Vir HTML/Iframe.gen trojský kůň na stránkách Vyřešeno

[Hurvajz.]

Ahoj, už delší dobu se na našich stránkách (www.ursus.cz) ukáže občas tenhle vir. Už několikrát jsme je projížděli NODem a poprvé sice něco našel, to jsme odstranili,ale po čase se tu a tam tenhle trojan zas na některé stránce objeví. Už jsme docela bezradní, zkoušeli jsme i "čistou verzi" webu vypálit na DVD, pak jsme web smazali a následně z DVD znovu nahráli na server. Chvilu klid, ale pak zas. NOD už teď nic nenajde...Problém je i u googlu, který pak případné návštěvníky na stránky nepustí. Třeba když dám do vyhledávače "ursus izrael", vyplivne mi to naše stránky a pod nimi je hláška "Tyto stránky mohou poškodit váš počítač." A je problém se na stránky dostat. Poradíte prosím nějaký postup...?
Jo ještě se občas neukáže ten Iframe.gen, ale nějaká neznámá webová adresa s divnou doménou (např. .cn)

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Nasadil bych toto:
Spusť F-Secure Online Scanner z některého odkazu.
http://support.f-secure.com/enu/home/ols.shtml
http://support.f-secure.com/enu/home/ols3.shtml#

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Hurvajz.]

Tak log z Malwebytes je tu, nenašel nic:

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2047
Windows 6.0.6000

27.4.2009 20:53:00
mbam-log-2009-04-27 (20-53-00).txt

Typ skenu: Úplný sken (C:\|E:\|)
Objektu skenováno: 314539
Uplynulý cas: 2 hour(s), 18 minute(s), 1 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)


A z toho druhého scanu zde:

Scanning Report

Monday, April 27, 2009 21:14:11 - 22:14:46

Computer name: HURVAJZ-PC
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\

Result: 2 malware found

TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adtech (spyware)
System
Statistics

Scanned:
Files: 57973
System: 4096
Not scanned: 16
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ALL USERS\LAVASOFT\AD-AWARE\MINIMESSAGE\2
Options

Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.8.9080, 2009-04-27
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure AVP: 7.0.171, 2009-04-27
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics


Zkusili jsme ještě změnit heslo k ftp, tak uvidíme, jestli to taky nepomůže..

[Hurvajz.]

Jinak mě už to neukazuje nic, ale kamarádovi (když jde na určité naše stránky - např. http://ursus.cz/fotoalbum/fotoalbum.html) to píše následující:

Bezpečného prohlížení
Diagnostická stránka ursus.cz/fotoalbum

Jaký je aktuální stav stránek ursus.cz/fotoalbum?

Stránky jsou na seznamu podezřelých stránek – návštěvou těchto stránek můžete poškodit svůj počítač.

Za posledních 90 dní byla část těchto stránek 1× uvedena v seznamu stránek s podezřelou aktivitou.

Co se stalo, když Google tuto stránku navštívil?

Z celkového počtu 333 stránek, které jsme za posledních 90 dní otestovali, došlo na stránce/stránkách 32 ke stáhnutí a nainstalování škodlivého softwaru bez souhlasu uživatele. Google tyto stránky naposledy navštívil dne 2009-04-27. Na těchto stránkách se podezřelý obsah vyskytl naposledy dne 2009-04-27.

Malicious software includes 44 exploit(s), 2 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Škodlivý software hostuje doména(y) 2, včetně domén(y)nipkelo.net/, gumblar.cn/.

This site was hosted on 1 network(s) including AS15685 (AS15685).

Fungovaly tyto stránky jako prostředník dalšího šíření škodlivého sofwaru?

Za posledních 90 dnů se u stránek ursus.cz/fotoalbum neprokázalo, že by fungovaly jako prostředník infikace jiných stránek.

Hostují tyto stránky škodlivý software?

Ne, za posledních 90 dnů tyto stránky nehostovaly škodlivý software.

Jak k tomu došlo?

V některých případech mohou třetí strany přidat škodlivý kód na legitimní stránky, což nás přiměje k zobrazení výstražného upozornění.

Další postup:

* Vraťte se na předchozí stránku.
* Jste-li majitelem těchto webových stránek, můžete požádat o kontrolu svých stránek pomocí Nástrojů pro webmastery Google. Další informace o této kontrole jsou k dispozici v Centru nápovědy pro webmastery.

[Hurvajz.]

Tak nakonec je problém snad vyřešen. Našel jsem v html kódu asi zavirovaný řádek, smazal jsem ho, změnil ftp heslo a zdá se, že je to ok.

[jaro3]

Taky se mi zdá , že tam nic není. JInak kontaktovat správce web. stránek.
Případně sem dát ještě nejspíše log z Combofixu+HJT( to nejprve).

[Hurvajz.]

Tak asi přecejen ještě není klid. Drtivé většině lidí to už nic neukazuje, ale páru lidem hlásí avast stále trojany, prý při kliknutí na jakýkoliv odkaz...Jak je to vůbec možné, že většině lidí to neukáže nic? V případě, že tam ten vir je, tak má asi většina blbý antivir, v případě že tam není, tak zas nechápu avast. Je mi to záhadou.
Tady jsou logy z combofixu a z HJT:

ComboFix 09-04-30.05 - Hurvajz 01.05.2009 8:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2045.1114 [GMT 2:00]
Spuštěný z: e:\instalace\Antiviry\ComboFix\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-01 do 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 12:15 . 2009-04-30 12:15 -------- d-----w C:\inet_srv
2009-04-29 13:18 . 2009-04-29 13:18 -------- d-----w c:\program files\Alwil Software
2009-04-27 18:59 . 2009-04-27 18:59 -------- d-----w C:\fsaua.data
2009-04-25 15:40 . 2009-04-22 10:48 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-23 10:49 . 2009-04-22 10:47 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-22 10:22 . 2009-04-22 10:22 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 10:22 . 2009-04-22 10:22 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 10:22 . 2009-04-22 10:22 -------- d-----w c:\program files\Lavasoft
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Malwarebytes
2009-04-21 07:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 07:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\programdata\Malwarebytes
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-21 07:06 . 2009-04-27 16:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 11:36 . 2009-04-18 11:36 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-18 11:36 . 2009-04-18 11:36 95232 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-18 11:36 . 2009-04-18 11:36 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-18 11:34 . 2009-04-18 11:34 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-18 11:33 . 2009-04-18 11:33 297472 ----a-w c:\windows\system32\gdi32.dll
2009-04-18 11:31 . 2009-04-18 11:31 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-18 11:31 . 2009-04-18 11:31 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-18 11:31 . 2009-04-18 11:31 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-18 11:29 . 2009-04-18 11:29 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-18 11:29 . 2009-04-18 11:29 4247552 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-18 11:29 . 2009-04-18 11:29 1687040 ----a-w c:\windows\system32\gameux.dll
2009-04-18 11:28 . 2009-04-18 11:28 1194496 ----a-w c:\windows\system32\msxml3.dll
2009-04-18 11:28 . 2009-04-18 11:28 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-18 11:27 . 2009-04-18 11:27 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-18 11:26 . 2009-04-18 11:26 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-04-18 11:26 . 2009-04-18 11:26 428032 ----a-w c:\windows\system32\EncDec.dll
2009-04-18 11:26 . 2009-04-18 11:26 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-04-18 11:25 . 2009-04-18 11:25 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-04-18 11:25 . 2009-04-18 11:25 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-18 11:25 . 2009-04-18 11:25 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-18 11:21 . 2009-04-18 11:21 2923520 ----a-w c:\windows\explorer.exe
2009-04-18 11:16 . 2009-04-18 11:16 25600 ----a-w c:\windows\system32\amxread.dll
2009-04-18 11:16 . 2009-04-18 11:16 14848 ----a-w c:\windows\system32\apilogen.dll
2009-04-18 11:16 . 2009-04-18 11:16 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-18 11:16 . 2009-04-18 11:16 712192 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-18 11:16 . 2009-04-18 11:16 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-18 11:14 . 2009-04-18 11:14 37376 ----a-w c:\windows\system32\printcom.dll
2009-04-18 11:14 . 2009-04-18 11:14 441856 ----a-w c:\windows\system32\win32spl.dll
2009-04-18 11:13 . 2009-04-18 11:13 290304 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-18 11:12 . 2009-04-18 11:12 269824 ----a-w c:\windows\system32\schannel.dll
2009-04-18 11:08 . 2009-04-18 11:08 2028032 ----a-w c:\windows\system32\win32k.sys
2009-04-18 09:51 . 2009-04-18 09:51 -------- d-----w c:\users\Hurvajz\AppData\Roaming\ESET
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Netscape
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\program files\Photodex Presenter
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\program files\Photodex
2009-04-01 13:46 . 2009-04-01 14:27 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Photodex

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 06:55 . 2007-01-08 21:09 87184 ----a-w c:\windows\system32\perfc005.dat
2009-04-28 06:55 . 2007-01-08 21:09 485164 ----a-w c:\windows\system32\perfh005.dat
2009-04-25 07:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-25 07:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-23 11:24 . 2008-09-16 19:09 -------- d-----w c:\program files\QIP
2009-04-23 06:43 . 2008-10-11 13:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-22 10:21 . 2008-09-18 18:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 07:22 . 2008-09-16 15:35 140576 ----a-w c:\users\Hurvajz\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-18 12:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-18 12:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-18 11:29 . 2009-04-18 11:29 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-18 11:29 . 2009-04-18 11:29 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-18 11:29 . 2009-04-18 11:29 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-18 11:29 . 2009-04-18 11:29 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-18 11:29 . 2009-04-18 11:29 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-18 11:17 . 2009-04-18 11:17 549888 ----a-w c:\windows\system32\rpcss.dll
2009-04-18 11:17 . 2009-04-18 11:17 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-18 11:17 . 2009-04-18 11:17 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-18 11:17 . 2009-04-18 11:17 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-18 11:17 . 2009-04-18 11:17 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-18 11:17 . 2009-04-18 11:17 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-04-18 11:17 . 2009-04-18 11:17 53248 ----a-w c:\windows\system32\iasads.dll
2009-04-18 11:17 . 2009-04-18 11:17 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-18 11:17 . 2009-04-18 11:17 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-04-18 11:17 . 2009-04-18 11:17 7680 ----a-w c:\windows\system32\lsass.exe
2009-04-18 11:17 . 2009-04-18 11:17 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-18 11:17 . 2009-04-18 11:17 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-04-18 11:16 . 2009-04-18 11:16 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-04-18 11:06 . 2009-04-18 11:06 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-18 11:06 . 2009-04-18 11:06 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-18 11:06 . 2009-04-18 11:06 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-18 11:06 . 2009-04-18 11:06 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-18 11:06 . 2009-04-18 11:06 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-18 11:06 . 2009-04-18 11:06 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-18 11:06 . 2009-04-18 11:06 56320 ----a-w c:\windows\system32\iesetup.dll
2009-04-18 09:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-18 09:47 . 2008-09-20 10:33 -------- d-----w c:\program files\ESET
2009-03-26 23:57 . 2009-03-26 23:57 -------- d-----w c:\program files\NASA
2009-03-26 09:46 . 2008-10-28 14:52 -------- d-----w c:\program files\Java
2009-03-20 15:38 . 2009-03-20 15:38 -------- d-----w c:\program files\Ligos
2009-03-20 14:42 . 2009-03-20 14:37 -------- d-----w c:\program files\bwin
2009-03-20 09:05 . 2009-03-20 09:05 -------- d-----w c:\program files\Guitar Pro 5
2009-03-19 09:45 . 2009-03-19 09:45 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 09:45 . 2009-03-19 09:45 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-19 09:45 . 2009-03-19 09:45 131976 ----a-w c:\windows\system32\drivers\epfw.sys
2009-03-19 09:44 . 2009-03-19 09:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 09:41 . 2009-03-19 09:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-14 19:11 . 2009-03-14 19:09 -------- d-----w c:\program files\Common Files\Nero
2009-03-14 18:59 . 2009-03-01 20:21 -------- d-----w c:\program files\Common Files\ESRI
2009-03-12 22:34 . 2009-03-12 19:51 -------- d-----w c:\program files\Jalbum
2009-03-12 22:29 . 2008-09-19 08:09 -------- d-----w c:\program files\Opera
2009-03-09 04:19 . 2008-10-28 14:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 17:16 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-03-04 17:16 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-03-04 14:57 . 2009-03-03 13:23 680 ----a-w c:\users\Hurvajz\AppData\Local\d3d9caps.dat
2009-03-03 09:15 . 2009-03-03 09:15 -------- d-----w c:\program files\FDRLab
2009-03-02 19:13 . 2009-03-02 19:13 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-02 19:13 . 2009-03-02 19:13 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-02 19:13 . 2009-03-02 19:13 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-02 19:12 . 2009-03-02 19:12 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-02 19:12 . 2009-03-02 19:12 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-02 19:12 . 2009-03-02 19:12 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-02 19:12 . 2009-03-02 19:12 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-02 18:48 . 2009-03-02 18:48 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-02 18:48 . 2009-03-02 18:48 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-02 18:48 . 2009-03-02 18:48 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-02 18:48 . 2009-03-02 18:48 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-02 18:48 . 2009-03-02 18:48 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-02 18:30 . 2009-03-02 18:30 2855424 ----a-w c:\windows\system32\mf.dll
2009-03-02 18:30 . 2009-03-02 18:30 98816 ----a-w c:\windows\system32\mfps.dll
2009-03-02 18:30 . 2009-03-02 18:30 52736 ----a-w c:\windows\system32\rrinstaller.exe
2009-03-02 18:30 . 2009-03-02 18:30 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-03-02 18:30 . 2009-03-02 18:30 2048 ----a-w c:\windows\system32\mferror.dll
2009-03-02 18:30 . 2009-03-02 18:30 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-03-02 18:30 . 2009-03-02 18:30 94720 ----a-w c:\windows\system32\logagent.exe
2009-03-02 18:30 . 2009-03-02 18:30 1645568 ----a-w c:\windows\system32\connect.dll
2009-03-02 18:28 . 2009-03-02 18:28 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-02 18:28 . 2009-03-02 18:28 1341440 ----a-w c:\windows\system32\msxml6.dll
2009-03-02 17:12 . 2009-03-02 17:12 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-03-02 17:12 . 2009-03-02 17:12 43544 ----a-w c:\windows\system32\wups2.dll
2009-03-02 17:12 . 2009-03-02 17:12 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-03-02 17:12 . 2009-03-02 17:12 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-03-02 17:12 . 2009-03-02 17:12 83456 ----a-w c:\windows\system32\wudriver.dll
2009-03-02 17:12 . 2009-03-02 17:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-03-02 17:12 . 2009-03-02 17:12 34328 ----a-w c:\windows\system32\wups.dll
2009-03-02 17:12 . 2009-03-02 17:12 31232 ----a-w c:\windows\system32\wuapp.exe
2009-03-02 17:12 . 2009-03-02 17:12 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-03-02 15:38 . 2009-03-02 15:38 -------- d-----w c:\program files\Common Files\xing shared
2009-03-02 15:38 . 2009-03-02 15:37 -------- d-----w c:\program files\Common Files\Real
2009-03-02 15:37 . 2009-03-02 15:37 -------- d-----w c:\program files\Real
2009-03-02 15:03 . 2008-09-16 15:12 -------- d-----w c:\program files\ATI
2009-02-28 21:52 . 2009-02-28 18:56 53248 ----a-w c:\windows\system32\apache.dll
2009-02-23 23:42 . 2009-02-23 23:42 108144 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-02 09:43 . 2009-02-02 09:43 95 ----a-w c:\users\Hurvajz\AppData\Local\fusioncache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-04 1232896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
"Quiet Internet Pager"="c:\program files\QIP\qip.exe" [2009-02-05 3367424]
"Google Update"="c:\users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"CooLWPC3"="c:\program files\CooL Wallpaper Changer\coolwpc.exe" [2003-04-06 1008128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-10-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 12:26 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C91DFDE-C7D4-421D-9F21-89ED7F61F114}"= UDP:c:\totalcmd\TOTALCMD.EXE:Total Commander
"{FFC4B541-40AE-4E79-A947-54BAAACBC04C}"= TCP:c:\totalcmd\TOTALCMD.EXE:Total Commander
"{69101C4B-BA5C-47A0-B01F-440C0999711B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AB08DA5-0CAC-4A29-A5B8-6D00D0D3A72B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2A30BF6F-D596-4D34-BB65-402F7B04B5A0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F3648444-7AF3-4C4B-98F5-1B6191C28C19}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{535550C9-7AD3-464A-B32D-62164B93E63F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FE6EC4CD-7C22-4750-9862-8A96B82FCC6A}e:\\instalace\\dc++ strong\\strongdc.exe"= UDP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"UDP Query User{A2AFC425-31EB-4F09-85E6-5D3735ACDC9B}e:\\instalace\\dc++ strong\\strongdc.exe"= TCP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"TCP Query User{06BE0655-625A-40B5-B4CD-DCD97F523A72}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{82A1649C-5CED-41F2-AC18-0F63AF1992D9}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{2B85DB4B-8FA8-44AC-9C7B-330C268F141E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B0E8588-6B02-4625-810E-B6522558716F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1C916E9-079B-407E-8B74-D729FFC217DA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{959FCE67-15D4-4D4D-8926-264570FE81AA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D22B4ACF-9DC1-47C7-9FD5-AF4DA7FA2085}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{7CAB8E20-445F-4DCA-8F15-DA0CB3EC80A1}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{AC04FF71-E6FC-454B-A405-0BA33822B4DB}e:\\instalace\\dc++ strong\\strongdc.exe"= UDP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"UDP Query User{753ADA58-A2F3-4A7E-BFC6-12E2537440B9}e:\\instalace\\dc++ strong\\strongdc.exe"= TCP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"TCP Query User{95985BBD-1B5D-493C-A1A1-06E681919DA2}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2B7E4137-E19F-4670-A29A-3F87F34F34BA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{BEE70A78-E31C-45B5-A9FE-F121DB1728D3}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9C168AB6-29D3-487C-9754-B8014DB226A3}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EC7E6771-B9AF-41BB-96F1-61F38C4DA276}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{6818CD4E-5EDA-4714-8735-CC994BDFF528}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{ADC52A09-12FD-44DF-A414-92D8DF4A518A}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{4DD8CB15-EB72-4A6B-85E7-D726CD08845C}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{BD8EAE99-D7BA-4DF0-81D9-08781E3D78B5}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{E36BC9FF-8A45-4EF4-ACB2-A41A887F7FE8}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{6B7BE21F-15FC-4A68-B841-6010EA445CC4}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{23AF43BA-CB5B-422B-9035-2E60F230E4EB}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{64C27082-CFE1-495B-8693-B8CAEE0B7D42}"= UDP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{29C8EDB4-DC6B-4943-857F-609D34353353}"= TCP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{8A42F86D-17AC-44CF-A1B9-CD11F83C64E4}"= UDP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FFD18FE1-2B00-41D4-8915-D682323F9920}"= TCP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{50DF0B81-CA58-489D-8FAB-9EF4156D57A6}"= UDP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{283CED15-C5D7-4934-8384-094FFCCBE329}"= TCP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{0E8B354A-2DB5-484D-8111-8EE3EF56CD2C}"= UDP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EAC79E0C-4E6C-4BEF-AE1D-1190AAEF5380}"= TCP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{D3F8F64C-33BC-4F8B-B1DC-0B7B755B0F9B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{461D9F78-E0FA-4B12-8FC6-D36DB399820C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{8CC98B8F-E17A-4CE6-BBAA-B59158079B5C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E5A91624-CB67-4736-B0EC-F65442BC2071}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{71C39BCD-A456-4938-ADED-E778F6D15D50}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{381D7CEF-EAB7-4F96-9378-B3D5B271B7B7}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{D3F29B3B-3B19-4F8F-90DF-309F3EF7EC8F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{5ED9675F-F68E-4106-881F-46F2ED820847}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{9549C4E6-1630-4763-8353-827E185B8E5B}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{2BD00363-13FD-4219-86FA-EE6C87DBFEFE}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{001598E6-F57B-4F7F-B9E9-DACF20E61C18}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{FF27D6CF-EB98-4C05-9186-792D894AE576}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R3 TpChoice;Touch Pad Detection Filter driver; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-22 64160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-10-04 70144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-10-12 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-10-12 55024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-22 953168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7aa3311-a502-11dd-bbf6-001b38b6c610}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf2c4a0-b228-11dd-867e-001b38b6c610}]
\shell\AutoRun\command - G:\setupSNK.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:09]

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:47]

2009-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248057044-2018895401-2617936714-1000.job
- c:\users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 23:28]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-toscdspd - TOSCDSPD.EXE


.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\users\Hurvajz\AppData\Roaming\Mozilla\Firefox\Profiles\jhwowk59.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Hurvajz\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Hurvajz\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 09:01
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4352)
e:\instalace\NOKIA E-50\Nokia PC Suite 7\phonebrowser.dll
e:\instalace\NOKIA E-50\Nokia PC Suite 7\NGSCM.DLL
e:\instalace\NOKIA E-50\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
e:\instalace\NOKIA E-50\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
Celkový čas: 2009-05-01 9:04
ComboFix-quarantined-files.txt 2009-05-01 07:04

Před spuštěním: 3 832 532 992
Po spuštění: 3 865 223 168

443 --- E O F --- 2009-04-18 11:36




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:28, on 1.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\CooL Wallpaper Changer\coolwpc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\totalcmd\TOTALCMD.EXE
E:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Quiet Internet Pager] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CooLWPC3] C:\Program Files\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8910 bytes

[jaro3]

Především si odinstaluj ten cracklý ESET...a pořiď si něco free...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
C:\fsaua.data

File::
c:\windows\system32\regedt32.exe

Driver::
NOD32FiXTemDono
regedt32

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Hurvajz.]

ComboFix 09-04-30.05 - Hurvajz 01.05.2009 11:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2045.1207 [GMT 2:00]
Spuštěný z: e:\instalace\Antiviry\ComboFix\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hurvajz\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\regedt32.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fsaua.data
c:\windows\system32\regedt32.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NOD32FiXTemDono


((((((((((((((((((((((((( Soubory vytvořené od 2009-04-01 do 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 12:15 . 2009-04-30 12:15 -------- d-----w C:\inet_srv
2009-04-29 13:18 . 2009-04-29 13:18 -------- d-----w c:\program files\Alwil Software
2009-04-25 15:40 . 2009-04-22 10:48 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-23 10:49 . 2009-04-22 10:47 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-22 10:22 . 2009-04-22 10:22 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 10:22 . 2009-04-22 10:22 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 10:22 . 2009-04-22 10:22 -------- d-----w c:\program files\Lavasoft
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Malwarebytes
2009-04-21 07:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 07:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\programdata\Malwarebytes
2009-04-21 07:06 . 2009-04-21 07:06 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-21 07:06 . 2009-04-27 16:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 11:36 . 2009-04-18 11:36 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-18 11:36 . 2009-04-18 11:36 95232 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-18 11:36 . 2009-04-18 11:36 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-18 11:34 . 2009-04-18 11:34 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-18 11:33 . 2009-04-18 11:33 297472 ----a-w c:\windows\system32\gdi32.dll
2009-04-18 11:31 . 2009-04-18 11:31 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-18 11:31 . 2009-04-18 11:31 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-18 11:31 . 2009-04-18 11:31 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-18 11:29 . 2009-04-18 11:29 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-18 11:29 . 2009-04-18 11:29 4247552 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-18 11:29 . 2009-04-18 11:29 1687040 ----a-w c:\windows\system32\gameux.dll
2009-04-18 11:28 . 2009-04-18 11:28 1194496 ----a-w c:\windows\system32\msxml3.dll
2009-04-18 11:28 . 2009-04-18 11:28 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-18 11:27 . 2009-04-18 11:27 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-18 11:26 . 2009-04-18 11:26 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-04-18 11:26 . 2009-04-18 11:26 428032 ----a-w c:\windows\system32\EncDec.dll
2009-04-18 11:26 . 2009-04-18 11:26 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-04-18 11:25 . 2009-04-18 11:25 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-04-18 11:25 . 2009-04-18 11:25 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-18 11:25 . 2009-04-18 11:25 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-18 11:21 . 2009-04-18 11:21 2923520 ----a-w c:\windows\explorer.exe
2009-04-18 11:16 . 2009-04-18 11:16 25600 ----a-w c:\windows\system32\amxread.dll
2009-04-18 11:16 . 2009-04-18 11:16 14848 ----a-w c:\windows\system32\apilogen.dll
2009-04-18 11:16 . 2009-04-18 11:16 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-18 11:16 . 2009-04-18 11:16 712192 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-18 11:16 . 2009-04-18 11:16 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-18 11:14 . 2009-04-18 11:14 37376 ----a-w c:\windows\system32\printcom.dll
2009-04-18 11:14 . 2009-04-18 11:14 441856 ----a-w c:\windows\system32\win32spl.dll
2009-04-18 11:13 . 2009-04-18 11:13 290304 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-18 11:12 . 2009-04-18 11:12 269824 ----a-w c:\windows\system32\schannel.dll
2009-04-18 11:08 . 2009-04-18 11:08 2028032 ----a-w c:\windows\system32\win32k.sys
2009-04-18 09:51 . 2009-04-18 09:51 -------- d-----w c:\users\Hurvajz\AppData\Roaming\ESET
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Netscape
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\program files\Photodex Presenter
2009-04-01 13:46 . 2009-04-01 13:46 -------- d-----w c:\program files\Photodex
2009-04-01 13:46 . 2009-04-01 14:27 -------- d-----w c:\users\Hurvajz\AppData\Roaming\Photodex

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 06:55 . 2007-01-08 21:09 87184 ----a-w c:\windows\system32\perfc005.dat
2009-04-28 06:55 . 2007-01-08 21:09 485164 ----a-w c:\windows\system32\perfh005.dat
2009-04-25 07:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-25 07:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-23 11:24 . 2008-09-16 19:09 -------- d-----w c:\program files\QIP
2009-04-23 06:43 . 2008-10-11 13:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-22 10:21 . 2008-09-18 18:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 07:22 . 2008-09-16 15:35 140576 ----a-w c:\users\Hurvajz\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-18 12:33 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-18 12:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-18 11:29 . 2009-04-18 11:29 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-18 11:29 . 2009-04-18 11:29 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-18 11:29 . 2009-04-18 11:29 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-18 11:29 . 2009-04-18 11:29 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-18 11:29 . 2009-04-18 11:29 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-18 11:17 . 2009-04-18 11:17 549888 ----a-w c:\windows\system32\rpcss.dll
2009-04-18 11:17 . 2009-04-18 11:17 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-18 11:17 . 2009-04-18 11:17 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-18 11:17 . 2009-04-18 11:17 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-18 11:17 . 2009-04-18 11:17 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-18 11:17 . 2009-04-18 11:17 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-04-18 11:17 . 2009-04-18 11:17 53248 ----a-w c:\windows\system32\iasads.dll
2009-04-18 11:17 . 2009-04-18 11:17 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-18 11:17 . 2009-04-18 11:17 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-04-18 11:17 . 2009-04-18 11:17 7680 ----a-w c:\windows\system32\lsass.exe
2009-04-18 11:17 . 2009-04-18 11:17 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-18 11:17 . 2009-04-18 11:17 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-04-18 11:16 . 2009-04-18 11:16 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-04-18 11:06 . 2009-04-18 11:06 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-18 11:06 . 2009-04-18 11:06 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-18 11:06 . 2009-04-18 11:06 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-18 11:06 . 2009-04-18 11:06 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-18 11:06 . 2009-04-18 11:06 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-18 11:06 . 2009-04-18 11:06 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-18 11:06 . 2009-04-18 11:06 56320 ----a-w c:\windows\system32\iesetup.dll
2009-04-18 09:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-18 09:47 . 2008-09-20 10:33 -------- d-----w c:\program files\ESET
2009-03-26 23:57 . 2009-03-26 23:57 -------- d-----w c:\program files\NASA
2009-03-26 09:46 . 2008-10-28 14:52 -------- d-----w c:\program files\Java
2009-03-20 15:38 . 2009-03-20 15:38 -------- d-----w c:\program files\Ligos
2009-03-20 14:42 . 2009-03-20 14:37 -------- d-----w c:\program files\bwin
2009-03-20 09:05 . 2009-03-20 09:05 -------- d-----w c:\program files\Guitar Pro 5
2009-03-19 09:45 . 2009-03-19 09:45 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 09:45 . 2009-03-19 09:45 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-19 09:45 . 2009-03-19 09:45 131976 ----a-w c:\windows\system32\drivers\epfw.sys
2009-03-19 09:44 . 2009-03-19 09:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 09:41 . 2009-03-19 09:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-14 19:11 . 2009-03-14 19:09 -------- d-----w c:\program files\Common Files\Nero
2009-03-14 18:59 . 2009-03-01 20:21 -------- d-----w c:\program files\Common Files\ESRI
2009-03-12 22:34 . 2009-03-12 19:51 -------- d-----w c:\program files\Jalbum
2009-03-12 22:29 . 2008-09-19 08:09 -------- d-----w c:\program files\Opera
2009-03-09 04:19 . 2008-10-28 14:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 17:16 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-03-04 17:16 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-03-04 14:57 . 2009-03-03 13:23 680 ----a-w c:\users\Hurvajz\AppData\Local\d3d9caps.dat
2009-03-03 09:15 . 2009-03-03 09:15 -------- d-----w c:\program files\FDRLab
2009-03-02 19:13 . 2009-03-02 19:13 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-02 19:13 . 2009-03-02 19:13 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-02 19:13 . 2009-03-02 19:13 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-02 19:12 . 2009-03-02 19:12 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-02 19:12 . 2009-03-02 19:12 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-02 19:12 . 2009-03-02 19:12 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-02 19:12 . 2009-03-02 19:12 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-02 18:48 . 2009-03-02 18:48 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-02 18:48 . 2009-03-02 18:48 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-02 18:48 . 2009-03-02 18:48 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-02 18:48 . 2009-03-02 18:48 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-02 18:48 . 2009-03-02 18:48 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-02 18:30 . 2009-03-02 18:30 2855424 ----a-w c:\windows\system32\mf.dll
2009-03-02 18:30 . 2009-03-02 18:30 98816 ----a-w c:\windows\system32\mfps.dll
2009-03-02 18:30 . 2009-03-02 18:30 52736 ----a-w c:\windows\system32\rrinstaller.exe
2009-03-02 18:30 . 2009-03-02 18:30 24576 ----a-w c:\windows\system32\mfpmp.exe
2009-03-02 18:30 . 2009-03-02 18:30 2048 ----a-w c:\windows\system32\mferror.dll
2009-03-02 18:30 . 2009-03-02 18:30 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-03-02 18:30 . 2009-03-02 18:30 94720 ----a-w c:\windows\system32\logagent.exe
2009-03-02 18:30 . 2009-03-02 18:30 1645568 ----a-w c:\windows\system32\connect.dll
2009-03-02 18:28 . 2009-03-02 18:28 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-03-02 18:28 . 2009-03-02 18:28 1341440 ----a-w c:\windows\system32\msxml6.dll
2009-03-02 17:12 . 2009-03-02 17:12 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-03-02 17:12 . 2009-03-02 17:12 43544 ----a-w c:\windows\system32\wups2.dll
2009-03-02 17:12 . 2009-03-02 17:12 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-03-02 17:12 . 2009-03-02 17:12 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-03-02 17:12 . 2009-03-02 17:12 83456 ----a-w c:\windows\system32\wudriver.dll
2009-03-02 17:12 . 2009-03-02 17:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-03-02 17:12 . 2009-03-02 17:12 34328 ----a-w c:\windows\system32\wups.dll
2009-03-02 17:12 . 2009-03-02 17:12 31232 ----a-w c:\windows\system32\wuapp.exe
2009-03-02 17:12 . 2009-03-02 17:12 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-03-02 15:38 . 2009-03-02 15:38 -------- d-----w c:\program files\Common Files\xing shared
2009-03-02 15:38 . 2009-03-02 15:37 -------- d-----w c:\program files\Common Files\Real
2009-03-02 15:37 . 2009-03-02 15:37 -------- d-----w c:\program files\Real
2009-03-02 15:03 . 2008-09-16 15:12 -------- d-----w c:\program files\ATI
2009-02-28 21:52 . 2009-02-28 18:56 53248 ----a-w c:\windows\system32\apache.dll
2009-02-23 23:42 . 2009-02-23 23:42 108144 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-02 09:43 . 2009-02-02 09:43 95 ----a-w c:\users\Hurvajz\AppData\Local\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-01_07.01.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 20:47 . 2009-05-01 09:49 3066912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-10-25 20:47 . 2009-04-29 22:13 3066912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-04 1232896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]
"Quiet Internet Pager"="c:\program files\QIP\qip.exe" [2009-02-05 3367424]
"Google Update"="c:\users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"CooLWPC3"="c:\program files\CooL Wallpaper Changer\coolwpc.exe" [2003-04-06 1008128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-10-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 12:26 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C91DFDE-C7D4-421D-9F21-89ED7F61F114}"= UDP:c:\totalcmd\TOTALCMD.EXE:Total Commander
"{FFC4B541-40AE-4E79-A947-54BAAACBC04C}"= TCP:c:\totalcmd\TOTALCMD.EXE:Total Commander
"{69101C4B-BA5C-47A0-B01F-440C0999711B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AB08DA5-0CAC-4A29-A5B8-6D00D0D3A72B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2A30BF6F-D596-4D34-BB65-402F7B04B5A0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F3648444-7AF3-4C4B-98F5-1B6191C28C19}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{535550C9-7AD3-464A-B32D-62164B93E63F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FE6EC4CD-7C22-4750-9862-8A96B82FCC6A}e:\\instalace\\dc++ strong\\strongdc.exe"= UDP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"UDP Query User{A2AFC425-31EB-4F09-85E6-5D3735ACDC9B}e:\\instalace\\dc++ strong\\strongdc.exe"= TCP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"TCP Query User{06BE0655-625A-40B5-B4CD-DCD97F523A72}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{82A1649C-5CED-41F2-AC18-0F63AF1992D9}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{2B85DB4B-8FA8-44AC-9C7B-330C268F141E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B0E8588-6B02-4625-810E-B6522558716F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1C916E9-079B-407E-8B74-D729FFC217DA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{959FCE67-15D4-4D4D-8926-264570FE81AA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D22B4ACF-9DC1-47C7-9FD5-AF4DA7FA2085}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{7CAB8E20-445F-4DCA-8F15-DA0CB3EC80A1}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{AC04FF71-E6FC-454B-A405-0BA33822B4DB}e:\\instalace\\dc++ strong\\strongdc.exe"= UDP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"UDP Query User{753ADA58-A2F3-4A7E-BFC6-12E2537440B9}e:\\instalace\\dc++ strong\\strongdc.exe"= TCP:e:\instalace\dc++ strong\strongdc.exe:StrongDC++
"TCP Query User{95985BBD-1B5D-493C-A1A1-06E681919DA2}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2B7E4137-E19F-4670-A29A-3F87F34F34BA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{BEE70A78-E31C-45B5-A9FE-F121DB1728D3}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9C168AB6-29D3-487C-9754-B8014DB226A3}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EC7E6771-B9AF-41BB-96F1-61F38C4DA276}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{6818CD4E-5EDA-4714-8735-CC994BDFF528}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{ADC52A09-12FD-44DF-A414-92D8DF4A518A}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{4DD8CB15-EB72-4A6B-85E7-D726CD08845C}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{BD8EAE99-D7BA-4DF0-81D9-08781E3D78B5}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{E36BC9FF-8A45-4EF4-ACB2-A41A887F7FE8}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{6B7BE21F-15FC-4A68-B841-6010EA445CC4}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{23AF43BA-CB5B-422B-9035-2E60F230E4EB}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{64C27082-CFE1-495B-8693-B8CAEE0B7D42}"= UDP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{29C8EDB4-DC6B-4943-857F-609D34353353}"= TCP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{8A42F86D-17AC-44CF-A1B9-CD11F83C64E4}"= UDP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FFD18FE1-2B00-41D4-8915-D682323F9920}"= TCP:e:\hry\S.T.A.L.K.E.R.Shadow.of.Chernobyl rozbalená\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{50DF0B81-CA58-489D-8FAB-9EF4156D57A6}"= UDP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{283CED15-C5D7-4934-8384-094FFCCBE329}"= TCP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{0E8B354A-2DB5-484D-8111-8EE3EF56CD2C}"= UDP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EAC79E0C-4E6C-4BEF-AE1D-1190AAEF5380}"= TCP:e:\hry\stalker rozbaleny\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{D3F8F64C-33BC-4F8B-B1DC-0B7B755B0F9B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{461D9F78-E0FA-4B12-8FC6-D36DB399820C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{8CC98B8F-E17A-4CE6-BBAA-B59158079B5C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E5A91624-CB67-4736-B0EC-F65442BC2071}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{71C39BCD-A456-4938-ADED-E778F6D15D50}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{381D7CEF-EAB7-4F96-9378-B3D5B271B7B7}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{D3F29B3B-3B19-4F8F-90DF-309F3EF7EC8F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{5ED9675F-F68E-4106-881F-46F2ED820847}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{9549C4E6-1630-4763-8353-827E185B8E5B}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{2BD00363-13FD-4219-86FA-EE6C87DBFEFE}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{001598E6-F57B-4F7F-B9E9-DACF20E61C18}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{FF27D6CF-EB98-4C05-9186-792D894AE576}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 TpChoice;Touch Pad Detection Filter driver; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-22 64160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-10-04 70144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-10-12 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-10-12 55024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-22 953168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]


--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7aa3311-a502-11dd-bbf6-001b38b6c610}]
\shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf2c4a0-b228-11dd-867e-001b38b6c610}]
\shell\AutoRun\command - G:\setupSNK.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:09]

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:47]

2009-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248057044-2018895401-2617936714-1000.job
- c:\users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 23:28]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\users\Hurvajz\AppData\Roaming\Mozilla\Firefox\Profiles\jhwowk59.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Hurvajz\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Hurvajz\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 11:52
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5380)
e:\instalace\NOKIA E-50\Nokia PC Suite 7\phonebrowser.dll
e:\instalace\NOKIA E-50\Nokia PC Suite 7\NGSCM.DLL
e:\instalace\NOKIA E-50\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
e:\instalace\NOKIA E-50\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Celkový čas: 2009-05-01 11:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-01 09:56
ComboFix2.txt 2009-05-01 07:04

Před spuštěním: 4 308 393 984
Po spuštění: 3 717 820 416

481 --- E O F --- 2009-04-18 11:36




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:37, on 1.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CooL Wallpaper Changer\coolwpc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\notepad.exe
C:\totalcmd\TOTALCMD.EXE
E:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Quiet Internet Pager] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CooLWPC3] C:\Program Files\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8878 bytes

[Hurvajz.]

A jaký free antivir bys doporučil?

[jaro3]

Doporučuji Aviru , nebo pokud máš rychlejší PC Avast, neprve odinstaluj ten ESET, kdyby nešel , tak tady :
http://www.nod32.nl/download/tool/nod32removal.exe

Jinak budeme muset ještě použít script v CF.
Odinstaluj a vlož nový log z HJT, nákaza už tam žádná není.

[Hurvajz.]

nákaza už tam žádná není

myslíš na mém PC nebo na webu? Odinstaloval jsem totiž NODa, nainstaloval Avast a opravdu mi hlásí téměř u každého odkazu trojana... Už jsem z toho celkem zoufalý. Je teoreticky možné, že Avast vidí něco co neexistuje, nebo tam opravdu trojan je? Podotýkám, že obsah webu nemám u sebe jen já, ale další 2 lidé, kteří také stahují i nahrávají věci ze serveru.

Tady je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:28, on 2.5.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\QIP\qip.exe
C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\CooL Wallpaper Changer\coolwpc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\totalcmd\TOTALCMD.EXE
E:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Quiet Internet Pager] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hurvajz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CooLWPC3] C:\Program Files\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9195 bytes