Kontrola logu HJT Vyřešeno

[warcraftan]

Čau

Prosím o preventivní kontrolu logu :-)

Díky hezký zbytek dne.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:48, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Ventrilo\Ventrilo.exe
D:\PROGRA~1\AIMP2\AIMP2.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 174.142.32.114 l2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8494 bytes

[Reklama]

[bledulka]

Čau


Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)



-nakonec zmáčkneš tlačítko Fix checked






Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit




Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde



Máš dva programy na defragmentaci - tune up a OO defrag - jeden vypni, mohou mezi sebou kolidovat.


Zlobí Tě počítač nějak?

[warcraftan]

Dohraju Heroes of newerth, tak pak se ozvu :-) zatím diky.

[warcraftan]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-21 12:25:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 4 GB (5%) free of 90 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:42, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Ventrilo\Ventrilo.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Opera\Opera.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
D:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 174.142.32.114 l2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - D:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7641 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\HPpromotions journeysoftware.job
D:\WINDOWS\tasks\Norton Security Scan for Administrator.job
D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - D:\Program Files\XfireXO\tbXfir.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - D:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - D:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - D:\Program Files\XfireXO\tbXfir.dll [2010-06-13 2734688]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2010-09-30 949376]
"Reloader"=D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe [2009-07-23 364846]
"UpdateReminder"=D:\Program Files\Eset\UpdateReminder.exe [2010-11-03 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"ICQ"=D:\Program Files\ICQ7.2\ICQ.exe [2010-11-02 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceStartMenuLogoff"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-11-21 12:22:50 ----D---- D:\rsit
2010-11-18 15:55:48 ----N---- D:\WINDOWS\system32\spmsgXP_2k3.dll
2010-11-18 15:55:34 ----HDC---- D:\WINDOWS\$NtUninstallWdf01009$
2010-11-13 20:16:52 ----D---- D:\Program Files\Common Files\Symantec Shared
2010-11-13 19:49:33 ----D---- D:\WINDOWS\system32\drivers\NSS
2010-11-13 19:49:33 ----D---- D:\Program Files\Norton Security Scan
2010-11-13 19:49:33 ----D---- D:\Documents and Settings\All Users\Data aplikací\Norton
2010-11-13 19:49:32 ----D---- D:\Documents and Settings\All Users\Data aplikací\Symantec
2010-11-13 19:49:17 ----D---- D:\Program Files\NortonInstaller
2010-11-13 19:49:17 ----D---- D:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-11-13 16:34:52 ----D---- D:\Program Files\PokerStars
2010-11-09 17:38:02 ----D---- D:\Program Files\Microsoft Silverlight
2010-11-07 12:01:17 ----D---- D:\Program Files\PhotoFiltre
2010-11-06 17:18:38 ----D---- D:\Documents and Settings\Administrator\Data aplikací\teamspeak2
2010-11-06 17:18:21 ----D---- D:\Program Files\Teamspeak2_RC2
2010-11-02 19:27:32 ----D---- D:\Program Files\ICQ7.2
2010-10-30 20:04:14 ----D---- D:\Program Files\AMR Player
2010-10-28 12:49:22 ----A---- D:\WINDOWS\system32\lsdelete.exe
2010-10-28 10:21:37 ----A---- D:\WINDOWS\system32\tvqenc.dll
2010-10-28 10:21:37 ----A---- D:\WINDOWS\system32\mp3dec.dll
2010-10-28 10:21:36 ----A---- D:\WINDOWS\system32\tvqdec.dll
2010-10-28 10:21:26 ----A---- D:\WINDOWS\system32\DGVorbis.dll
2010-10-28 10:21:25 ----D---- D:\Program Files\audio-mp3-converter
2010-10-28 09:00:02 ----A---- D:\WINDOWS\system32\drivers\Lbd.sys
2010-10-28 08:59:59 ----A---- D:\WINDOWS\system32\drivers\SBREDrv.sys
2010-10-28 08:57:54 ----HDC---- D:\Documents and Settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-10-28 08:57:34 ----D---- D:\Program Files\Lavasoft
2010-10-28 08:57:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-10-28 08:40:49 ----A---- D:\Program Files\chrome_installer.exe
2010-10-28 08:40:28 ----A---- D:\Program Files\ccsetup236.exe
2010-10-28 08:29:52 ----A---- D:\Program Files\Ad-AwareInstall.exe
2010-10-25 16:50:51 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Nokia
2010-10-25 16:50:49 ----D---- D:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-10-25 16:50:49 ----D---- D:\Documents and Settings\Administrator\Data aplikací\PC Suite
2010-10-25 16:49:56 ----D---- D:\Program Files\Common Files\PCSuite
2010-10-25 16:49:52 ----D---- D:\Program Files\Common Files\Nokia
2010-10-25 16:49:46 ----D---- D:\Program Files\DIFX
2010-10-25 16:49:45 ----A---- D:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-10-25 16:49:39 ----D---- D:\Program Files\PC Connectivity Solution
2010-10-25 16:49:26 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-10-25 16:49:26 ----A---- D:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-10-25 16:49:26 ----A---- D:\WINDOWS\system32\nmwcdcocls.dll
2010-10-25 16:49:26 ----A---- D:\WINDOWS\system32\drivers\ccdcmb.sys
2010-10-25 16:49:21 ----A---- D:\WINDOWS\system32\nmwcdcls.dll
2010-10-25 16:49:20 ----D---- D:\Program Files\Nokia
2010-10-25 16:48:40 ----D---- D:\Documents and Settings\All Users\Data aplikací\Installations
2010-10-23 16:16:28 ----D---- D:\WINDOWS\pss
2010-10-23 14:07:48 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Need for Speed World

======List of files/folders modified in the last 1 months======

2010-11-21 12:25:42 ----D---- D:\Program Files\Trend Micro
2010-11-21 12:24:15 ----D---- D:\WINDOWS\temp
2010-11-21 12:24:12 ----D---- D:\WINDOWS
2010-11-21 12:22:56 ----D---- D:\WINDOWS\Prefetch
2010-11-21 10:13:46 ----D---- D:\WINDOWS\system32\CatRoot2
2010-11-21 10:06:47 ----SD---- D:\WINDOWS\Tasks
2010-11-21 09:11:45 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Skype
2010-11-21 08:42:21 ----D---- D:\WINDOWS\system32\Lang
2010-11-20 22:05:28 ----N---- D:\WINDOWS\SchedLgU.Txt
2010-11-20 21:57:14 ----D---- D:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-11-20 11:30:57 ----D---- D:\Program Files
2010-11-20 11:03:41 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2010-11-20 10:19:29 ----D---- D:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-11-20 10:18:40 ----D---- D:\Program Files\Garena
2010-11-18 15:56:08 ----D---- D:\WINDOWS\system32\drivers
2010-11-18 15:56:07 ----HD---- D:\WINDOWS\inf
2010-11-18 15:55:48 ----D---- D:\WINDOWS\system32
2010-11-16 18:07:34 ----D---- D:\Program Files\Steam
2010-11-13 20:16:52 ----D---- D:\Program Files\Common Files
2010-11-13 17:12:30 ----D---- D:\Program Files\DivX
2010-11-13 17:12:30 ----D---- D:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-13 17:12:27 ----SHD---- D:\WINDOWS\Installer
2010-11-13 17:11:54 ----D---- D:\Config.Msi
2010-11-11 21:30:51 ----A---- D:\WINDOWS\NeroDigital.ini
2010-11-07 12:04:11 ----SD---- D:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-11-03 16:42:08 ----D---- D:\Program Files\Eset
2010-11-03 06:15:54 ----D---- D:\Program Files\ICQ6Toolbar
2010-11-02 19:27:47 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-10-28 12:49:18 ----D---- D:\Program Files\Wow
2010-10-28 12:49:18 ----D---- D:\Program Files\l4d2
2010-10-28 12:49:18 ----D---- D:\Program Files\Common Files\eBay
2010-10-28 08:57:32 ----D---- D:\WINDOWS\WinSxS
2010-10-28 08:42:20 ----D---- D:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2010-10-28 08:41:38 ----D---- D:\Program Files\CCleaner
2010-10-27 15:10:39 ----HD---- D:\Program Files\InstallShield Installation Information
2010-10-23 13:58:35 ----D---- D:\Program Files\THQ
2010-10-23 10:16:05 ----D---- D:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; D:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 m5288;m5288; D:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 210304]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 Si3112;Si3112; D:\WINDOWS\system32\drivers\Si3112.sys [2008-12-19 69296]
R0 Si3124;Si3124; D:\WINDOWS\system32\drivers\Si3124.sys [2008-12-19 76208]
R0 Si3132;SiI-3132 SATALink Controller; D:\WINDOWS\system32\DRIVERS\SI3132.sys [2008-12-19 74672]
R0 Si3132r5;Si3132r5; D:\WINDOWS\system32\drivers\Si3132r5.sys [2008-12-19 208688]
R0 Si3531;Si3531; D:\WINDOWS\system32\drivers\Si3531.sys [2008-12-19 210224]
R0 SiFilter;SATALink driver accelerator; D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2008-12-19 17328]
R0 SiRemFil;SATALink External Device Filter; D:\WINDOWS\system32\DRIVERS\SiRemFil.sys [2008-12-19 12464]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-03-21 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2010-09-30 15424]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2010-09-30 512096]
R2 cpuz132;cpuz132; \??\D:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 cpuz134;cpuz134; \??\D:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-12-19 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-12-19 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; D:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-12-19 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-12-19 12288]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S0 Si3114r5;Si3114r5; D:\WINDOWS\system32\drivers\Si3114r5.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 adkm1evv;adkm1evv; D:\WINDOWS\system32\drivers\adkm1evv.sys []
S3 agbnfay4;agbnfay4; D:\WINDOWS\system32\drivers\agbnfay4.sys []
S3 antyg5ws;antyg5ws; D:\WINDOWS\system32\drivers\antyg5ws.sys []
S3 GarenaPEngine;GarenaPEngine; \??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WUM418.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys []
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys []
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Revoflt;Revoflt; D:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RivaTuner32;RivaTuner32; \??\D:\Program Files\RivaTuner v2.23\RivaTuner32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys []
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-12-06 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-17 1375992]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2010-09-30 552064]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 O&O Defrag;O&O Defrag; D:\WINDOWS\system32\oodag.exe [2009-02-25 1352960]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-10-21 75064]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; D:\WINDOWS\System32\TUProgSt.exe [2009-10-17 603904]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-17 360192]
S3 usprserv;User Privilege Service; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[jaro3]

odinstaluj:
ICQ6Toolbar
XfireXO Toolbar
Ask.com
GenericAskToolbar
VDownloader Toolbar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
D:\WINDOWS\system32\drivers\adkm1evv.sys
D:\WINDOWS\system32\drivers\agbnfay4.sys
D:\WINDOWS\system32\drivers\antyg5ws.sys
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WUM418.tmp

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[warcraftan]

adkm1evv.sys - 0/ 42 (0.0%)
agbnfay4.sys - 0/ 42 (0.0%)
antyg5ws.sys - 0/ 43 (0.0%)
Poslední jsem nemohl najít

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3747
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.11.2010 16:24:19
mbam-log-2010-11-21 (16-24-16).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115370
Uplynulý čas: 4 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
D:\Program Files\CoreDLL.dll (Spyware.OnlineGames) -> No action taken.
D:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
D:\Documents and Settings\Administrator\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Ty soubory na VT budou stejně nákazy , jen je ještě nemají v databázích..

[warcraftan]

Hned to bude.

[warcraftan]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3747
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.11.2010 16:53:59
mbam-log-2010-11-21 (16-53-59).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115499
Uplynulý čas: 2 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Tak jsem se ponaučil, že když chcu řešit problémy, že nemám stahovat. Stahuji Pottra a nemůžu zavřít okna. Jedině, že by jsme počkali. Combofix bude tedy ve večerních hodinách + musím jit off. Zatím diky Jaro3.

[jaro3]

Nemáš zač , můžeš dodat kdykoliv..

[warcraftan]

Zpět :-)

ComboFix

ComboFix 10-11-20.07 - Administrator 21.11.2010 19:01:02.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1446 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Administrator\Local Settings\Data aplikací\DoubleD
d:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
d:\windows\system32\drivers\dgyxrhxw.sys
d:\windows\system32\fjhdyfhsn.bat

d:\windows\system32\drivers\asyncmac.sys . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hxquhewf


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 19:16 . 2010-11-21 16:28 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-11-13 18:49 . 2010-11-13 18:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Norton
2010-11-13 18:49 . 2010-11-13 18:49 -------- d-----w- d:\windows\system32\drivers\NSS
2010-11-13 18:49 . 2010-11-13 18:49 -------- d-----w- d:\program files\Norton Security Scan
2010-11-13 18:49 . 2010-11-13 18:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Symantec
2010-11-13 18:49 . 2010-11-13 18:49 -------- d-----w- d:\program files\NortonInstaller
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 11:49 . 2010-09-08 12:59 15880 ----a-w- d:\windows\system32\lsdelete.exe
2010-10-28 08:00 . 2010-09-08 12:59 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-10-28 07:57 -------- dc-h--w- d:\documents and settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-10-28 07:57 . 2010-10-28 08:00 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:57 . 2010-10-28 07:57 -------- d-----w- d:\program files\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:40 . 2010-10-28 07:40 1187896 ----a-w- d:\program files\ccsetup236.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-10-28 08:00 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
2010-10-23 13:07 . 2010-10-23 13:07 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Need for Speed World
2010-10-23 13:02 . 2010-10-23 13:02 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Electronic_Arts_Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-20 10:03 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-20 10:03 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-20 09:20 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.

------- Sigcheck -------


[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe

[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll

[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll

[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll

[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll

[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe

[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe

[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

d:\windows\System32\drivers\asyncmac.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "d:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 17:10 2734688 ----a-w- d:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- d:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "d:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "d:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [28.10.2010 9:00 64288]
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [8.9.2010 13:59 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8.9.2010 13:59 15264]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\ADMINI~1\LOCALS~1\Temp\WUM418.tmp --> d:\docume~1\ADMINI~1\LOCALS~1\Temp\WUM418.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-11-21 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-11-21 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 18:08]

2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

2010-11-21 d:\windows\Tasks\Norton Security Scan for Administrator.job
- d:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-13 08:48]

2010-11-21 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 19:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\ADMINI~1\LOCALS~1\Temp\WUM418.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4

[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1020)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2832)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\wbem\unsecapp.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\Lavasoft\Ad-Aware\AAWTray.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-21 19:19:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-21 18:19

Před spuštěním: 3 979 268 096
Po spuštění: Volných bajtů: 11 372 511 232

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F6EA60FD23D7F36CF0860EA0AE783DE6

[jaro3]

Odinstaluj:
Symantec/ Norton/ Norton Security Scan
Ad-Aware

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Mia::
d:\windows\system32\drivers\asyncmac.sys

File::
d:\windows\Tasks\Norton Security Scan for Administrator.job
d:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
d:\program files\Common Files\Symantec Shared
d:\documents and settings\All Users\Data aplikací\Norton
d:\windows\system32\drivers\NSS
d:\program files\Norton Security Scan
d:\documents and settings\All Users\Data aplikací\Symantec
d:\program files\NortonInstaller
d:\program files\Ask.com
d:\program files\Norton Security Scan

Driver::
GarenaPEngine

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[-HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:


Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
d:\windows\system32\winlogon.exe
d:\windows\system32\wuauclt.exe
d:\windows\system32\comctl32.dll
d:\windows\system32\ntoskrnl.exe
d:\windows\system32\wininet.dll
d:\windows\explorer.exe
d:\windows\system32\ctfmon.exe
d:\windows\system32\ntkrnlpa.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Start-spustit-napiš: notepad ,do něho vlož tento celý text:

Kód: Vybrat vše

dir \asyncmac.sys  /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.