR> ..
16.07.2008 19:26 <DIR> Activation Assistant for the 2007 Microsoft Office suites
16.07.2008 19:18 <DIR> Adobe
09.06.2009 18:23 <DIR> ATI
09.06.2009 18:24 <DIR> ATI Technologies
09.06.2009 18:25 <DIR> Camera Assistant Software for Toshiba
10.06.2009 10:46 <DIR> CCleaner
18.06.2009 16:15 <DIR> CDBurnerXP
10.06.2009 10:54 <DIR> Codec Pack - All In 1
28.06.2009 22:14 <DIR> Common Files
10.06.2009 10:44 <DIR> DAEMON Tools Lite
10.06.2009 10:44 <DIR> DAEMON Tools Toolbar
10.06.2009 11:31 <DIR> EA GAMES
10.06.2009 11:01 <DIR> Empire Interactive
24.06.2009 20:54 <DIR> ESET
10.06.2009 19:52 <DIR> GameSpy Arcade
28.06.2009 21:55 <DIR> Google
10.06.2009 10:34 <DIR> Hamachi
19.06.2009 15:42 <DIR> InstallShield Installation Information
09.06.2009 18:23 <DIR> Intel
09.06.2009 22:19 <DIR> Internet Explorer
16.07.2008 19:11 <DIR> InterVideo
10.06.2009 10:38 <DIR> IObit
25.06.2009 10:20 <DIR> Java
28.06.2009 20:26 <DIR> Lineage
09.06.2009 19:40 <DIR> ltmoh
29.06.2009 08:40 <DIR> Malwarebytes' Anti-Malware
02.11.2006 14:37 <DIR> Microsoft Games
10.06.2009 13:05 <DIR> Microsoft Games for Windows - LIVE
16.07.2008 19:27 <DIR> Microsoft Office
17.06.2009 10:43 <DIR> Microsoft Works
16.07.2008 19:24 <DIR> Microsoft.NET
20.06.2009 22:01 <DIR> Miranda IM
21.01.2008 04:35 <DIR> Movie Maker
29.06.2009 09:24 <DIR> Mozilla Firefox
02.11.2006 14:37 <DIR> MSBuild
29.06.2009 09:26 <DIR> PowerArchiver
09.06.2009 18:24 <DIR> Realtek
02.11.2006 14:37 <DIR> Reference Assemblies
11.06.2009 22:43 <DIR> Registry Mechanic
09.06.2009 21:04 <DIR> RocketDock
10.06.2009 00:02 <DIR> Seznam
10.06.2009 00:09 <DIR> Skype
10.06.2009 10:32 <DIR> SMPlayer
10.06.2009 00:06 <DIR> Sun
16.07.2008 18:49 <DIR> Synaptics
12.06.2009 12:29 <DIR> Teamspeak2_RC2
09.06.2009 20:54 <DIR> Toshiba
16.07.2008 19:20 <DIR> Toshiba TEMPRO
24.06.2009 21:05 <DIR> Trend Micro
28.06.2009 21:20 <DIR> Trillian
16.07.2008 19:07 <DIR> Ulead Systems
02.11.2006 15:01 <DIR> Uninstall Information
10.06.2009 10:30 <DIR> uTorrent
10.06.2009 10:53 <DIR> Webteh
21.01.2008 04:35 <DIR> Windows Calendar
21.01.2008 04:35 <DIR> Windows Collaboration
21.01.2008 04:35 <DIR> Windows Defender
21.01.2008 04:35 <DIR> Windows Journal
09.06.2009 22:20 <DIR> Windows Mail
16.07.2008 19:10 <DIR> Windows Media Components
09.06.2009 22:20 <DIR> Windows Media Player
09.06.2009 19:32 <DIR> Windows NT
21.01.2008 04:35 <DIR> Windows Photo Gallery
21.01.2008 04:35 <DIR> Windows Sidebar
10.06.2009 10:27 <DIR> XnView
Soubor…: 0, Bajt…: 0
Adres ý…: 67, Volněch bajt…: 105˙588˙854˙784

b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:

Nebyly nalezeny žádné podvodné programy.

******************************************

3) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\Windows\tasks\ adresáři:

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Windows\Tasks

02.11.2006 15:01 6 SA.DAT
02.11.2006 15:01 29˙776 SCHEDLGU.TXT
02.11.2006 13:18 <DIR> ..
02.11.2006 13:18 <DIR> .
Soubor…: 2, Bajt…: 29˙782
Adres ý…: 2, Volněch bajt…: 105˙588˙854˙784

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

Nebyly nalezeny žádné soubory představující naplánované úlohy.

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

Nebyly nalezeny žádné nežádoucí soubory.

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C je Vista.
S‚riov‚ źˇslo svazku je 6429-B9C7.

Věpis adres ýe C:\Windows\Tasks

02.11.2006 15:01 6 SA.DAT
02.11.2006 15:01 29˙776 SCHEDLGU.TXT
02.11.2006 13:18 <DIR> ..
02.11.2006 13:18 <DIR> .
Soubor…: 2, Bajt…: 29˙782
Adres ý…: 2, Volněch bajt…: 105˙588˙854˙784

******************************************

4) Zjišťování přítomnosti v registru:

a) Vyhledávání spouštěcích bodů v registru:

Nebyly nalezeny žádné spouštěcí body v registru.

b) Export výjimek IE pop-up blockeru:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"PopupMgr"="yes"

c) Export povolení Windows firewallu:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

»»»»»»»»»»»»» Konec výpisu «««««««««««««««

[jaro3]

Odinstaluj:
DAEMON Tools Toolbar

Stáhni si program OTMoveIt3 (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe
c:\windows\system32\ezsidmv.dat
c:\windows\ativpsrm.bin
C:\Windows\Tasks\SA.DAT
c:\program files\Webteh
c:\program files\DAEMON Tools Toolbar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Podívej se do této složky:
c:\users\redfish\temp co tam?

[bereline]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\runouce.exe moved successfully.
c:\windows\system32\eEmpty.exe moved successfully.
c:\windows\system32\ezsidmv.dat moved successfully.
c:\windows\ativpsrm.bin moved successfully.
C:\Windows\Tasks\SA.DAT moved successfully.
c:\program files\Webteh\BSplayer\Skins\Base moved successfully.
c:\program files\Webteh\BSplayer\Skins moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample_subtitles moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins\C moved successfully.
c:\program files\Webteh\BSplayer\sdk\plugins moved successfully.
c:\program files\Webteh\BSplayer\sdk moved successfully.
c:\program files\Webteh\BSplayer\plugins moved successfully.
c:\program files\Webteh\BSplayer\lang moved successfully.
c:\program files\Webteh\BSplayer\doc moved successfully.
c:\program files\Webteh\BSplayer moved successfully.
c:\program files\Webteh moved successfully.
File/Folder c:\program files\DAEMON Tools Toolbar not found.
========== COMMANDS ==========
File delete failed. C:\Users\RedFish\AppData\Local\Temp\etilqs_CAcPi1KOnBbsLULv1rqP scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Temp\~DF7491.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\RedFish\AppData\Local\Mozilla\Firefox\Profiles\n69m2b2d.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06292009_102250

Ptalo se me to na reebot, nebo tak neco, zatím jsem dal NE, pokud to mám udělat znovu a potvrdit ?

Ohledně DEAMON TOOLS, pokusil jsem se to teď smazat, ale už je to smazáno, jen tam byla prázdná složka, tu jsem taky smazal.

c:\users\redfish\temp co tam? tuto složku jsem také smazal, obsahovala teamviewer ...

[jaro3]

Samozřejmě restartuj.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Nákaza tam již není , můžeš se vrátil do té sekce.

[bereline]

Díky za pomoc, snad už to bude ok