PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:54, on 19.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\orospo.exe
C:\Program Files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\uživatel\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/icqskins/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Service] orospo.exe
O4 - HKLM\..\Run: [1QV60oMJ06Z0yUnOF2JI] C:\Program Files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
O4 - HKLM\..\RunServices: [Windows Service] orospo.exe
O4 - HKLM\..\RunServices: [1QV60oMJ06Z0yUnOF2JI] C:\Program Files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Startup: Obsah aplikace OneNote.onetoc2
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C3A2C65-1705-44FB-8466-A06AE19942AD}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C3A2C65-1705-44FB-8466-A06AE19942AD}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C3A2C65-1705-44FB-8466-A06AE19942AD}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe - Unknown owner - C:\Documents and Settings\uživatel\Plocha\FAH504-Console.exe (file missing)
O23 - Service: Služba Google Update (gupdate1ca6057cb237400) (gupdate1ca6057cb237400) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\uživatel\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 11633 bytes

Odinstaluj si Daemon Tools Toolbar, ICQ6Toolbar, Anonymizer a Crawler Toolbar.
Vypni rezidenty u Spybota a Spyware Terrminatora.

Spusť si HijackThis, zaškrtni čtvereček před hodnotou a zmáčkni "Fix checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/icqskins/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Service] orospo.exe
O4 - HKLM\..\Run: [1QV60oMJ06Z0yUnOF2JI] C:\Program Files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
O4 - HKLM\..\RunServices: [Windows Service] orospo.exe
O4 - HKLM\..\RunServices: [1QV60oMJ06Z0yUnOF2JI] C:\Program Files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Budu tu až po dvanáctý, tak pak budem pokračovat.

protoze jsem si stahl zvuky do icq a zacal houkat avast ze mam malware a dobre dal jsem smazat smazat...a dam restart a zas se mi zobrazil avas a hned zas ty same viry

Však postupuj podle instrukcí co ti píšu.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3598
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.1.2010 17:40:01
mbam-log-2010-01-19 (17-39-53).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 115313
Uplynulý čas: 1 hour(s), 9 minute(s), 17 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{db4une5v-nf91-rja1-rmc4-uof6woe7wne5} (Generic.Bot.H) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\uživatel\Dokumenty\PC nabourani\Nová složka\nc.exe (Backdoor.NetCat) -> No action taken.
C:\Documents and Settings\uživatel\Local Settings\Temporary Internet Files\Content.IE5\ELGZCAJZ\thinklabs[2].exe (Backdoor.MoSucker) -> No action taken.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 09-08-10.01 - uživatel 19.01.2010 18:12.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.488 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 15:33 . 2010-01-19 17:00 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 15:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 15:28 . 2010-01-19 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 06:06 . 2010-01-19 06:06 -------- d-----w- c:\program files\Trend Micro
2010-01-18 17:44 . 2010-01-03 01:42 2498661 ----a-w- c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
2010-01-17 19:27 . 2010-01-17 19:27 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-17 18:31 . 2009-09-29 20:15 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2010-01-17 18:31 . 2009-09-30 02:08 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-01-17 18:31 . 2009-04-23 21:29 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\DIFX
2010-01-17 18:25 . 2010-01-17 18:25 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-17 18:25 . 2010-01-17 18:25 -------- d-----w- c:\program files\USB TV
2010-01-17 18:10 . 2010-01-17 18:10 -------- d-----w- C:\ATI
2010-01-17 18:06 . 2010-01-19 16:26 -------- d-----w- c:\program files\Lightsmark 2007
2010-01-13 19:41 . 2010-01-13 19:41 -------- d-----w- c:\program files\URUSoft
2010-01-08 16:00 . 2010-01-12 06:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-07 19:06 . 2010-01-07 19:07 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-07 15:40 . 2010-01-07 15:40 -------- d-----w- c:\program files\GIMP-2.0
2010-01-06 15:28 . 2010-01-06 15:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-04 14:55 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-01 11:36 . 2010-01-15 17:44 -------- d-----w- c:\program files\Prison Tycoon 4
2009-12-31 18:49 . 2009-12-31 23:03 -------- d-----w- C:\Shoty
2009-12-31 18:48 . 2009-12-31 18:48 -------- d-----w- c:\program files\ScreenShots
2009-12-31 18:45 . 2009-12-31 18:45 286720 ------w- c:\windows\Setup1.exe
2009-12-31 18:45 . 2009-12-31 18:45 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 18:41 . 2009-12-31 18:42 -------- d-----w- c:\program files\Take Screenshot
2009-12-31 17:20 . 2009-12-31 17:22 -------- d-----w- c:\program files\Hide IP NG
2009-12-31 17:14 . 1997-06-06 14:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2009-12-31 09:04 . 2009-01-22 01:40 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-12-31 09:04 . 2009-12-31 14:57 -------- d-----w- c:\program files\Hide My IP 2009
2009-12-31 08:47 . 2009-12-31 09:03 -------- d-----w- c:\program files\Easy-Hide-IP
2009-12-30 08:29 . 2009-12-30 08:29 -------- d-----w- c:\program files\MTA San Andreas
2009-12-28 13:34 . 2009-12-28 13:34 90112 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 13:34 . 2009-12-28 13:34 126976 ----a-w- c:\windows\system32\UAService7.exe
2009-12-28 13:27 . 2009-12-28 13:27 -------- d-----w- c:\program files\Giant
2009-12-23 19:55 . 2009-12-23 19:55 -------- d-----w- c:\program files\Alien IP
2009-12-23 18:49 . 2009-12-23 18:51 -------- d-----w- C:\GTA San Andreas Music
2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\VideoLAN
2009-12-21 06:06 . 2009-12-21 06:06 -------- d-----w- c:\program files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:02 . 2009-11-04 16:02 -------- d-----w- c:\program files\Spyware Terminator
2010-01-19 07:46 . 2009-11-04 18:20 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-19 07:46 . 2009-11-04 18:20 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-18 17:27 . 2009-11-02 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 19:22 . 2009-11-02 21:41 -------- d-----w- c:\program files\ATI Technologies
2010-01-13 07:45 . 2009-11-04 16:07 -------- d-----w- c:\program files\WinClamAVShield
2010-01-11 20:28 . 2009-12-12 19:55 -------- d-----w- c:\program files\CamStudio
2010-01-11 15:01 . 2009-11-04 17:27 -------- d-----w- c:\program files\Activision
2009-12-31 07:08 . 2009-12-17 16:59 -------- d-----w- c:\program files\Winferno
2009-12-29 19:40 . 2009-12-14 17:24 -------- d-----w- c:\program files\Testy ZP
2009-12-28 17:20 . 2009-11-08 09:42 -------- d-----w- c:\program files\Google
2009-12-18 14:27 . 2009-11-04 16:02 -------- d-----w- c:\program files\Crawler
2009-12-17 17:21 . 2009-12-17 17:21 -------- d-----w- c:\program files\Baykonur
2009-12-17 17:21 . 2009-12-17 17:21 1245149 ----a-w- c:\windows\system32\Baykonur.scr
2009-12-17 17:11 . 2009-12-17 17:11 -------- d-----w- c:\program files\Cities of Earth
2009-12-17 14:42 . 2009-12-17 14:42 -------- d-s---w- c:\program files\HLSW
2009-12-13 11:01 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-12 20:21 . 2009-12-12 20:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-12 19:20 . 2009-12-05 14:06 -------- d-----w- c:\program files\Razor
2009-12-11 19:22 . 2009-12-10 20:02 -------- d-----w- c:\program files\PCNetSoftware
2009-12-11 05:59 . 2001-10-25 14:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 05:59 . 2001-10-25 14:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 18:11 . 2009-12-10 18:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-10 13:47 . 2009-11-26 05:57 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-10 13:47 . 2009-11-26 05:57 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-10 13:47 . 2009-12-10 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-01 17:19 . 2009-12-01 17:19 2371 ----a-w- c:\windows\unins000.dat
2009-12-01 17:19 . 2009-12-01 17:19 695675 ----a-w- c:\windows\unins000.exe
2009-11-26 05:49 . 2009-11-26 05:49 -------- d-----w- c:\program files\Ubisoft
2009-11-24 23:54 . 2009-11-02 22:05 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-02 22:05 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-11-02 22:05 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-11-02 22:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-11-02 22:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-11-02 22:05 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-02 22:05 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-02 22:05 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-02 22:05 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 14:29 . 2009-11-24 14:29 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-21 21:22 . 2009-11-21 21:22 -------- d-----w- c:\program files\MSXML 4.0
2009-11-20 19:17 . 2009-11-04 17:07 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-20 19:17 . 2009-11-20 19:13 -------- d-----w- c:\program files\AutoCAD 2006
2009-11-20 19:16 . 2009-11-20 19:16 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-11-20 19:10 . 2009-11-20 19:10 -------- d-----w- c:\program files\Autodesk
2009-11-20 16:06 . 2009-11-20 16:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-07 21:51 . 2009-11-07 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 06:59 . 2009-11-04 18:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-05 05:42 . 2009-11-04 16:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-04 17:13 . 2009-11-04 17:13 7056 ----a-w- c:\windows\CDILLA16.EXE
2009-11-04 17:13 . 2009-11-04 17:13 63344 ----a-w- c:\windows\CDILLA05.DLL
2009-11-04 17:13 . 2009-11-04 17:13 57392 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2009-11-04 17:13 . 2009-11-04 17:13 55376 ----a-w- c:\windows\CDILLA40.DLL
2009-11-04 17:13 . 2009-11-04 17:13 45056 ----a-w- c:\windows\CDILLA13.DLL
2009-11-04 17:13 . 2009-11-04 17:13 32256 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2009-11-04 17:13 . 2009-11-04 17:13 260096 ----a-w- c:\windows\CDILLA32.DLL
2009-11-04 17:13 . 2009-11-04 17:13 23856 ----a-w- c:\windows\CDILLA10.EXE
2009-11-04 16:08 . 2009-11-04 16:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-04 16:02 . 2009-11-04 16:02 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-04 10:54 . 2009-11-02 21:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 10:54 . 2009-11-02 21:22 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-04 10:53 . 2009-11-02 21:22 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-02 21:19 . 2009-11-02 21:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2008-04-14 06:52 983040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-14 06:52 . 2008-04-14 06:52 2498661 --sh--r- c:\windows\system32\orospo.exe
.

------- Sigcheck -------

[7] 2008-04-14 06:52 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 06:52 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2008-04-14 06:52 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll

[7] 2009-08-29 07:51 916480 F658908845F3EB727FEF4769ED0E52FE c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 07:38 916480 4941ADD731725AF468342E42B71F776C c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 06:52 667136 3FE5E65A7ED9EC98AEE9167CA07812D3 c:\windows\ie8\wininet.dll
[7] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-08-29 07:58 916480 37CFE7928711C8157CF4D191F0EF5F69 c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-10-29 07:43 916480 F651D2A69B7037D6063BC697CF296D8C c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 07:43 983040 9411820E9E4D9A4E10B7E61CE1D747DD c:\windows\system32\wininet.dll
[-] 2009-10-29 07:43 983040 9411820E9E4D9A4E10B7E61CE1D747DD c:\windows\system32\dllcache\wininet.dll

[7] 2008-04-14 06:52 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 06:52 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\system32\winlogon.exe
[-] 2008-04-14 06:52 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\system32\dllcache\winlogon.exe

[7] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 21:53 2068352 97815C93200676C727CE951AE5C78137 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 07:10 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-10 18:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-08-04 17:29 2068224 182A95C233C9C254FEE7F047E6CA73D1 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 17:29 2068224 182A95C233C9C254FEE7F047E6CA73D1 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 17:29 2229376 B5D1668B99CA110D6A4F8BBAD5802459 c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 17:29 2229376 B5D1668B99CA110D6A4F8BBAD5802459 c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-10 18:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 17:23 2191488 3502DBBC657001D7A2A2768BD7DE1483 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 06:07 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-08-04 21:59 2191360 F61EB18DA0AA630E2F8A944ED6BD3BF9 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 21:59 2191360 F61EB18DA0AA630E2F8A944ED6BD3BF9 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 21:59 2352512 3EC8D4E84194C8CB90E68F47DE7A4F96 c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 21:59 2352512 3EC8D4E84194C8CB90E68F47DE7A4F96 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 06:52 1541120 D63C59BB0CA2F83B62D003FD52863090 c:\windows\explorer.exe
[7] 2008-04-14 06:52 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 06:52 1541120 D63C59BB0CA2F83B62D003FD52863090 c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 06:52 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 06:52 40448 0415E09C0BCCBF8B5CD5A05889EFB962 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 06:52 40448 0415E09C0BCCBF8B5CD5A05889EFB962 c:\windows\system32\dllcache\ctfmon.exe

[7] 2009-08-29 07:51 5942272 F343C3CE6026ADE482D48B2D4F881A1D c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 07:38 5944320 FC883BC594F028EF5D77B645AE91C914 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 09:14 5943296 3E902BD4D0EFB9E73C515DD3DEB6003B c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2008-04-14 06:51 3066880 DAF9947DE2A6EA20AE524B7C50487E57 c:\windows\ie8\mshtml.dll
[7] 2009-03-08 03:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-10-22 09:18 5939712 B459C87AA60BADADF3F0887737889CFF c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-08-29 07:58 5940224 8097658FEC4E7E65C8A63E6B7B2B0921 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-10-29 07:43 5940736 00EC3DE6B7C581CC2675CCD549B692D7 c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 07:43 6102016 F4B291D8B0CA0CA20D84E183A27C56B7 c:\windows\system32\mshtml.dll
[-] 2009-10-29 07:43 6102016 F4B291D8B0CA0CA20D84E183A27C56B7 c:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 06:51 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 06:51 1508864 9BBABCB691B887769048255FA7047C05 c:\windows\system32\comres.dll
[-] 2008-04-14 06:51 1508864 9BBABCB691B887769048255FA7047C05 c:\windows\system32\dllcache\comres.dll

[7] 2008-04-14 06:51 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 06:51 643072 330F30CB175655313A93AF27C7366550 c:\windows\system32\comctl32.dll
[-] 2008-04-14 06:51 643072 330F30CB175655313A93AF27C7366550 c:\windows\system32\dllcache\comctl32.dll
[7] 2001-10-25 14:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 06:37 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-04 3055616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-01-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-04 2172416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"1QV60oMJ06Z0yUnOF2JI"="c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe" [2010-01-03 2498661]
"Windows Service"="orospo.exe" - c:\windows\system32\orospo.exe [2008-04-14 2498661]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Service"="orospo.exe" - c:\windows\system32\orospo.exe [2008-04-14 2498661]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2010-1-3 3656]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-17 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:3bb3b657

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\PC nabourani\\srct_server.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2.11.2009 22:28 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.11.2009 23:05 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.11.2009 17:02 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.11.2009 23:05 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.12.2009 19:11 246520]
R2 SearchAnonymizer;SearchAnonymizer;c:\documents and settings\uživatel\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe [18.1.2010 18:44 40960]
S2 FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;FAH@C:+Documents and Settings+uživatel+Plocha+FAH504-Console.exe;c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart --> c:\documents and settings\uživatel\Plocha\FAH504-Console.exe -svcstart [?]
S2 gupdate1ca6057cb237400;Služba Google Update (gupdate1ca6057cb237400);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2009 10:42 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DB4UNE5V-NF91-RJA1-RMC4-UOF6WOE7WNE5}]
c:\program files\1QV60oMJ06Z0yUnOF2JI-systemdriver.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-08 17:59]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 09:42]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PlayNC Launcher - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/icqskins/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
TCP: {0C3A2C65-1705-44FB-8466-A06AE19942AD} = 62.129.50.20,85.135.32.100
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\a89k2b00.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 18:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
Binary file raw_enum.dat matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
Celkový čas: 2010-01-19 18:16
ComboFix-quarantined-files.txt 2010-01-19 17:15

Před spuštěním: Volných bajtů: 382 325 809 152
Po spuštění: Volných bajtů: 382 370 103 296

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

364 --- E O F --- 2010-01-13 21:02

Jo jeste k tem virum jsem si stahl zvuky do icq z nejake nemecke stranky a po prvni instalaci nic vse v pohode nainstaluju si tedy icq 7 a zkusim ty zvuky nainstalovat,nainstalovat se mi to povedlo,ale zacli mi skakat ty viry vudycky cerv nebo trojsky kun celkove 10 viru ktere pomazu ale pri dalsim restartu pocitace nebo zapnuti opet je muzu zacit mazat.

PC není připojen k netu?

je pripojeny proc by nebyl.uz vis jaky je problem jak ty viry odstranit

Já to vím, ale abychom je vykoply na Mars, potřebuji tvou spolupráci. Víš proč se ptám?

- REŽIM S OMEZENOU FUNKČNOSTÍ -

Toto píše, pokud nemůže stáhnout aktualizace z internetu, nebo si to zakázal?

nevim myslim ze jsem nic nezakazal ale u jakeho softwaru ti to napsalo

PC-HELP.CZ

Prosim o kontrolu logu naskakuji mi viry

Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry

Re: Prosim o kontrolu logu naskakuji mi viry