PC-HELP.CZ

Zdravim vsetkych a prosim o radu/pomoc. Na NB HP Pavillion dv6730 + Vista Home mi AVAST stale vypisuje hlasenie (vid priloha). Napriek tomu, ze som dal subor zmazat, urobil som kontrolu celeho PC Avastom aj NOD32 (nenasli nic), stale mi toto hlasenie nabieha. Mam ho ignorovat alebo... Vopred dakujem za rady.
Nazov suboru: C:\Windows\System32\Drivers\kufwysj.sys
Typ: skryte sluzby
Nazov vzorky: Win32:Malware-gen

No jasne, ze ho nebudeme ignorovat :)
Budeme mazat

1) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Obrázek

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

2) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

nno zacina to byt zaujimave.. Po spusteni GMERu mi to hned vybehla hlaska na ten rootkit - postupovl som podla pokynov, ale aj tak mi ca. po minute nabehla hlaska WIN, ze program GMER prestal pracovat a musi byt ukonceny. Nesledne modra obrazovka s chybovym hlasenim a restart systemu. Toto som absolvoval 3x, pricom vsetky programy co sa dali som povypinal... Prikladam aj zobrazenie podrobnosti chyboveho hlasenia.

Takze som spustil len DDS - ten zbehol bez problemov. Logy prikladam.
Hlasenie WIN po predcasnom ukonceni GMERu:

Podpis problému:
Název události problému: BlueScreen
Verze operačního systému: 6.0.6002.2.2.0.768.3
ID národního prostředí: 1029

Další informace o problému:
BCCode: 50
BCP1: A24D8000
BCP2: 00000000
BCP3: 8E1EFD3D
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Soubory umožňující popis problému:
C:\Windows\Minidump\Mini123109-02.dmp
C:\Users\tpd\AppData\Local\Temp\WER-53461-0.sysdata.xml
C:\Users\tpd\AppData\Local\Temp\WER270.tmp.version.txt

Přečtěte si prohlášení o zásadách ochrany osobních údajů:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0405

Attach-file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13.2.2008 22:49:01
System Uptime: 31.12.2009 11:03:49 (0 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 22,455 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 2,089 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Photosmart C4500
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart C4500
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer
AAA Logo 2009 Home Edition 3.0 Free Trial
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator 10 Tryout
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Reader 8 - Czech
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon MP3 Downloader 1.0.3
Apple Mobile Device Support
Apple Software Update
Asistent pro přihlášení ke službě Windows Live
AuthenTec Fingerprint Sensor Minimum Install
avast! Antivirus
Balík Compatibility Pack pre systém Office 2007
Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
BS.Player FREE
CCleaner
Connect
CyberLink YouCam
DigitalPersona Personal 3.0.0
DVD Suite
ESU for Microsoft Vista
Free Audio CD Burner version 1.2
Free Studio version 4.2
Free Video to Flash Converter version 4.1
Free Video to Mp3 Converter version 3.1
Free YouTube to iPod Converter version 3.1
Free YouTube to MP3 Converter version 3.2
Google Earth
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Update
HP User Guides 0087
HP Wireless Assistant
ICQ6.5
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 2
kuler
LabelPrint
LightScribe System Software 1.10.13.1
Môj CEWE Fotosvet
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network
Nástroj pro odesílání služby Windows Live
NVIDIA Drivers
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Power2Go
PowerDirector
PS_AIO_04_C4580_Software_Min
QuickPlay SlingPlayer 0.4.4
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG PC Share Manager
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Scan
Skype™ 3.8
Slovník EN-SK
Spybot - Search & Destroy
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toolbox
TuneUp Utilities 2009
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
vixy converter uninstall
WaterWorks (Sorted)
Winamp (remove only)
Windows Live Sync
WinRAR archivátor
Zoner Photo Studio 10

==== End Of File ===========================

DDS-file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by tpd at 11:07:49,20 on źt 31.12.2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1281 [GMT 1:00]

AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1290 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\iashost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\tpd\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
TB: iMesh MediaBar: {b7d3e479-cc68-42b5-a338-938ece35f419} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: {4C9B5CBD-E035-4A78-8014-BCB4721F2096} = 192.168.1.1
TCP: {4DFA776A-027C-413D-A84B-81658F00062B} = 208.67.220.220,208.67.222.222
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-6-22 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-3 138680]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-17 233472]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-3 352920]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-17 36608]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-3 21504]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-12-17 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-12-17 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-12-17 121856]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2009-1-8 4136960]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-8-3 16896]

=============== Created Last 30 ================

2009-12-31 09:39:27 234965237 ----a-w- c:\windows\MEMORY.DMP
2009-12-27 14:49:25 0 d---a-w- c:\windows\VDLL.DLL
2009-12-27 14:49:25 0 d---a-w- c:\windows\system32\runouce.exe
2009-12-27 14:49:25 0 d---a-w- c:\windows\rundll16.exe
2009-12-27 14:49:25 0 d---a-w- c:\windows\RUNDL132.EXE
2009-12-27 14:49:25 0 d---a-w- c:\windows\logo1_.exe
2009-12-27 14:49:25 0 d---a-w- c:\windows\logo_1.exe
2009-12-27 14:45:01 54 ----a-w- c:\windows\Lic.xxx
2009-12-27 14:44:15 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-27 14:44:14 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-27 14:44:13 522 ----a-w- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-12-27 14:44:13 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-27 14:44:08 0 d-----w- c:\program files\common files\MicroWorld
2009-12-27 14:44:07 0 d-----w- c:\programdata\MicroWorld
2009-12-24 19:42:18 714752 ----a-w- c:\windows\system32\drivers\kufwysj.sys
2009-12-17 20:42:08 0 d-----w- c:\program files\MarkAny
2009-12-17 00:40:21 0 d-----w- c:\programdata\PC Suite
2009-12-17 00:38:21 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-17 00:38:18 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-17 00:38:00 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2009-12-17 00:38:00 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2009-12-17 00:38:00 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2009-12-17 00:38:00 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2009-12-17 00:37:59 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2009-12-17 00:37:59 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2009-12-17 00:37:59 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2009-12-17 00:37:31 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-17 00:36:25 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-17 00:36:25 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-17 00:36:25 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-17 00:36:08 0 d-----w- c:\users\tpd\appdata\roaming\Samsung
2009-12-17 00:35:35 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-11 22:51:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 22:50:54 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 22:50:53 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 06:00:05 0 d-----w- c:\program files\Windows Portable Devices
2009-12-11 05:58:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-10 23:33:38 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-10 23:32:33 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-10 23:32:33 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-10 23:32:33 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-09 20:23:35 0 d-----w- c:\windows\system32\eu-ES
2009-12-09 20:23:35 0 d-----w- c:\windows\system32\ca-ES
2009-12-09 20:23:34 0 d-----w- c:\windows\system32\vi-VN
2009-12-09 19:52:13 0 d-----w- c:\windows\system32\EventProviders
2009-12-05 09:38:49 0 d-----w- c:\program files\TuneUp Utilities 2009
2009-12-05 07:50:52 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-12-31 09:56:26 6396 ----a-w- c:\windows\bthservsdp.dat
2009-12-31 09:47:26 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-12-31 09:47:26 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-12-28 16:36:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-28 16:36:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-17 00:43:48 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-11 05:59:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-09 20:04:37 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-05 09:40:23 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-05 09:40:07 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 17:35:19 60884 ----a-w- c:\windows\fonts\Pristina LET Plain_1.0.ttf
2009-11-18 17:33:48 76824 ----a-w- c:\windows\fonts\Pristina.ttf
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\system32\rastls.dll
2008-09-20 11:27:27 706536 ----a-w- c:\program files\setup_Moj_CeWe_Fotosvet.exe
2008-09-04 21:17:37 174 --sha-w- c:\program files\desktop.ini
2008-04-23 10:22:38 18391162 ----a-w- c:\program files\waterworks_sorted.exe
2007-11-28 10:43:55 34724 ----a-w- c:\windows\inf\perflib\0405\perfd.dat
2007-11-28 10:43:55 34724 ----a-w- c:\windows\inf\perflib\0405\perfc.dat
2007-11-28 10:43:55 286912 ----a-w- c:\windows\inf\perflib\0405\perfi.dat
2007-11-28 10:43:55 286912 ----a-w- c:\windows\inf\perflib\0405\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-06-20 22:07:17 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 11:09:06,50 ===============

Takze sa mi to s tym GMERom predsa len podarilo - pripajam LOG c. 2 (scenovanie po hlaseni rootkotu):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 12:12:14
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\tpd\AppData\Local\Temp\uwldipow.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86A20C70

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\00000079 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\0000007b bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] kufwysj <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\kufwysj@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kufwysj@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kufwysj@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kufwysj@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\kufwysj@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kufwysj@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\kufwysj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\kufwysj@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uSearch Page =
uSearch Bar = 
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
TB: iMesh MediaBar: {b7d3e479-cc68-42b5-a338-938ece35f419} - 
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

Rootkit::
c:\windows\system32\drivers\kufwysj.sys

Driver::
kufwysj

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

Vsetko uspesne prebehlo - pripajam CF log. Dik a vesely silvester...

ComboFix 09-12-31.01 - tpd 31.12.2009 17:57:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1239 [GMT 1:00]
Spuštěný z: c:\users\tpd\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\tpd\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1891858840-2208468089-2751076633-500
c:\$recycle.bin\S-1-5-21-6029514-184543935-3270543413-500
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KUFWYSJ
-------\Service_kufwysj

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\rundll16.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\logo1_.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\logo_1.exe
2009-12-27 14:44 . 2009-12-27 14:44 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-27 14:44 . 2009-12-27 14:44 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-27 14:44 . 2009-12-27 14:44 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-27 14:44 . 2009-12-27 14:44 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-27 14:44 . 2009-12-27 14:44 -------- d-----w- c:\programdata\MicroWorld
2009-12-24 19:42 . 2009-12-31 17:06 714752 ----a-w- c:\windows\system32\drivers\kufwysj.sys
2009-12-17 20:42 . 2009-12-17 20:42 -------- d-----w- c:\program files\MarkAny
2009-12-17 00:40 . 2009-12-17 00:40 -------- d-----w- c:\programdata\PC Suite
2009-12-17 00:40 . 2009-12-17 00:40 -------- d-----w- c:\users\tpd\AppData\Roaming\PC Suite
2009-12-17 00:38 . 2007-05-02 15:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-17 00:38 . 2009-12-17 20:43 -------- d-----w- c:\program files\DIFX
2009-12-17 00:38 . 2007-09-17 14:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-17 00:38 . 2009-03-20 09:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2009-12-17 00:38 . 2009-03-20 09:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2009-12-17 00:38 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2009-12-17 00:38 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2009-12-17 00:37 . 2009-03-20 09:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2009-12-17 00:37 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2009-12-17 00:37 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2009-12-17 00:37 . 2009-12-17 00:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-17 00:36 . 2009-03-31 08:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-17 00:36 . 2009-03-31 08:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-17 00:36 . 2009-03-31 08:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-17 00:36 . 2009-12-17 20:42 -------- d-----w- c:\users\tpd\AppData\Roaming\Samsung
2009-12-17 00:35 . 2009-12-17 20:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-17 00:31 . 2009-12-17 00:32 -------- d-----w- c:\users\tpd\AppData\Local\Downloaded Installations
2009-12-11 22:51 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 22:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 22:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 06:00 . 2009-12-11 06:00 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-10 23:33 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-10 23:33 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-10 23:33 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-10 23:33 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-10 23:33 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-10 23:33 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-10 23:33 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-10 23:33 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-10 23:33 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-10 23:33 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-10 23:33 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-10 23:33 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-10 23:32 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-10 23:32 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-10 23:32 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\eu-ES
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\ca-ES
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\vi-VN
2009-12-09 19:52 . 2009-12-09 19:52 -------- d-----w- c:\windows\system32\EventProviders
2009-12-05 09:38 . 2009-12-05 09:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-05 07:50 . 2009-12-05 07:50 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 17:06 . 2008-02-13 21:48 6396 ----a-w- c:\windows\bthservsdp.dat
2009-12-31 16:45 . 2007-11-28 10:44 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-12-31 16:45 . 2007-11-28 10:44 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-12-27 18:07 . 2008-06-20 18:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-18 21:56 . 2009-12-18 21:56 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 20:42 . 2007-11-28 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:41 . 2009-06-19 20:05 -------- d-----w- c:\program files\Samsung
2009-12-14 17:01 . 2009-02-09 11:02 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-14 17:01 . 2009-02-09 11:02 -------- d-----w- c:\program files\DVDVideoSoft
2009-12-11 05:58 . 2009-12-11 05:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-10 16:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-06 09:20 . 2008-07-19 17:52 680 ----a-w- c:\users\tpd\AppData\Local\d3d9caps.dat
2009-12-05 09:40 . 2009-09-27 11:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-05 09:40 . 2008-06-22 16:39 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\tpd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-03 20:02 . 2009-12-03 20:02 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8A95.tmp.exe
2009-12-03 12:37 . 2008-06-20 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 12:15 . 2009-11-27 07:25 -------- d-----w- c:\program files\Microsoft
2009-11-27 08:42 . 2009-11-27 07:24 -------- d-----w- c:\program files\Windows Live
2009-11-27 07:24 . 2009-11-27 07:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-26 23:19 . 2009-11-26 23:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-24 23:54 . 2008-06-22 16:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2008-06-22 16:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-06-22 16:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-06-22 16:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 06:40 . 2009-12-09 20:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 20:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 20:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 20:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 18:58 . 2008-04-23 07:58 71512 ----a-w- c:\users\tpd\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-05 18:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:39 . 2009-11-02 14:39 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2EEE.tmp.exe
2009-11-02 14:28 . 2008-07-15 16:00 -------- d-----w- c:\program files\Google
2009-10-29 09:17 . 2009-11-24 20:33 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36 . 2009-12-09 20:12 243712 ----a-w- c:\windows\system32\rastls.dll
2008-09-20 11:27 . 2008-09-20 11:27 706536 ----a-w- c:\program files\setup_Moj_CeWe_Fotosvet.exe
2008-04-23 10:22 . 2008-04-23 09:27 18391162 ----a-w- c:\program files\waterworks_sorted.exe
2008-06-20 22:07 . 2008-06-20 22:07 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 15:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-19 20:05 8497696 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"=c:\progra~1\Skype\Phone\Skype.exe
"Google Update"="c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8e,36,40,d7,0e,79,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22.6.2008 17:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22.6.2008 17:45 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22.6.2008 17:42 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [17.12.2009 1:36 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [17.12.2009 1:36 36608]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [3.8.2008 16:37 21504]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [17.12.2009 1:37 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [17.12.2009 1:38 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [17.12.2009 1:38 121856]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 8:38 4136960]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [3.8.2008 16:36 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-12-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1891858840-2208468089-2751076633-1000Core.job
- c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:23]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1891858840-2208468089-2751076633-1000UA.job
- c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:23]

2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{3E66D416-F523-44EC-84D9-CE03DFC8B0BC}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2009-12-31 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program2\TuneUp\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {4C9B5CBD-E035-4A78-8014-BCB4721F2096} = 192.168.1.1
TCP: {4DFA776A-027C-413D-A84B-81658F00062B} = 208.67.220.220,208.67.222.222
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(3528)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\iashost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Celkový čas: 2009-12-31 18:17:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-31 17:17

Před spuštěním: Volných bajtů: 23 904 960 512
Po spuštění: Volných bajtů: 23 880 454 144

- - End Of File - - E91FBE088D8AE0C9E72ECB8B4356B4E5

Nastrkaj do PC vsetky USB, flashky atd. co pouzivas...

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
SecCenter::
{ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:0000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

Postupovl som podla pokynov a v prilohe je CF-log.

ComboFix 09-12-31.01 - tpd 02.01.2010 15:22:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1253 [GMT 1:00]
Spuštěný z: c:\users\tpd\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\tpd\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\drivers\kufwysj.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 14:31 . 2010-01-02 14:34 -------- d-----w- c:\users\tpd\AppData\Local\temp
2010-01-02 14:31 . 2010-01-02 14:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-02 14:31 . 2010-01-02 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\rundll16.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\logo1_.exe
2009-12-27 14:49 . 2009-12-27 14:49 -------- d---a-w- c:\windows\logo_1.exe
2009-12-27 14:44 . 2009-12-27 14:44 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-27 14:44 . 2009-12-27 14:44 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-27 14:44 . 2009-12-27 14:44 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-27 14:44 . 2009-12-27 14:44 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-27 14:44 . 2009-12-27 14:44 -------- d-----w- c:\programdata\MicroWorld
2009-12-17 20:42 . 2009-12-17 20:42 -------- d-----w- c:\program files\MarkAny
2009-12-17 00:40 . 2009-12-17 00:40 -------- d-----w- c:\programdata\PC Suite
2009-12-17 00:40 . 2009-12-17 00:40 -------- d-----w- c:\users\tpd\AppData\Roaming\PC Suite
2009-12-17 00:38 . 2007-05-02 15:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-17 00:38 . 2009-12-17 20:43 -------- d-----w- c:\program files\DIFX
2009-12-17 00:38 . 2007-09-17 14:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-17 00:38 . 2009-03-20 09:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2009-12-17 00:38 . 2009-03-20 09:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2009-12-17 00:38 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2009-12-17 00:38 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2009-12-17 00:37 . 2009-03-20 09:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2009-12-17 00:37 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2009-12-17 00:37 . 2009-03-20 09:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2009-12-17 00:37 . 2009-12-17 00:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-17 00:36 . 2009-03-31 08:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-17 00:36 . 2009-03-31 08:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-17 00:36 . 2009-03-31 08:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-12-17 00:36 . 2009-12-17 20:42 -------- d-----w- c:\users\tpd\AppData\Roaming\Samsung
2009-12-17 00:35 . 2009-12-17 20:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-17 00:31 . 2009-12-17 00:32 -------- d-----w- c:\users\tpd\AppData\Local\Downloaded Installations
2009-12-11 22:51 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 22:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 22:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 06:00 . 2009-12-11 06:00 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-10 23:33 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-10 23:33 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-10 23:33 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-10 23:33 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-10 23:33 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-10 23:33 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-10 23:33 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-10 23:33 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-10 23:33 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-10 23:33 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-10 23:33 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-10 23:33 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-10 23:32 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-10 23:32 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-10 23:32 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\eu-ES
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\ca-ES
2009-12-09 20:23 . 2009-12-09 20:23 -------- d-----w- c:\windows\system32\vi-VN
2009-12-09 19:52 . 2009-12-09 19:52 -------- d-----w- c:\windows\system32\EventProviders
2009-12-05 09:38 . 2009-12-05 09:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-05 07:50 . 2009-12-05 07:50 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 14:32 . 2008-02-13 21:48 6396 ----a-w- c:\windows\bthservsdp.dat
2010-01-02 14:31 . 2009-07-14 21:18 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 14:09 . 2007-11-28 10:44 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 14:09 . 2007-11-28 10:44 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-12-27 18:07 . 2008-06-20 18:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-18 21:56 . 2009-12-18 21:56 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 20:42 . 2007-11-28 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:41 . 2009-06-19 20:05 -------- d-----w- c:\program files\Samsung
2009-12-14 17:01 . 2009-02-09 11:02 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-14 17:01 . 2009-02-09 11:02 -------- d-----w- c:\program files\DVDVideoSoft
2009-12-11 05:58 . 2009-12-11 05:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-10 16:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-09 20:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-06 09:20 . 2008-07-19 17:52 680 ----a-w- c:\users\tpd\AppData\Local\d3d9caps.dat
2009-12-05 09:40 . 2009-09-27 11:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-05 09:40 . 2008-06-22 16:39 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\tpd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-03 20:02 . 2009-12-03 20:02 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8A95.tmp.exe
2009-12-03 12:37 . 2008-06-20 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 12:15 . 2009-11-27 07:25 -------- d-----w- c:\program files\Microsoft
2009-11-27 08:42 . 2009-11-27 07:24 -------- d-----w- c:\program files\Windows Live
2009-11-27 07:24 . 2009-11-27 07:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-26 23:19 . 2009-11-26 23:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-24 23:54 . 2008-06-22 16:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2008-06-22 16:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-06-22 16:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-06-22 16:32 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 06:40 . 2009-12-09 20:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 20:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 20:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 20:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 18:58 . 2008-04-23 07:58 71512 ----a-w- c:\users\tpd\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-05 18:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:39 . 2009-11-02 14:39 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2EEE.tmp.exe
2009-10-29 09:17 . 2009-11-24 20:33 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36 . 2009-12-09 20:12 243712 ----a-w- c:\windows\system32\rastls.dll
2008-09-20 11:27 . 2008-09-20 11:27 706536 ----a-w- c:\program files\setup_Moj_CeWe_Fotosvet.exe
2008-04-23 10:22 . 2008-04-23 09:27 18391162 ----a-w- c:\program files\waterworks_sorted.exe
2008-06-20 22:07 . 2008-06-20 22:07 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 15:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-19 20:05 8497696 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"=c:\progra~1\Skype\Phone\Skype.exe
"Google Update"="c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8e,36,40,d7,0e,79,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22.6.2008 17:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22.6.2008 17:45 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22.6.2008 17:42 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [17.12.2009 1:36 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [17.12.2009 1:36 36608]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [3.8.2008 16:37 21504]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [17.12.2009 1:37 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [17.12.2009 1:38 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [17.12.2009 1:38 121856]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 8:38 4136960]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [3.8.2008 16:36 16896]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1891858840-2208468089-2751076633-1000Core.job
- c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:23]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1891858840-2208468089-2751076633-1000UA.job
- c:\users\tpd\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-27 22:23]

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{3E66D416-F523-44EC-84D9-CE03DFC8B0BC}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2009-12-31 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program2\TuneUp\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {4C9B5CBD-E035-4A78-8014-BCB4721F2096} = 192.168.1.1
TCP: {4DFA776A-027C-413D-A84B-81658F00062B} = 208.67.220.220,208.67.222.222
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(3444)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\iashost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-02 15:44:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-02 14:43
ComboFix2.txt 2009-12-31 17:17

Před spuštěním: Volných bajtů: 23 510 106 112
Po spuštění: Volných bajtů: 23 463 976 960

- - End Of File - - C3F0597A1C16DCB9EBCA460679F3C76A

Dobre, ako to vyzera s PC teraz? Este je ten rootkit hlaseny? Sprav prosim novy log z GMERu.

Zda sa to byt OK - uz ziadne hlasky... Pripajam LOG c 1 zo scan disku C a log c. 2 zo scan disku D. Kompletny scan C+D som nemohol urobit - pokazde bol prgram neocakavane ukonceny a restartovany...
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 20:13:14
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\tpd\AppData\Local\Temp\uwldipow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D60E360, 0x35B0A2, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...

---- EOF - GMER 1.0.15 ----

LOG c.2 = disk D
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 21:05:03
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\tpd\AppData\Local\Temp\uwldipow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D60E360, 0x35B0A2, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@001e3a4bc6f3 0xB3 0xFC 0x4C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@0018afcfc1c1 0x69 0xDF 0xAC 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@00119f557663 0xA2 0x4B 0x96 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@002186e9c9de 0xBF 0x2A 0xB6 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37a95d91@a00798413a3a 0xE7 0x04 0xDE 0x75 ...

---- EOF - GMER 1.0.15 ----

Tu ide hlavne o log zo systemrootu :)

1) Docistime to:

Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall

Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

Precisti PC CCleanerom (vratane registrov).

Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

Dufam te uz je to OK a dakujem za pomoc. Pripajam HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:38, on 4.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9B5CBD-E035-4A78-8014-BCB4721F2096}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DFA776A-027C-413D-A84B-81658F00062B}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 8143 bytes

1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):

Kód: Vybrat vše

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

2) Pouzi JavaRa, mas staru Javu.

3) Updatuj Adobe Reader (poslednu verziu najdes >>tu<<).

4) Odporucam pouzivat >>alternativny browser<<.

5) Este jedno odporucanie: vidim tam SpyBota a Windows Defender z antispyware programov...podla mna by bolo dobre vymenit ich bud za Spyware Terminatora, alebo za SuperAntiSpyware.

PC-HELP.CZ

Hlasenie AVASTu na rootkit

Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit

Re: Hlasenie AVASTu na rootkit Vyřešeno