ZAVIROVANÝ PC

comboxxx · Příspěvekod **comboxxx** » 08 čer 2009 20:00

Dobrý den,
Mám takový problém, po prihlaseni do windows se objevi bílé okno pres celou obrazovku ze byl nalezen virus Trojan.Spy.Win32.ZBOT.IKH, ktere nejde zavrit.. funguje pouze stav nouze. Podle předchozích témat zjištuji, že s tímto virem nejsem jediný a tak tu máte logy, ktere jste chtěli u předchozích problémů. Malwarebytes log, HijackThis a ComboFIX LOG. všechny byly provedeny v nouzovém režimu prostože v klasickém to není možné.
Předem děkuji za jakoukoliv radu..
--------------------------------------------------------------------------------------------------------------------------------------------------
LOG. Z Malwarebytes
Malwarebytes' Anti-Malware 1.37
Verze databáze: 2249
Windows 5.1.2600 Service Pack 3

8.6.2009 19:36:13
mbam-log-2009-06-08 (19-36-13).txt

Typ skenu: Rychlý sken
Objektu skenováno: 88613
Uplynulý cas: 1 minute(s), 24 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

--------------------------------------------------------------------------------------------------------------------------------------------------
HIJACKZHIS log.
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:38, on 8.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRAMY\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRAMY\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRAMY\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRAMY\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2515408249
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRAMY\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6524 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFIX LOG.

ComboFix 09-06-07.07 - DiX 08.06.2009 19:47.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1688 [GMT 2:00]
Spuštěný z: c:\documents and settings\DiX\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 16:47 . 2009-06-08 17:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-08 16:24 . 2009-06-08 16:24 103424 ----a-w- c:\windows\system32\portmap.exe
2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 14:27 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 14:27 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 14:27 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 13:59 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-03 13:57 . 2009-06-03 13:57 -------- d-sh--w- c:\windows\ftpcache
2009-06-02 13:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-02 13:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-02 13:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-02 13:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-02 13:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-25 21:18 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-23 18:09 . 2009-05-23 18:09 -------- d-----w- c:\program files\Sony
2009-05-23 17:55 . 2009-05-23 17:55 -------- d-----w- c:\program files\VSTplugins
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Common Files\Apple
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Apple Software Update
2009-05-23 10:29 . 2009-05-07 13:20 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-23 10:29 . 2009-05-07 13:19 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\windows\system32\xlive
2009-05-23 10:19 . 2009-05-23 10:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 22:34 . 2000-08-23 16:00 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-05-22 18:57 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-22 18:57 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-22 18:57 . 2001-10-24 09:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-22 18:57 . 2008-04-14 04:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-22 18:27 . 2009-05-22 18:27 -------- d-----w- C:\Vyhledavače
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\windows\system32\Futuremark
2009-05-21 16:29 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-21 16:26 . 2009-05-21 16:26 -------- d-----w- c:\windows\Sun
2009-05-21 15:24 . 2009-05-29 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 15:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 15:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 13:27 . 2009-05-19 13:27 -------- d-----w- c:\program files\MSXML 6.0
2009-05-18 17:11 . 2009-05-19 13:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-18 16:32 . 2009-05-18 16:32 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 16:30 . 2009-05-18 19:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-18 16:29 . 2005-07-27 11:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll
2009-05-18 16:28 . 2009-05-18 19:14 -------- d-----w- c:\program files\Autodesk
2009-05-17 14:40 . 2009-05-17 14:40 -------- d-----w- c:\windows\Logs
2009-05-17 14:30 . 2009-05-17 14:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-17 14:30 . 2009-05-17 14:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-17 09:45 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-17 09:45 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-17 09:45 . 2008-04-14 04:52 57856 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-17 09:45 . 2008-04-13 20:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-05-17 09:45 . 2008-04-13 20:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-05-17 09:45 . 2007-06-01 03:42 835712 ----a-w- c:\windows\system32\drivers\AVerBDA6x.sys
2009-05-17 09:45 . 2006-11-20 03:32 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-05-17 09:44 . 2007-02-07 22:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-05-17 09:44 . 2005-04-28 04:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-05-17 09:44 . 2007-05-14 12:18 73728 ------r- c:\windows\system32\CardID.dll
2009-05-17 09:44 . 2007-03-04 20:19 249856 ------r- c:\windows\system32\sptlib02.dll
2009-05-17 09:44 . 2006-11-17 04:35 262144 ------r- c:\windows\system32\sptlib01.dll
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\AVerMedia
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-05-17 08:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-16 23:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-16 22:22 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-05-16 22:22 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-05-16 22:22 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-05-16 22:22 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-05-16 22:22 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-05-16 22:22 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-05-16 21:48 . 2009-05-16 21:48 -------- d-----w- c:\program files\Microsoft Works
2009-05-16 21:47 . 2009-05-18 17:13 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 21:45 . 2009-05-16 21:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-16 21:45 . 2009-05-16 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-05-16 21:35 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-05-16 21:35 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-16 21:35 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-16 21:35 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-16 21:35 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-16 21:35 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-16 21:35 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-16 21:35 . 2009-05-16 21:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-16 20:33 . 2009-06-08 17:48 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\UC.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-05-16 18:30 . 2009-05-16 18:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-16 18:30 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-16 18:30 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-16 18:30 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-16 18:30 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-16 18:30 . 2006-05-11 17:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-16 18:30 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-16 18:30 . 2009-05-16 18:30 -------- d-----w- c:\program files\VSO
2009-05-16 17:49 . 2009-05-16 17:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-16 17:48 . 2009-05-16 17:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 17:46 . 2009-05-24 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 15:27 . 2009-05-16 15:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 14:30 . 2009-05-16 14:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-16 14:30 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-16 14:30 . 2009-05-16 14:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 14:29 . 2009-05-21 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-16 14:28 . 2009-05-16 14:28 -------- d-sh--w- c:\documents and settings\DiX\PrivacIE
2009-05-16 14:26 . 2009-06-08 14:27 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 17:48 . 2008-12-19 12:28 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-03 14:27 . 2009-06-03 13:59 -------- d-----w- c:\program files\Nokia
2009-06-03 14:26 . 2009-06-03 14:02 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-03 14:05 . 2001-10-25 13:00 495958 ----a-w- c:\windows\system32\perfh005.dat
2009-06-03 14:05 . 2001-10-25 13:00 104858 ----a-w- c:\windows\system32\perfc005.dat
2009-06-03 14:04 . 2009-06-03 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\DIFX
2009-05-21 16:29 . 2009-05-16 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 16:27 . 2009-05-16 12:33 -------- d-----w- c:\program files\Java
2009-05-20 16:15 . 2009-05-20 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 09:51 . 2009-05-16 12:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-17 09:51 . 2009-05-16 12:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-17 09:50 . 2009-05-16 12:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Logitech
2009-05-16 21:47 . 2009-05-16 12:30 -------- d-----w- c:\program files\MSBuild
2009-05-16 13:03 . 2009-05-16 13:03 -------- d-----w- c:\program files\Razer
2009-05-16 12:59 . 2009-05-16 12:59 -------- d-----w- c:\program files\Common Files\LogiShared
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 12:50 . 2009-05-16 12:50 -------- d-----w- c:\program files\Realtek
2009-05-16 12:50 . 2009-05-16 12:50 315392 ----a-w- c:\windows\HideWin.exe
2009-05-16 12:50 . 2009-05-16 12:47 15600 ----a-w- c:\windows\gdrv.sys
2009-05-16 12:48 . 2009-05-16 12:48 -------- d-----w- c:\program files\Intel
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 12:30 . 2009-05-16 12:30 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 12:27 . 2009-05-16 12:27 -------- d-----w- c:\program files\Windows Defender
2009-05-16 12:15 . 2009-05-16 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-05-16 12:14 . 2009-05-16 12:14 -------- d-----w- c:\program files\Windows Plus
2009-05-16 12:12 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-05-16 12:12 . 2009-05-16 12:12 -------- d-----w- c:\program files\Alky for Applications
2009-05-16 12:07 . 2009-05-16 12:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 12:06 . 2009-05-16 12:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-16 12:04 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.
Infected c:\windows\system32\user32.dll hex repaired

------- Sigcheck -------

[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll

[-] 2008-12-19 12:29 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe

[-] 2008-12-19 12:43 1486336 D39127310CBAD1485EC5001A4ED1D853 c:\windows\explorer.exe

[-] 2008-12-19 12:23 40960 94927BB89A6825C4A5952A2BF78F027B c:\windows\system32\ctfmon.exe

[-] 2008-12-26 20:23 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"portmap.exe"="c:\windows\system32\portmap.exe" [2009-06-08 103424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\DiX\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Quick Office.lnk - c:\windows\system32\portmap.exe [2009-6-8 103424]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reclusa"=c:\program files\Razer\Reclusa\razerhid.exe
"Alcmtr"=ALCMTR.EXE
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="d:\programy\QuickTime\QTTask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"portmap.exe"=c:\windows\system32\portmap.exe
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Xfire\\xfire.exe"=
"e:\\GAMES\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\PROGRAMY\\HLSW\\hlsw.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\QIP\\qip.exe"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRAMY\\mIRCcz\\mirc32.exe"=
"e:\\GAMES\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"d:\\PROGRAMY\\VLC\\vlc.exe"=
"e:\\GAMES\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\GAMES\\Bohemia Interactive\\arma2.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [16.5.2009 15:03 41984]
S0 otni;otni;c:\windows\system32\drivers\stwzvyd.sys --> c:\windows\system32\drivers\stwzvyd.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.5.2009 15:08 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.5.2009 15:08 20560]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.5.2009 11:44 188416]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16.5.2009 16:30 604416]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA6x.sys [17.5.2009 11:45 835712]
S3 cpuz130;cpuz130;\??\c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'

2009-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DiX\Data aplikací\Mozilla\Firefox\Profiles\c7eyf3ll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 19:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-06-08 19:49
ComboFix-quarantined-files.txt 2009-06-08 17:49

Před spuštěním: Volných bajtů: 48 555 413 504
Po spuštění: Volných bajtů: 48 542 892 032

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

336 --- E O F --- 2009-06-05 12:43
-----------------------------------------------------------------------------------------------------------------------------------------------

Reklama

Damned · Příspěvekod **Damned** » 08 čer 2009 20:27

No jó, pán před 14 dny sežral všechnu moudrost, že????? Cos čekal????

M473S · Příspěvekod **M473S** » 08 čer 2009 21:01

Zkoušel ste to vypnout a zapnout??? :-D

comboxxx · Příspěvekod **comboxxx** » 08 čer 2009 21:11

dík za radu :bigups:

Damned · Příspěvekod **Damned** » 08 čer 2009 21:34

Spusť si HJT a fixni:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
*****************************************************************************************************************************************

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\portmap.exe
c:\windows\HideWin.exe
c:\windows\system32\drivers\sptd.sys
c:\windows\system32\drivers\stwzvyd.sys
c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys

Folder::
c:\program files\DAEMON Tools Toolbar

Driver::
otni;otni
otni
stwzvyd
cpuz130;cpuz130
cpuz130

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 0 (0x0)
"DisableLocalUserRunOnce"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 0 (0x0)
"DisableLocalUserRunOnce"= 0 (0x0)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

comboxxx · Příspěvekod **comboxxx** » 08 čer 2009 21:52

Zde je log.. jinak po restartu už systém běží tak jak má.

ComboFix 09-06-07.07 - DiX 08.06.2009 21:40.2 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1697 [GMT 2:00]
Spuštěný z: c:\documents and settings\DiX\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\DiX\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys"
"c:\windows\HideWin.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\drivers\sptd.sys"
"c:\windows\system32\drivers\stwzvyd.sys"
"c:\windows\system32\portmap.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\windows\HideWin.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\sptd.sys
c:\windows\system32\portmap.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130
-------\Service_otni

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 14:27 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 14:27 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 14:27 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 13:59 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-03 13:57 . 2009-06-03 13:57 -------- d-sh--w- c:\windows\ftpcache
2009-06-02 13:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-02 13:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-02 13:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-02 13:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-02 13:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-25 21:18 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-23 18:09 . 2009-05-23 18:09 -------- d-----w- c:\program files\Sony
2009-05-23 17:55 . 2009-05-23 17:55 -------- d-----w- c:\program files\VSTplugins
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Common Files\Apple
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Apple Software Update
2009-05-23 10:29 . 2009-05-07 13:20 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-23 10:29 . 2009-05-07 13:19 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\windows\system32\xlive
2009-05-23 10:19 . 2009-05-23 10:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 22:34 . 2000-08-23 16:00 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-05-22 18:57 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-22 18:57 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-22 18:57 . 2001-10-24 09:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-22 18:57 . 2008-04-14 04:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-22 18:27 . 2009-05-22 18:27 -------- d-----w- C:\Vyhledavače
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\windows\system32\Futuremark
2009-05-21 16:29 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-21 16:26 . 2009-05-21 16:26 -------- d-----w- c:\windows\Sun
2009-05-21 15:24 . 2009-05-29 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 15:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 15:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 13:27 . 2009-05-19 13:27 -------- d-----w- c:\program files\MSXML 6.0
2009-05-18 17:11 . 2009-05-19 13:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-18 16:32 . 2009-05-18 16:32 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 16:30 . 2009-05-18 19:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-18 16:29 . 2005-07-27 11:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll
2009-05-18 16:28 . 2009-05-18 19:14 -------- d-----w- c:\program files\Autodesk
2009-05-17 14:40 . 2009-05-17 14:40 -------- d-----w- c:\windows\Logs
2009-05-17 14:30 . 2009-05-17 14:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-17 14:30 . 2009-05-17 14:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-17 09:45 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-17 09:45 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-17 09:45 . 2008-04-14 04:52 57856 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-17 09:45 . 2008-04-13 20:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-05-17 09:45 . 2008-04-13 20:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-05-17 09:45 . 2007-06-01 03:42 835712 ----a-w- c:\windows\system32\drivers\AVerBDA6x.sys
2009-05-17 09:45 . 2006-11-20 03:32 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-05-17 09:44 . 2007-02-07 22:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-05-17 09:44 . 2005-04-28 04:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-05-17 09:44 . 2007-05-14 12:18 73728 ------r- c:\windows\system32\CardID.dll
2009-05-17 09:44 . 2007-03-04 20:19 249856 ------r- c:\windows\system32\sptlib02.dll
2009-05-17 09:44 . 2006-11-17 04:35 262144 ------r- c:\windows\system32\sptlib01.dll
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\AVerMedia
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-05-17 08:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-16 23:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-16 22:22 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-05-16 22:22 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-05-16 22:22 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-05-16 22:22 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-05-16 22:22 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-05-16 22:22 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-05-16 21:48 . 2009-05-16 21:48 -------- d-----w- c:\program files\Microsoft Works
2009-05-16 21:47 . 2009-05-18 17:13 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 21:45 . 2009-05-16 21:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-16 21:45 . 2009-05-16 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-05-16 21:35 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-05-16 21:35 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-16 21:35 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-16 21:35 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-16 21:35 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-16 21:35 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-16 21:35 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-16 21:35 . 2009-05-16 21:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-16 20:33 . 2009-06-08 17:48 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\UC.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-05-16 18:30 . 2009-05-16 18:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-16 18:30 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-16 18:30 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-16 18:30 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-16 18:30 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-16 18:30 . 2006-05-11 17:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-16 18:30 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-16 18:30 . 2009-05-16 18:30 -------- d-----w- c:\program files\VSO
2009-05-16 17:46 . 2009-05-24 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 15:27 . 2009-05-16 15:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 14:30 . 2009-05-16 14:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-16 14:30 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-16 14:30 . 2009-05-16 14:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 14:29 . 2009-05-21 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-16 14:28 . 2009-05-16 14:28 -------- d-sh--w- c:\documents and settings\DiX\PrivacIE
2009-05-16 14:26 . 2009-06-08 14:27 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-16 14:26 . 2009-06-08 14:32 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-16 14:26 . 2009-06-08 17:15 -------- d-----w- c:\windows\system32\LogFiles
2009-05-16 14:26 . 2009-05-16 14:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-16 14:13 . 2009-05-16 14:13 -------- d-sh--w- c:\documents and settings\DiX\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 17:48 . 2008-12-19 12:28 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-03 14:27 . 2009-06-03 13:59 -------- d-----w- c:\program files\Nokia
2009-06-03 14:26 . 2009-06-03 14:02 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-03 14:05 . 2001-10-25 13:00 495958 ----a-w- c:\windows\system32\perfh005.dat
2009-06-03 14:05 . 2001-10-25 13:00 104858 ----a-w- c:\windows\system32\perfc005.dat
2009-06-03 14:04 . 2009-06-03 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\DIFX
2009-05-21 16:29 . 2009-05-16 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 16:27 . 2009-05-16 12:33 -------- d-----w- c:\program files\Java
2009-05-20 16:15 . 2009-05-20 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 09:51 . 2009-05-16 12:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-17 09:51 . 2009-05-16 12:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-17 09:50 . 2009-05-16 12:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Logitech
2009-05-16 21:47 . 2009-05-16 12:30 -------- d-----w- c:\program files\MSBuild
2009-05-16 13:03 . 2009-05-16 13:03 -------- d-----w- c:\program files\Razer
2009-05-16 12:59 . 2009-05-16 12:59 -------- d-----w- c:\program files\Common Files\LogiShared
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 12:50 . 2009-05-16 12:50 -------- d-----w- c:\program files\Realtek
2009-05-16 12:50 . 2009-05-16 12:47 15600 ----a-w- c:\windows\gdrv.sys
2009-05-16 12:48 . 2009-05-16 12:48 -------- d-----w- c:\program files\Intel
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 12:30 . 2009-05-16 12:30 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 12:27 . 2009-05-16 12:27 -------- d-----w- c:\program files\Windows Defender
2009-05-16 12:15 . 2009-05-16 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-05-16 12:14 . 2009-05-16 12:14 -------- d-----w- c:\program files\Windows Plus
2009-05-16 12:12 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-05-16 12:12 . 2009-05-16 12:12 -------- d-----w- c:\program files\Alky for Applications
2009-05-16 12:07 . 2009-05-16 12:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 12:06 . 2009-05-16 12:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-16 12:04 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.

------- Sigcheck -------

[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll

[-] 2008-12-19 12:29 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe

[-] 2008-12-19 12:43 1486336 D39127310CBAD1485EC5001A4ED1D853 c:\windows\explorer.exe

[-] 2008-12-19 12:23 40960 94927BB89A6825C4A5952A2BF78F027B c:\windows\system32\ctfmon.exe

[-] 2008-12-26 20:23 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_17.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 19:42 . 2009-06-08 19:42 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
+ 2009-06-08 19:43 . 2009-06-08 19:43 16384 c:\windows\temp\Perflib_Perfdata_594.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reclusa"=c:\program files\Razer\Reclusa\razerhid.exe
"Alcmtr"=ALCMTR.EXE
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="d:\programy\QuickTime\QTTask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"portmap.exe"=c:\windows\system32\portmap.exe
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Xfire\\xfire.exe"=
"e:\\GAMES\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\PROGRAMY\\HLSW\\hlsw.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\QIP\\qip.exe"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRAMY\\mIRCcz\\mirc32.exe"=
"e:\\GAMES\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"d:\\PROGRAMY\\VLC\\vlc.exe"=
"e:\\GAMES\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\GAMES\\Bohemia Interactive\\arma2.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.5.2009 15:08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.5.2009 15:08 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16.5.2009 16:30 604416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA6x.sys [17.5.2009 11:45 835712]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [16.5.2009 15:03 41984]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.5.2009 11:44 188416]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'

2009-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DiX\Data aplikací\Mozilla\Firefox\Profiles\c7eyf3ll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 21:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\SHDOCVW.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Alwil Software\Avast4\aswUpdSv.exe
d:\programy\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\windows\arservice.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\mcrdsvc.exe
d:\programy\Alwil Software\Avast4\ashMaiSv.exe
d:\programy\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-08 21:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-08 19:44
ComboFix2.txt 2009-06-08 17:49

Před spuštěním: Volných bajtů: 48 563 912 704
Po spuštění: Volných bajtů: 46 293 901 312

386 --- E O F --- 2009-06-05 12:43

Damned · Příspěvekod **Damned** » 08 čer 2009 22:13

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad
a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"=-
"DisableLocalUserRunOnce"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"=-
"DisableLocalUserRunOnce"=-

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.

Poté sem dej znovu log z Combofixu.

comboxxx · Příspěvekod **comboxxx** » 08 čer 2009 23:41

tady je

ComboFix 09-06-07.07 - DiX 08.06.2009 23:31.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1411 [GMT 2:00]
Spuštěný z: c:\documents and settings\DiX\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 14:27 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 14:27 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 14:27 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 13:59 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-03 13:57 . 2009-06-03 13:57 -------- d-sh--w- c:\windows\ftpcache
2009-06-02 13:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-02 13:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-02 13:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-02 13:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-02 13:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-25 21:18 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-23 18:09 . 2009-05-23 18:09 -------- d-----w- c:\program files\Sony
2009-05-23 17:55 . 2009-05-23 17:55 -------- d-----w- c:\program files\VSTplugins
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Common Files\Apple
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Apple Software Update
2009-05-23 10:29 . 2009-05-07 13:20 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-23 10:29 . 2009-05-07 13:19 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\windows\system32\xlive
2009-05-23 10:19 . 2009-05-23 10:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 22:34 . 2000-08-23 16:00 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-05-22 18:57 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-22 18:57 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-22 18:57 . 2001-10-24 09:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-22 18:57 . 2008-04-14 04:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-22 18:27 . 2009-05-22 18:27 -------- d-----w- C:\Vyhledavače
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\windows\system32\Futuremark
2009-05-21 16:29 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-21 16:26 . 2009-05-21 16:26 -------- d-----w- c:\windows\Sun
2009-05-21 15:24 . 2009-05-29 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 15:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 15:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 13:27 . 2009-05-19 13:27 -------- d-----w- c:\program files\MSXML 6.0
2009-05-18 17:11 . 2009-05-19 13:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-18 16:32 . 2009-05-18 16:32 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 16:30 . 2009-05-18 19:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-18 16:29 . 2005-07-27 11:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll
2009-05-18 16:28 . 2009-05-18 19:14 -------- d-----w- c:\program files\Autodesk
2009-05-17 14:40 . 2009-05-17 14:40 -------- d-----w- c:\windows\Logs
2009-05-17 14:30 . 2009-05-17 14:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-17 14:30 . 2009-05-17 14:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-17 09:45 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-17 09:45 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-17 09:45 . 2008-04-14 04:52 57856 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-17 09:45 . 2008-04-13 20:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-05-17 09:45 . 2008-04-13 20:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-05-17 09:45 . 2007-06-01 03:42 835712 ----a-w- c:\windows\system32\drivers\AVerBDA6x.sys
2009-05-17 09:45 . 2006-11-20 03:32 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-05-17 09:44 . 2007-02-07 22:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-05-17 09:44 . 2005-04-28 04:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-05-17 09:44 . 2007-05-14 12:18 73728 ------r- c:\windows\system32\CardID.dll
2009-05-17 09:44 . 2007-03-04 20:19 249856 ------r- c:\windows\system32\sptlib02.dll
2009-05-17 09:44 . 2006-11-17 04:35 262144 ------r- c:\windows\system32\sptlib01.dll
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\AVerMedia
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-05-17 08:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-16 23:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-16 22:22 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-05-16 22:22 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-05-16 22:22 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-05-16 22:22 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-05-16 22:22 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-05-16 22:22 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-05-16 21:48 . 2009-05-16 21:48 -------- d-----w- c:\program files\Microsoft Works
2009-05-16 21:47 . 2009-05-18 17:13 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 21:45 . 2009-05-16 21:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-16 21:45 . 2009-05-16 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-05-16 21:35 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-05-16 21:35 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-16 21:35 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-16 21:35 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-16 21:35 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-16 21:35 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-16 21:35 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-16 21:35 . 2009-05-16 21:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-16 20:33 . 2009-06-08 17:48 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\UC.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-05-16 18:30 . 2009-05-16 18:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-16 18:30 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-16 18:30 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-16 18:30 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-16 18:30 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-16 18:30 . 2006-05-11 17:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-16 18:30 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-16 18:30 . 2009-05-16 18:30 -------- d-----w- c:\program files\VSO
2009-05-16 17:46 . 2009-05-24 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 15:27 . 2009-05-16 15:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 14:30 . 2009-05-16 14:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-16 14:30 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-16 14:30 . 2009-05-16 14:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 14:29 . 2009-05-21 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-16 14:28 . 2009-05-16 14:28 -------- d-sh--w- c:\documents and settings\DiX\PrivacIE
2009-05-16 14:26 . 2009-06-08 20:25 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-16 14:26 . 2009-06-08 20:25 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-16 14:26 . 2009-06-08 20:03 -------- d-----w- c:\windows\system32\LogFiles
2009-05-16 14:26 . 2009-05-16 14:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-16 14:13 . 2009-05-16 14:13 -------- d-sh--w- c:\documents and settings\DiX\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 17:48 . 2008-12-19 12:28 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-03 14:27 . 2009-06-03 13:59 -------- d-----w- c:\program files\Nokia
2009-06-03 14:26 . 2009-06-03 14:02 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-03 14:05 . 2001-10-25 13:00 495958 ----a-w- c:\windows\system32\perfh005.dat
2009-06-03 14:05 . 2001-10-25 13:00 104858 ----a-w- c:\windows\system32\perfc005.dat
2009-06-03 14:04 . 2009-06-03 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\DIFX
2009-05-21 16:29 . 2009-05-16 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 16:27 . 2009-05-16 12:33 -------- d-----w- c:\program files\Java
2009-05-20 16:15 . 2009-05-20 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 09:51 . 2009-05-16 12:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-17 09:51 . 2009-05-16 12:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-17 09:50 . 2009-05-16 12:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Logitech
2009-05-16 21:47 . 2009-05-16 12:30 -------- d-----w- c:\program files\MSBuild
2009-05-16 13:03 . 2009-05-16 13:03 -------- d-----w- c:\program files\Razer
2009-05-16 12:59 . 2009-05-16 12:59 -------- d-----w- c:\program files\Common Files\LogiShared
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 12:50 . 2009-05-16 12:50 -------- d-----w- c:\program files\Realtek
2009-05-16 12:50 . 2009-05-16 12:47 15600 ----a-w- c:\windows\gdrv.sys
2009-05-16 12:48 . 2009-05-16 12:48 -------- d-----w- c:\program files\Intel
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 12:30 . 2009-05-16 12:30 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 12:27 . 2009-05-16 12:27 -------- d-----w- c:\program files\Windows Defender
2009-05-16 12:15 . 2009-05-16 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-05-16 12:14 . 2009-05-16 12:14 -------- d-----w- c:\program files\Windows Plus
2009-05-16 12:12 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-05-16 12:12 . 2009-05-16 12:12 -------- d-----w- c:\program files\Alky for Applications
2009-05-16 12:07 . 2009-05-16 12:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 12:06 . 2009-05-16 12:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-16 12:04 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.

------- Sigcheck -------

[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll

[-] 2008-12-19 12:29 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe

[-] 2008-12-19 12:43 1486336 D39127310CBAD1485EC5001A4ED1D853 c:\windows\explorer.exe

[-] 2008-12-19 12:23 40960 94927BB89A6825C4A5952A2BF78F027B c:\windows\system32\ctfmon.exe

[-] 2008-12-26 20:23 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_17.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 19:48 . 2009-06-08 19:48 16384 c:\windows\temp\Perflib_Perfdata_710.dat
+ 2009-06-08 19:49 . 2009-06-08 19:49 16384 c:\windows\temp\Perflib_Perfdata_2f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reclusa"=c:\program files\Razer\Reclusa\razerhid.exe
"Alcmtr"=ALCMTR.EXE
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="d:\programy\QuickTime\QTTask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"portmap.exe"=c:\windows\system32\portmap.exe
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Xfire\\xfire.exe"=
"e:\\GAMES\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\PROGRAMY\\HLSW\\hlsw.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\QIP\\qip.exe"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRAMY\\mIRCcz\\mirc32.exe"=
"e:\\GAMES\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"d:\\PROGRAMY\\VLC\\vlc.exe"=
"e:\\GAMES\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\GAMES\\Bohemia Interactive\\arma2.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.5.2009 15:08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.5.2009 15:08 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16.5.2009 16:30 604416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA6x.sys [17.5.2009 11:45 835712]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [16.5.2009 15:03 41984]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.5.2009 11:44 188416]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'

2009-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DiX\Data aplikací\Mozilla\Firefox\Profiles\c7eyf3ll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 23:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-08 23:33
ComboFix-quarantined-files.txt 2009-06-08 21:33
ComboFix2.txt 2009-06-08 19:44
ComboFix3.txt 2009-06-08 17:49

Před spuštěním: Volných bajtů: 46 279 155 712
Po spuštění: Volných bajtů: 46 273 261 568

338 --- E O F --- 2009-06-05 12:43

Damned · Příspěvekod **Damned** » 09 čer 2009 00:20

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"=-

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
*****************************************************************************************************************************************
Pro poslední kontrolu sem dej ještě log z HJT a popiš chování počítače.

Damned · Příspěvekod **Damned** » 09 čer 2009 08:13

No a protože ráno, je moudřejší večera a víc hlav, víc ví.
Tak ještě odstraníme toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"portmap.exe"=-

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval.
Potom sem dej log z HJT.

mareksn · Příspěvekod **mareksn** » 09 čer 2009 12:38

ahoj , sposobov ako vycistit PC je dost - skus pouzit aj to co ti tu poniektori radia . Podstatne pre teba bude ak sa ti podari vycistit svoje PC aby sa to znovu neopakovalo . Ja pouzivam HDDGuarder ten podobne problemy riesi . Skus pozriet hddguarder.sk

comboxxx · Příspěvekod **comboxxx** » 09 čer 2009 13:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:55, on 9.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\Alwil Software\Avast4\aswUpdSv.exe
D:\PROGRAMY\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\PROGRAMY\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
D:\PROGRAMY\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRAMY\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\PROGRAMY\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRAMY\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRAMY\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRAMY\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2515408249
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRAMY\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6157 bytes

ZAVIROVANÝ PC

ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Re: ZAVIROVANÝ PC

Kdo je online