Hijack - prosím o kontrolu

[simonides2000]

Prosím o kontrolu logu. Počítač se sám nepravidelně vypíná, na netu mi padá neustále plugin shockwave, u NOD32 mi odmítá aktualizovat databázi a vyhazuje chybu virového skeneru (což se stává při nemožnosti připojení na internet, které však neustále samozřejmě běží), dvakrát se mi stalo, že odregistroval sám již zaregistrované programy, u některých, vykazuje chybu u programů, které evidentně po případném restartu kompu opět pracují (chybu vyhazuje Themida, kterou však ve spuštěných procesech nemám) a podobně. Již jsem vyzkoušel vše možné, čím je možno odstranit spyware, malware a podobné věci včetně Combofixu a podobných programů - ale bohužel... Reinstalaci systému bych se rád vyhnul. Již jednou se mi podařilo podobný problém vyřešit, ale tentokráte je to někde mimo mne... Díky.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:37, on 2.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\HiJack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translat\WEBIE.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translat\WEBIE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-220523388-1708537768-839522115-1003\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s (User '?')
O4 - HKUS\S-1-5-21-220523388-1708537768-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4096294281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ec57704d342c) (gupdate1c9ec57704d342c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 11031 bytes

[Reklama]

[bledulka]

Ahoj,
pokud jsi použil combofix, tak mi sem vlož log.
Najdeš ho zde C:\ComboFix.txt
Combofix se nemá používat bez doporučení, jednak teď v logu nevidím případnou nákazu, ale hlavně Ti může při neodborném zásahu zbořit systém.


Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

[simonides2000]

No právě.. Ani já nevidím nikde chybu. A to ani u jiných programů, které logy vyhazují. Proto píšu, že to jde nějak mimo mne... Mimochodem - během pěti minut, co jsem to psal mi třikrát spadnul net, protože mi selhal shockwave plugin a při třetím selhání se mi vypnul počítač s problesknutím modré obrazovky, kde mi to hlásilo závažnou chybu, kvůli které win restartovyay systém... Modul chyby ale nelze zachytit. Používám prohlížeče Google Chrome a Mozilu... Problémy se shockwawe jsou u obou bez rozdílu. Taky jsem si povšimnul. že pokud jsem oba prohlížeče odinstaloval, běžel komp pár hodin bez problémů. Zdali to má ale příčinnou souvislost nedovedu posoudit. Nicméně selhání pluginu ji mít asi bude.

Posílám log z Combofixu a v další zprávě z rsitu::



ComboFix 10-08-02.01 - Milan 02.08.2010 22:23:39.4.2 - x86
Spuštěný z: c:\documents and settings\Milan\Dokumenty\Downloads\Programy\xyz.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-02 do 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 19:16 . 2010-08-02 19:44 -------- d-----w- c:\program files\HiJack
2010-07-26 20:58 . 2010-07-26 21:08 -------- d-----w- c:\program files\NirSoft
2010-07-25 16:49 . 2010-07-25 16:59 -------- d-----w- C:\xyz
2010-07-25 16:28 . 2010-07-25 16:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 13:25 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-07-25 13:24 . 2008-04-14 11:00 543232 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-07-25 13:23 . 2010-07-25 13:23 -------- d-----w- c:\windows\system32\URTTEMP
2010-07-25 13:22 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-25 13:22 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-25 13:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-25 13:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-25 13:21 . 2008-04-14 11:00 726590 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2010-07-25 13:21 . 2008-04-14 11:00 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-07-25 13:21 . 2008-04-14 11:00 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2010-07-25 13:19 . 2010-07-25 13:19 -------- d-----w- c:\windows\system32\winrm
2010-07-25 13:18 . 2010-01-14 15:06 158720 ----a-w- c:\windows\system32\rdpinit.exe
2010-07-25 13:18 . 2010-01-14 15:07 45056 ----a-w- c:\windows\system32\winlogonnotification.dll
2010-07-25 13:18 . 2010-01-14 15:07 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-07-25 13:18 . 2010-01-14 15:07 12800 ----a-w- c:\windows\system32\wksprtps.dll
2010-07-25 13:18 . 2010-01-14 15:06 134144 ----a-w- c:\windows\system32\tspubwmi.dll
2010-07-25 13:18 . 2010-01-14 15:06 243200 ----a-w- c:\windows\system32\rdpshell.exe
2010-07-25 13:18 . 2010-01-14 15:06 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2010-07-25 13:18 . 2010-01-14 15:04 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-07-25 13:18 . 2008-04-14 11:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-07-25 13:18 . 2008-05-02 08:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-07-25 13:17 . 2010-07-25 13:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-07-25 13:14 . 2008-04-14 05:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-07-25 13:14 . 2008-04-14 05:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-25 13:14 . 2008-04-14 05:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 21:11 . 2010-06-30 20:31 72 ---h--w- c:\windows\popcreg.dat
2010-07-31 21:11 . 2010-06-30 20:31 24 ----a-w- c:\windows\popcinfot.dat
2010-07-27 12:25 . 2010-01-01 00:12 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-26 13:35 . 2009-03-10 13:58 -------- d-----w- c:\program files\ICQ6.5
2010-07-25 13:20 . 2009-12-11 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 09:25 . 2008-10-15 18:06 -------- d-----w- c:\program files\Banka
2010-06-27 10:09 . 2009-02-07 23:33 -------- d-----w- c:\program files\Rapidshare
2010-06-26 17:06 . 2008-10-29 15:46 -------- d-----w- c:\program files\Spyware Doctor
2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Google Chrome Backup
2010-06-23 12:49 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 12:49 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 11:12 . 2009-02-08 13:26 -------- d-----w- c:\program files\Share Rapid Uploader
2010-06-17 22:20 . 2010-06-17 22:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-17 16:44 . 2009-08-01 10:48 -------- d-----w- c:\program files\Opera
2010-06-16 10:04 . 2010-06-16 10:04 -------- d-----w- c:\program files\ESET
2010-06-13 18:24 . 2010-06-13 18:22 -------- d-----w- c:\program files\Sony
2010-06-13 18:22 . 2008-10-15 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 18:15 . 2010-01-01 00:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-13 18:15 . 2010-01-01 00:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-13 18:15 . 2010-01-01 00:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-06-08 21:43 . 2008-10-16 10:58 -------- d-----w- c:\program files\DreamCom
2006-06-15 18:33 . 2009-08-03 21:02 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2009-08-03 21:02 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2009-08-03 21:02 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2009-08-03 21:02 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2009-08-03 21:01 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 . 2009-08-03 21:02 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2009-08-03 21:01 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2009-08-03 21:01 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2009-08-03 21:01 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2009-08-03 21:01 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-08-03 21:02 . 2009-08-03 21:02 81 --sh--r- c:\windows\CT4CET.bin
2008-11-30 20:04 . 2008-11-30 20:04 23 -csha-w- c:\windows\system32\fdcebf2_z.dll
.

------- Sigcheck -------

[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Namedate"="c:\program files\Nezmeskej\nezmeskej.exe" [2007-05-01 923136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^siszyd32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 11:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2007-05-01 10:00 923136 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 -c--a-r- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-03 07:52 16841216 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 14:55 339968 ------w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-08 00:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2009-08-04 15:49 1068424 ----a-w- c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
2008-10-22 18:57 28672 ----a-w- c:\program files\Vyčistit Počítač\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
2008-06-24 13:21 28672 ----a-w- c:\program files\Vyčistit Soubory\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 12:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\Milan\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22467:TCP"= 22467:TCP:spport
"5940:TCP"= 5940:TCP:spport
"16388:TCP"= 16388:TCP:spport

R2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 133104]
R2 XJfiyjxqe;XJfiyjxqe;c:\windows\System32\svchost.exe [2010-01-14 14848]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 esihdrv;esihdrv;c:\docume~1\Milan\LOCALS~1\Temp\esihdrv.sys [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-26 721904]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2004-10-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2004-10-18 34789]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-08-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-18 18:44]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\y7vfky4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94CDB5857A359AC78A869E5D4064D655D0D77BBF0BACA420D0AE6B02B94557CCC85B016D62953C62DEB4C5C0D32CC14D955606B56ABC74F98468742A34334278E57D1BC666D99533737A9842A18740B71192B3AD85E4AD094CCF3AD1953DF18CA330B2A2EFE29DF82CCD5B36CE9F6A6274997DDA5CB9AF4E45AA8930DC81AA5BAD908AD61CF99D75E1436733B508B021E39CF036A835ACCC8162C43BBE02073922E17A00BB4933EFDF192815E4B255CC79EE307A55B4AE8D098662B3A3A57100938CEDF85561D0B3E62E9E7B9EF96EBFC10C6FA98279901F54C66D98A9362C8F8A9AE36721343C8DA9875DC7DA19685A3D0FF8080229820FD0F9032E1FE24C4780B9EE2F8E1B8D5251CB0EA244AF008062B7289BDC4D0875621B56008ABEB90D65BE38F93F5034D67A476DF53744C919986D70324FD3F867DDC5ADD9A23E314B9C9FF8B706737177B2EACAF1C73EAB903D38D55B470C80058D3E62CCD4BCC4EE7C77811AEE87DB1180C90B0A3C69E0D5A1C4726BE8AC9EECAF6864AEC279576B4F04B416B6745B085B9AA6748FF678DC8BE3737A8A50A7437550B3183E15A2B355A98A664F05AF412EBB28AB6F7B531EB28A99E43A7243328522E766529733C2416F8E0B5C6969A8D9ABB170BE6EA914C5D1B9CAB4F56DE57AB02B3A3BE9EA173A7F5EC2BA34EE2CB20EF6C593AC073E64763E10701FF48E6071BCF9675C7CB1DBA9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-02 22:27:53
ComboFix-quarantined-files.txt 2010-08-02 20:27

Před spuštěním: Volných bajtů: 107 950 735 360
Po spuštění: Volných bajtů: 113 135 566 848

- - End Of File - - C792D83077B6DA55D731340549E8454D

[simonides2000]

RSit:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Milan at 2010-08-02 22:33:00
WIN_XP Service Pack 3
System drive C: has 108 GB (71%) free of 153 GB
Total RAM: 3582 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:16, on 2.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Milan\Dokumenty\Downloads\RSIT.exe
C:\Program Files\HiJack\Trend Micro\HiJackThis\Milan.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translat\WEBIE.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translat\WEBIE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s
O4 - HKUS\S-1-5-21-220523388-1708537768-839522115-1003\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translat\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4096294281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ec57704d342c) (gupdate1c9ec57704d342c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 10620 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\Translat\WEBIE.DLL [2008-10-16 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-08 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\Translat\WEBIE.DLL [2008-10-16 409600]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINDOWS\system32\msdxm.ocx [2008-04-14 846874]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-02-15 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Namedate"=C:\Program Files\Nezmeskej\nezmeskej.exe [2007-05-01 923136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
C:\Program Files\Nezmeskej\nezmeskej.exe [2007-05-01 923136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-12-05 2254120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-02-15 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-09-03 16841216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Profiler\lwemon.exe [2004-04-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-08 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2009-08-04 1068424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2005-12-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
C:\Program Files\Vyčistit Počítač\UUpdate.exe [2008-10-22 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
C:\Program Files\Vyčistit Soubory\UUpdate.exe [2008-06-24 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-03-02 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2010-07-25 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
C:\PROGRA~1\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2010-01-14 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Totalcmd\TOTALCMD.EXE"="C:\Program Files\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Documents and Settings\Milan\Data aplikací\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Milan\Data aplikací\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-02 22:33:00 ----D---- C:\rsit
2010-08-02 22:27:53 ----A---- C:\ComboFix.txt
2010-08-02 22:23:09 ----D---- C:\xyz26423x
2010-08-02 21:16:53 ----D---- C:\Program Files\HiJack
2010-07-27 12:41:33 ----D---- C:\Documents and Settings\Milan\Data aplikací\TeamViewer
2010-07-26 22:58:19 ----D---- C:\Program Files\NirSoft
2010-07-25 18:49:16 ----D---- C:\xyz
2010-07-25 18:49:14 ----D---- C:\Qoobox
2010-07-25 18:28:18 ----D---- C:\Program Files\Common Files\Skype
2010-07-25 16:43:19 ----D---- C:\WINDOWS\system32\icsxml
2010-07-25 15:31:04 ----D---- C:\WINDOWS\Prefetch
2010-07-25 15:30:26 ----ASH---- C:\pagefile.sys
2010-07-25 15:23:34 ----D---- C:\WINDOWS\system32\URTTEMP
2010-07-25 15:21:29 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-25 15:20:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-07-25 15:20:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-07-25 15:20:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-07-25 15:20:48 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-07-25 15:20:44 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-07-25 15:20:43 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-07-25 15:20:43 ----A---- C:\WINDOWS\system32\msconf.dll
2010-07-25 15:20:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-07-25 15:20:27 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-07-25 15:20:27 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-07-25 15:20:27 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-07-25 15:20:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-07-25 15:20:27 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-07-25 15:20:26 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-07-25 15:20:24 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-07-25 15:20:23 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-07-25 15:20:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-07-25 15:20:23 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-07-25 15:20:22 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-07-25 15:20:22 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-07-25 15:20:21 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-07-25 15:20:21 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-07-25 15:20:21 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-07-25 15:20:20 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-07-25 15:20:20 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-07-25 15:20:10 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2010-07-25 15:20:06 ----A---- C:\WINDOWS\system32\pwrshplugin.dll
2010-07-25 15:19:48 ----D---- C:\WINDOWS\system32\winrm
2010-07-25 15:19:48 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-07-25 15:19:48 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-07-25 15:19:47 ----A---- C:\WINDOWS\system32\wsmprovhost.exe
2010-07-25 15:19:47 ----A---- C:\WINDOWS\system32\winrmprov.dll
2010-07-25 15:19:47 ----A---- C:\WINDOWS\system32\wevtfwd.dll
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\wsmplpxy.dll
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\wsmanhttpconfig.exe
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\winrssrv.dll
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\winrsmgr.dll
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\winrshost.exe
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\winrscmd.dll
2010-07-25 15:19:46 ----A---- C:\WINDOWS\system32\winrs.exe
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\WsmWmiPl.dll
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\WsmRes.dll
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\WsmAuto.dll
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\winrm.vbs
2010-07-25 15:19:45 ----A---- C:\WINDOWS\system32\winrm.cmd
2010-07-25 15:18:50 ----A---- C:\WINDOWS\system32\rdpinit.exe
2010-07-25 15:18:49 ----A---- C:\WINDOWS\system32\wksprtps.dll
2010-07-25 15:18:49 ----A---- C:\WINDOWS\system32\wksprt.exe
2010-07-25 15:18:49 ----A---- C:\WINDOWS\system32\winlogonnotification.dll
2010-07-25 15:18:49 ----A---- C:\WINDOWS\system32\tspubwmi.dll
2010-07-25 15:18:49 ----A---- C:\WINDOWS\system32\rdpshell.exe
2010-07-25 15:18:48 ----A---- C:\WINDOWS\system32\tswbprxy.exe
2010-07-25 15:18:48 ----A---- C:\WINDOWS\system32\MsRdpWebAccess.dll
2010-07-25 15:14:53 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-07-25 15:14:53 ----A---- C:\WINDOWS\system32\irmon.dll
2010-07-25 15:14:53 ----A---- C:\WINDOWS\system32\irftp.exe
2010-07-25 14:59:02 ----A---- C:\WINDOWS\pnplog.txt
2010-07-25 14:53:39 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-25 14:53:39 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-25 14:53:05 ----RA---- C:\WINDOWS\SET10C.tmp
2010-07-25 14:53:00 ----RA---- C:\WINDOWS\SET100.tmp
2010-07-25 14:52:58 ----RA---- C:\WINDOWS\SETFD.tmp
2010-07-25 14:52:05 ----A---- C:\WINDOWS\setuplog.txt
2010-07-19 14:16:32 ----D---- C:\Documents and Settings\Milan\Data aplikací\Mozilla

======List of files/folders modified in the last 1 months======

2010-08-02 22:34:15 ----D---- C:\WINDOWS\Temp
2010-08-02 22:32:48 ----D---- C:\WINDOWS
2010-08-02 22:32:48 ----A---- C:\WINDOWS\TRNCOM.INI
2010-08-02 22:30:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-02 22:26:45 ----N---- C:\WINDOWS\system.ini
2010-08-02 22:25:32 ----D---- C:\WINDOWS\system32\drivers
2010-08-02 22:25:32 ----D---- C:\WINDOWS\system32
2010-08-02 22:25:32 ----D---- C:\WINDOWS\AppPatch
2010-08-02 22:25:28 ----D---- C:\Program Files\Common Files
2010-08-02 22:22:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-02 22:16:02 ----D---- C:\WINDOWS\Minidump
2010-08-02 21:44:53 ----SHD---- C:\WINDOWS\Installer
2010-08-02 21:17:28 ----RD---- C:\Program Files
2010-08-02 13:24:41 ----D---- C:\Documents and Settings\Milan\Data aplikací\The Bat!
2010-08-02 11:10:38 ----A---- C:\WINDOWS\DVDRegionFree.INI
2010-07-30 18:20:57 ----D---- C:\Documents and Settings\Milan\Data aplikací\Skype
2010-07-30 18:14:44 ----D---- C:\Documents and Settings\Milan\Data aplikací\skypePM
2010-07-27 14:34:00 ----D---- C:\Documents and Settings\Milan\Data aplikací\ICQ
2010-07-27 14:25:46 ----D---- C:\Program Files\Replay Media Catcher
2010-07-26 21:29:05 ----D---- C:\WINDOWS\twain_32
2010-07-26 21:29:04 ----HD---- C:\WINDOWS\inf
2010-07-26 15:35:11 ----D---- C:\Program Files\ICQ6.5
2010-07-26 10:40:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-25 18:58:20 ----D---- C:\WINDOWS\ERDNT
2010-07-25 18:58:16 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-25 17:44:38 ----SH---- C:\boot.ini
2010-07-25 17:44:38 ----A---- C:\WINDOWS\win.ini
2010-07-25 16:46:32 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-07-25 16:46:27 ----D---- C:\WINDOWS\l2schemas
2010-07-25 16:46:26 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-25 16:46:25 ----D---- C:\WINDOWS\system32\usmt
2010-07-25 16:46:23 ----D---- C:\WINDOWS\system32\Setup
2010-07-25 16:46:23 ----D---- C:\WINDOWS\Media
2010-07-25 16:46:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-25 16:46:20 ----D---- C:\WINDOWS\WBEM
2010-07-25 16:46:07 ----D---- C:\WINDOWS\network diagnostic
2010-07-25 16:45:54 ----D---- C:\WINDOWS\PeerNet
2010-07-25 16:45:54 ----D---- C:\WINDOWS\ime
2010-07-25 16:45:37 ----D---- C:\WINDOWS\system32\npp
2010-07-25 16:45:30 ----D---- C:\WINDOWS\msagent
2010-07-25 16:45:24 ----D---- C:\WINDOWS\system32\cs
2010-07-25 16:45:00 ----D---- C:\WINDOWS\ehome
2010-07-25 16:43:56 ----D---- C:\WINDOWS\system32\1033
2010-07-25 16:43:56 ----D---- C:\WINDOWS\system32\1029
2010-07-25 16:43:20 ----D---- C:\WINDOWS\system32\mui
2010-07-25 16:43:19 ----D---- C:\WINDOWS\Driver Cache
2010-07-25 15:29:25 ----D---- C:\WINDOWS\system32\config
2010-07-25 15:27:27 ----D---- C:\WINDOWS\repair
2010-07-25 15:26:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-25 15:24:08 ----D---- C:\WINDOWS\security
2010-07-25 15:23:57 ----RSD---- C:\WINDOWS\assembly
2010-07-25 15:23:11 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-25 15:22:08 ----D---- C:\WINDOWS\Debug
2010-07-25 15:22:01 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-25 15:21:58 ----D---- C:\WINDOWS\system32\ias
2010-07-25 15:21:34 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-25 15:21:33 ----RD---- C:\WINDOWS\Web
2010-07-25 15:21:25 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-25 15:21:19 ----D---- C:\Program Files\Internet Explorer
2010-07-25 15:21:17 ----D---- C:\WINDOWS\srchasst
2010-07-25 15:21:14 ----D---- C:\Program Files\Windows Media Player
2010-07-25 15:21:09 ----D---- C:\WINDOWS\system32\bits
2010-07-25 15:21:08 ----D---- C:\Program Files\Movie Maker
2010-07-25 15:20:52 ----D---- C:\WINDOWS\system32\oobe
2010-07-25 15:20:45 ----D---- C:\WINDOWS\system32\Restore
2010-07-25 15:20:44 ----D---- C:\WINDOWS\Help
2010-07-25 15:20:43 ----D---- C:\Program Files\netmeeting
2010-07-25 15:20:41 ----D---- C:\Program Files\Outlook Express
2010-07-25 15:20:40 ----D---- C:\Program Files\Common Files\System
2010-07-25 15:20:11 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-25 15:19:44 ----D---- C:\WINDOWS\system32\wbem
2010-07-25 15:19:07 ----D---- C:\Program Files\Messenger
2010-07-25 15:18:59 ----D---- C:\Program Files\Windows NT
2010-07-25 15:18:57 ----D---- C:\WINDOWS\Cursors
2010-07-25 15:18:51 ----D---- C:\WINDOWS\system32\cs-cz
2010-07-25 15:18:46 ----D---- C:\WINDOWS\system32\Com
2010-07-25 14:54:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-25 14:54:06 ----RSD---- C:\WINDOWS\Fonts
2010-07-25 14:53:38 ----D---- C:\WINDOWS\system
2010-07-25 14:53:24 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-07-25 14:52:21 ----D---- C:\WINDOWS\WinSxS
2010-07-25 13:19:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-25 12:55:29 ----D---- C:\Program Files\Mozilla Firefox
2010-07-14 11:25:06 ----D---- C:\Program Files\Banka

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2010-01-14 61824]
R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-09-23 207280]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-24 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-30 23976]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2004-07-30 31654]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-30 103488]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2010-01-14 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2010-01-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2010-01-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-26 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2010-01-14 32384]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S3 ATE_PROCMON;ATE_PROCMON; C:\WINDOWS\system32\drivers\ATE_PROCMON.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2010-01-14 272128]
S3 catchme;catchme; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\esihdrv.sys []
S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2010-01-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2010-01-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys []
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-26 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2004-04-16 73728]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-13 133104]
S2 XJfiyjxqe;XJfiyjxqe; C:\WINDOWS\System32\svchost.exe [2010-01-14 14848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-15 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[simonides2000]

A jen tak mimochodem - Po posledním restartu mi to odregistrovalo program The Bat!

[bledulka]

Něco tam je, ale nejdřív

Otestuj na http://www.virustotal.com


c:\windows\system32\fdcebf2_z.dll

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

[simonides2000]

Soubor fdcebf2_z.dll přijatý 2010.08.02 21:16:37 (UTC)
Současný stav: Dokončeno
Výsledek: 0/42 (0%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.08.02 -
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.02 -
Avast 4.8.1351.0 2010.08.02 -
Avast5 5.0.332.0 2010.08.02 -
AVG 9.0.0.851 2010.08.02 -
BitDefender 7.2 2010.08.02 -
CAT-QuickHeal 11.00 2010.08.02 -
ClamAV 0.96.0.3-git 2010.08.02 -
Comodo 5623 2010.08.02 -
DrWeb 5.0.2.03300 2010.08.02 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.02 -
F-Secure 9.0.15370.0 2010.08.02 -
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.02 -
Ikarus T3.1.1.84.0 2010.08.02 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.02 -
McAfee 5.400.0.1158 2010.08.02 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 -
PCTools 7.0.3.5 2010.08.02 -
Prevx 3.0 2010.08.02 -
Rising 22.59.00.04 2010.08.02 -
Sophos 4.56.0 2010.08.02 -
Sunbelt 6675 2010.08.02 -
SUPERAntiSpyware 4.40.0.1006 2010.08.02 -
Symantec 20101.1.1.7 2010.08.02 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.02 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.7.31.3965 2010.08.02 -
VirusBuster 5.0.27.0 2010.08.02 -
Rozšiřující informace
File size: 23 bytes
MD5...: c81956718a560900c539f382e5135819
SHA1..: f3c5ff0cd96342a0b0139778bbf4bc925cb22eea
SHA256: af38deb74056402f62976086167024beb7c07862b827ba5bb236ca6fac0a6649
ssdeep: 3:gbTiR8Xhs:gyR8xs
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Unknown!

[simonides2000]

Čím víc pracuji na netu, tím častěji mi padá plugin Shockwave a tím i celý systém... nemohu vypalovat také přes Nera, hry nehraju, tak nemůžu posoudit, ale zkusil jsem jednu flashovou aplikaci na netu a ta mi okamžitě spadla a po druhém spadnutí mi s pluginem spadnul i celý počítač.... nevím, jestli ti to k něčemu pomůže...

[simonides2000]

Nic - jdu si lehnout, ale ráno tu zase budu.. Někde něco ale je.... Zatím díky.

[bledulka]

Promiň, musela jsem včera nečekaně od počítače .
Něco tam vidím, vydrž.


Odinstaluj
C:\Program Files\Trojan Remover



Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

Filelook::
c:\windows\system32\fdcebf2_z.dll

Folder::
C:\Program Files\Trojan Remover

File::
C:\DOCUME~1\Milan\LOCALS~1\Temp\esihdrv.sys
C:\WINDOWS\SET10C.tmp
 C:\WINDOWS\SET100.tmp
C:\WINDOWS\SETFD.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22467:TCP"=-
"5940:TCP"=-
"16388:TCP"=-


Driver::
XJfiyjxqe
esihdrv

Netsvc::
XJfiyjxqe

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]





-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.






Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[simonides2000]

Nic se neděje... :-) Už jsem tu a za chvilku provedu požadované úkony.

[simonides2000]

Tak jsem provedl všechny úkony.. Omluva za zpoždění - jenom úplný sken malware trval 45 minut.
Přikládám požadované logy z Combofixu (CFScript) a výpis z mbam. U výpisu z mbam mne zaráží infikace u programu The Bat!... ostatně to samé i u ostatních infikovaných souborů.



ComboFix 10-08-02.03 - Milan 03.08.2010 10:51:39.5.2 - x86
Spuštěný z: c:\documents and settings\Milan\Plocha\xyz.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
"c:\docume~1\Milan\LOCALS~1\Temp\esihdrv.sys"
"c:\windows\SET100.tmp"
"c:\windows\SET10C.tmp"
"c:\windows\SETFD.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET100.tmp
c:\windows\SET10C.tmp
c:\windows\SETFD.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Legacy_XJFIYJXQE
-------\Service_esihdrv
-------\Service_XJfiyjxqe


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 20:33 . 2010-08-02 20:34 -------- d-----w- C:\rsit
2010-08-02 20:23 . 2010-08-02 20:27 -------- d-----w- C:\xyz26423x
2010-08-02 19:16 . 2010-08-02 19:44 -------- d-----w- c:\program files\HiJack
2010-07-26 20:58 . 2010-07-26 21:08 -------- d-----w- c:\program files\NirSoft
2010-07-25 16:49 . 2010-07-25 16:59 -------- d-----w- C:\xyz
2010-07-25 16:28 . 2010-07-25 16:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 13:25 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-07-25 13:24 . 2008-04-14 11:00 543232 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-07-25 13:23 . 2010-07-25 13:23 -------- d-----w- c:\windows\system32\URTTEMP
2010-07-25 13:22 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-25 13:22 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-25 13:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-25 13:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-25 13:21 . 2008-04-14 11:00 726590 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2010-07-25 13:21 . 2008-04-14 11:00 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-07-25 13:21 . 2008-04-14 11:00 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2010-07-25 13:19 . 2010-07-25 13:19 -------- d-----w- c:\windows\system32\winrm
2010-07-25 13:18 . 2010-01-14 15:06 158720 ----a-w- c:\windows\system32\rdpinit.exe
2010-07-25 13:18 . 2010-01-14 15:07 45056 ----a-w- c:\windows\system32\winlogonnotification.dll
2010-07-25 13:18 . 2010-01-14 15:07 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-07-25 13:18 . 2010-01-14 15:07 12800 ----a-w- c:\windows\system32\wksprtps.dll
2010-07-25 13:18 . 2010-01-14 15:06 134144 ----a-w- c:\windows\system32\tspubwmi.dll
2010-07-25 13:18 . 2010-01-14 15:06 243200 ----a-w- c:\windows\system32\rdpshell.exe
2010-07-25 13:18 . 2010-01-14 15:06 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2010-07-25 13:18 . 2010-01-14 15:04 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-07-25 13:18 . 2008-04-14 11:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-07-25 13:18 . 2008-05-02 08:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-07-25 13:17 . 2010-07-25 13:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-07-25 13:14 . 2008-04-14 05:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-07-25 13:14 . 2008-04-14 05:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-25 13:14 . 2008-04-14 05:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 21:11 . 2010-06-30 20:31 72 ---h--w- c:\windows\popcreg.dat
2010-07-31 21:11 . 2010-06-30 20:31 24 ----a-w- c:\windows\popcinfot.dat
2010-07-27 12:25 . 2010-01-01 00:12 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-26 13:35 . 2009-03-10 13:58 -------- d-----w- c:\program files\ICQ6.5
2010-07-25 13:20 . 2009-12-11 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 09:25 . 2008-10-15 18:06 -------- d-----w- c:\program files\Banka
2010-06-27 10:09 . 2009-02-07 23:33 -------- d-----w- c:\program files\Rapidshare
2010-06-26 17:06 . 2008-10-29 15:46 -------- d-----w- c:\program files\Spyware Doctor
2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Google Chrome Backup
2010-06-23 12:49 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 12:49 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 11:12 . 2009-02-08 13:26 -------- d-----w- c:\program files\Share Rapid Uploader
2010-06-17 22:20 . 2010-06-17 22:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-17 16:44 . 2009-08-01 10:48 -------- d-----w- c:\program files\Opera
2010-06-16 10:04 . 2010-06-16 10:04 -------- d-----w- c:\program files\ESET
2010-06-13 18:24 . 2010-06-13 18:22 -------- d-----w- c:\program files\Sony
2010-06-13 18:22 . 2008-10-15 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 18:15 . 2010-01-01 00:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-13 18:15 . 2010-01-01 00:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-13 18:15 . 2010-01-01 00:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-06-08 21:43 . 2008-10-16 10:58 -------- d-----w- c:\program files\DreamCom
2006-06-15 18:33 . 2009-08-03 21:02 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2009-08-03 21:02 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2009-08-03 21:02 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2009-08-03 21:02 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2009-08-03 21:01 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 . 2009-08-03 21:02 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2009-08-03 21:01 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2009-08-03 21:01 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2009-08-03 21:01 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2009-08-03 21:01 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-08-03 21:02 . 2009-08-03 21:02 81 --sh--r- c:\windows\CT4CET.bin
2008-11-30 20:04 . 2008-11-30 20:04 23 -csha-w- c:\windows\system32\fdcebf2_z.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\fdcebf2_z.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 23
Created time: 2008-11-30 20:04
Modified time: 2008-11-30 20:04
MD5: C81956718A560900C539F382E5135819
SHA1: F3C5FF0CD96342A0B0139778BBF4BC925CB22EEA


------- Sigcheck -------

[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-02_20.26.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 08:56 . 2010-08-03 08:56 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Namedate"="c:\program files\Nezmeskej\nezmeskej.exe" [2007-05-01 923136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 11:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2007-05-01 10:00 923136 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 -c--a-r- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-03 07:52 16841216 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 14:55 339968 ------w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-08 00:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
2008-10-22 18:57 28672 ----a-w- c:\program files\Vyčistit Počítač\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
2008-06-24 13:21 28672 ----a-w- c:\program files\Vyčistit Soubory\UUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 12:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\Milan\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 133104]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-26 721904]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2004-10-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2004-10-18 34789]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-08-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-18 18:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\y7vfky4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 10:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94CDB5857A359AC78A869E5D4064D655D0D77BBF0BACA420D0AE6B02B94557CCC85B016D62953C62DEB4C5C0D32CC14D955606B56ABC74F98468742A34334278E57D1BC666D99533737A9842A18740B71192B3AD85E4AD094CCF3AD1953DF18CA330B2A2EFE29DF82CCD5B36CE9F6A6274997DDA5CB9AF4E45AA8930DC81AA5BAD908AD61CF99D75E1436733B508B021E39CF036A835ACCC8162C43BBE02073922E17A00BB4933EFDF192815E4B255CC79EE307A55B4AE8D098662B3A3A57100938CEDF85561D0B3E62E9E7B9EF96EBFC10C6FA98279901F54C66D98A9362C8F8A9AE36721343C8DA9875DC7DA19685A3D0FF8080229820FD0F9032E1FE24C4780B9EE2F8E1B8D5251CB0EA244AF008062B7289BDC4D0875621B56008ABEB90D65BE38F93F5034D67A476DF53744C919986D70324FD3F867DDC5ADD9A23E314B9C9FF8B706737177B2EACAF1C73EAB903D38D55B470C80058D3E62CCD4BCC4EE7C77811AEE87DB1180C90B0A3C69E0D5A1C4726BE8AC9EECAF6864AEC279576B4F04B416B6745B085B9AA6748FF678DC8BE3737A8A50A7437550B3183E15A2B355A98A664F05AF412EBB28AB6F7B531EB28A99E43A7243328522E766529733C2416F8E0B5C6969A8D9ABB170BE6EA914C5D1B9CAB4F56DE57AB02B3A3BE9EA173A7F5EC2BA34EE2CB20EF6C593AC073E64763E10701FF48E6071BCF9675C7CB1DBA9"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
.
**************************************************************************
.
Celkový čas: 2010-08-03 11:01:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-03 09:01

Před spuštěním: Volných bajtů: 113 150 828 544
Po spuštění: Volných bajtů: 113 132 105 728

- - End Of File - - 1B60B89E389BE2D09849560A0F5561DA











Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4384

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2800.5512

3.8.2010 11:50:40
mbam-log-2010-08-03 (11-50-40).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 305999
Uplynulý čas: 43 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\Milan\Data aplikací\SystemProc (Trojan.Agent) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\crc32.dll (Trojan.Agent) -> No action taken.
D:\ZÁLOHY\Programy PC\PC - programy\The Bat\4.0.34 office\tbspell_cz_4_0_34 české slovníky.exe (Trojan.Dropper) -> No action taken.
D:\ZÁLOHY\Programy PC\PC - programy\The Bat\4.0.34 office\tb_cz_sk_4_0_34 český a slovenský překlad.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Milan\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.