Spatne nabihani www stranek - kontrola logu

[numy]

Zdravim, mam problem, ze me spatne nabíhaji www stranky. Bud musim 2x az 3x dat obnovit nebo najede jen html kod stranek nebo najede, ze stranky nejdou spustit, ale po opetovnem nacteni uz jdou. Celkem to uz prestalo, ale projel sem PC CCleanrem a MWAWem a zacalo to naplno znovu. (ne u kazde stranky)
Tak se chci zeptat zda neco nepoznate z logu?
Dík

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:08, on 26.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\w32x86\3\fppdis2a.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIP Miranda IM 1.7.1\miranda32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AutoCAD 2008\acad.exe
C:\Users\PABO34~1\AppData\Local\Temp\AdskCleanup.0001
C:\Windows\system32\conime.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kb.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 141.30.105.19 cad-node1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\WIP Miranda IM 1.7.1\miranda32.exe" "C:\Program Files\WIP Miranda IM 1.7.1\resources\profiles\wipmirandaim"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (file missing)
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe

--
End of file - 12356 bytes

[Reklama]

[numy]

nikdo?

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

A napiš zda máš 32 nebo 64bit. verzi windows vista.

[numy]

visty jsou 32bit

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1705
Windows 6.0.6001 Service Pack 1

29.1.2009 21:13:54
mbam-log-2009-01-29 (21-13-54).txt

Typ skenu: Rychlý sken
Objektu skenováno: 62229
Uplynulý cas: 3 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Vypni rez. ochranu u NOD32 a štít u Windows Defender.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra..

[numy]

ahoj, sorry ze tak pozde

ComboFix 09-01-21.04 - pabo3437196 2009-01-30 22:22:29.1 - NTFSx86
Microsoft« Windows VistaÖ Business 6.0.6001.1.1250.1.1029.18.2045.826 [GMT 1:00]
SpuÜtýnř z: d:\zaloha\CCleaner\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: Kerio WinRoute Firewall *enabled*
FW: Sunbelt Personal Firewall *disabled*
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
* Vytvo°en novř Bod ObnovenÝ
.
- REÄIM S OMEZENOU FUNK╚NOST═ -
.

((((((((((((((((((((((((( Soubory vytvo°enÚ od 2008-12-28 do 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-26 22:20 . 2009-01-26 22:21 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-26 22:20 . 2009-01-26 22:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-26 21:19 . 2009-01-26 21:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 21:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-25 21:56 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-25 01:28 . 2009-01-25 01:28 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\DAEMON Tools Lite
2009-01-24 18:49 . 2009-01-24 18:49 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\Leadertech
2009-01-24 18:26 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-01-24 18:26 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-01-24 18:26 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-24 18:26 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-01-24 18:26 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-24 18:26 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-01-14 20:49 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 00:03 . 2009-01-14 00:03 <DIR> d-------- c:\program files\Dart 'm Up
2009-01-14 00:03 . 2009-01-14 00:03 446 --a------ c:\windows\Dartemup.ini
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- c:\programdata\WindowsSearch
2009-01-07 15:21 . 2009-01-11 13:03 <DIR> d-------- c:\users\All Users\Symantec
2009-01-07 15:21 . 2009-01-11 13:03 <DIR> d-------- c:\programdata\Symantec
2009-01-05 12:25 . 2009-01-05 12:24 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-26 19:39 . 2008-12-26 19:39 <DIR> d-------- c:\users\All Users\Office Genuine Advantage
2008-12-26 19:39 . 2008-12-26 19:39 <DIR> d-------- c:\programdata\Office Genuine Advantage
2008-12-23 11:49 . 2008-12-23 11:49 <DIR> d--h----- c:\users\All Users\CanonBJ
2008-12-23 11:49 . 2008-12-23 11:49 <DIR> d--h----- c:\programdata\CanonBJ
2008-12-21 14:03 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-21 14:02 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-12-11 10:25 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 10:25 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 10:25 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 10:24 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 10:24 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 10:24 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 10:24 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 15:45 . 2008-12-10 15:47 <DIR> d-------- C:\zvoneni
2008-12-08 09:51 . 2008-12-08 09:51 <DIR> d-------- C:\Mechanical Calculator 7.2.1 with patch
2008-12-06 18:52 . 2008-12-06 19:16 <DIR> d-------- c:\program files\Mechanical Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 21:09 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Skype
2009-01-30 17:22 271,107 ----a-w c:\users\All Users\nvModes.dat
2009-01-30 17:22 271,107 ----a-w c:\programdata\nvModes.dat
2009-01-29 20:16 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Microgaming
2009-01-25 20:52 --------- d-----w c:\program files\CCleaner
2009-01-25 12:16 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-25 12:16 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-25 11:37 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-25 11:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-25 00:18 --------- d-----w c:\program files\PowerISO
2009-01-21 17:54 --------- d-----w c:\program files\VPHoldem
2009-01-21 17:54 --------- d-----w c:\program files\Poker Tracker V2
2009-01-15 21:26 --------- d-----w c:\program files\Windows Mail
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-14 12:44 --------- d-----w c:\program files\ParadisePoker
2009-01-10 21:47 --------- d-----w c:\program files\Java
2009-01-06 21:34 2,145,447,135 ----a-w c:\windows\DUMP3ec4.tmp
2008-12-12 12:49 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Canon
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-05-23 09:04 251,611 ----a-w c:\users\pabo3437196\AppData\Roaming\nvModes.dat
2008-05-17 14:25 174 --sha-w c:\program files\desktop.ini
2007-11-20 15:41 22,328 ----a-w c:\users\pabo3437196\AppData\Roaming\PnkBstrK.sys
2007-11-07 22:51 76 --sha-r c:\windows\CT4CET.bin
2008-03-04 21:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-04 21:19 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-04 21:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MirandaIM"="c:\program files\WIP Miranda IM 1.7.1\miranda32.exe" [2007-10-18 551508]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"pdfFactory Pro Dispatcher v2"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-04-06 499712]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-22 20480]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite 4.30.3 Setup]
--a------ 2009-01-25 01:27 7321032 d:\games\daemon4303-lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-09-09 10:16 196608 c:\program files\PowerISO\PWRISOVM.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B03A82B8-32B8-434D-B231-1CDCA95BF287}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5560C872-DDFC-432F-B6AE-7B51D81B305A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{903DEF09-4730-4035-9EDF-4DF204DE82BC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D7246653-542C-4740-9C99-04125632EAC2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A961F7E3-7399-41CE-975B-85969DD59B23}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{679040F2-4F3C-43D8-A09D-5BFC05D33B0E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4E129281-58E1-4B3F-824E-B605112BCEA2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"UDP Query User{2FAB69B7-E86E-4D89-A594-3CC33415F822}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F340CB69-B080-4944-954E-C83AAB238C3A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{81A4D550-31BE-4941-8C93-FB0049D26BD4}"= TCP:c:\program files\uTorrent\utorrent.exe:ÁTorrent
"{8BE86E7B-6F6F-495E-9AC8-F6C20708D44D}"= UDP:c:\program files\uTorrent\utorrent.exe:ÁTorrent
"TCP Query User{B8190E5B-79C8-4A4A-8DE2-BEF925FC17D5}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{EA98365A-6911-4686-8666-0EB5531AA5B8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{4F604204-E77B-4F32-B677-3936A09FF7A9}d:\\programy\\codemasters\\dirt\\dirt.exe"= UDP:d:\programy\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{7ED567D0-9892-4E1C-8EF6-9741CEB4B406}d:\\programy\\codemasters\\dirt\\dirt.exe"= TCP:d:\programy\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{0EB86A8C-A51D-410A-9676-82058D197E2A}c:\\program files\\wip miranda im 1.7.1\\miranda32.exe"= UDP:c:\program files\wip miranda im 1.7.1\miranda32.exe:Miranda IM
"UDP Query User{90A88C19-27D1-459C-A8D4-0F1990AAF40C}c:\\program files\\wip miranda im 1.7.1\\miranda32.exe"= TCP:c:\program files\wip miranda im 1.7.1\miranda32.exe:Miranda IM
"TCP Query User{0053DCFD-C731-4CB2-8A4F-5525F3634D85}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DFAAF533-3A46-4852-8B3C-ABB37385036E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0D8B92D2-C121-4B89-B1A6-E2371E42A1F6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{586B6126-1303-4CA6-8D78-3CC02D74E9AD}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9BF3AF75-2420-4561-9591-506DABD5CAA5}c:\\users\\pabo3437196\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\pabo3437196\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{CA27B4C4-31B3-4CE2-84C0-010901C3A66E}c:\\users\\pabo3437196\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\pabo3437196\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{04F9DD1C-40E7-4524-9134-1C02F76C5746}c:\\program files\\ironware communication\\iw ftport client\\cftp32.exe"= UDP:c:\program files\ironware communication\iw ftport client\cftp32.exe:IW FTPort Client
"UDP Query User{9FC2BCB9-4DAE-4B50-A8AA-CEF62E3D8313}c:\\program files\\ironware communication\\iw ftport client\\cftp32.exe"= TCP:c:\program files\ironware communication\iw ftport client\cftp32.exe:IW FTPort Client
"TCP Query User{CD895693-E197-4C1B-B23B-AE81302A2312}c:\\program files\\cesarftp\\server.exe"= UDP:c:\program files\cesarftp\server.exe:Server
"UDP Query User{05761583-655A-49B3-A83F-8B1CCF71E0C3}c:\\program files\\cesarftp\\server.exe"= TCP:c:\program files\cesarftp\server.exe:Server
"TCP Query User{21F4AEFC-C1ED-49D6-A13A-CB17ABD33B18}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{136E8A0F-55D3-4520-8AFB-8788014712E2}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6FE0B2B1-2C88-41E4-8696-F555297C5BF0}c:\\program files\\dassault systemes\\b17\\intel_a\\code\\bin\\cnext.exe"= UDP:c:\program files\dassault systemes\b17\intel_a\code\bin\cnext.exe:CATIA
"UDP Query User{8BF1E945-47DB-439A-84D4-B6C72E3630DC}c:\\program files\\dassault systemes\\b17\\intel_a\\code\\bin\\cnext.exe"= TCP:c:\program files\dassault systemes\b17\intel_a\code\bin\cnext.exe:CATIA
"TCP Query User{078FE97E-A160-4F86-9C16-285B9E73B603}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{FE49EE7C-53B1-4DA0-AF82-FF72015C413B}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{FB98EEEE-69FE-464F-9778-F4406FA0B2FA}c:\\program files\\proewildfire 3.0\\i486_nt\\nms\\nmsd.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe:nmsd
"UDP Query User{5A812D92-9EA1-42F2-84BD-062AD2E261AE}c:\\program files\\proewildfire 3.0\\i486_nt\\nms\\nmsd.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe:nmsd
"TCP Query User{DF3C3FAA-49F8-4DDD-9E03-1A1DA96242E5}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe:pro_comm_msg
"UDP Query User{C05F4E9F-6B98-47FA-A8E4-F0C447BAEE1F}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe:pro_comm_msg
"TCP Query User{C9D2765D-661A-44AF-AB9A-5F55F76C5885}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\xtop.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe:xtop
"UDP Query User{9E557DF6-AE1E-4F95-BDA3-F10D4ADFD2D0}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\xtop.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe:xtop
"TCP Query User{E3E44AEA-E1BA-4E4F-AFDD-CDAD1C18DA05}c:\\program files\\ugs\\nx 5.0\\ugii\\ugraf.exe"= UDP:c:\program files\ugs\nx 5.0\ugii\ugraf.exe:NX Component
"UDP Query User{152D95EB-D043-470D-A069-B43E4A52258D}c:\\program files\\ugs\\nx 5.0\\ugii\\ugraf.exe"= TCP:c:\program files\ugs\nx 5.0\ugii\ugraf.exe:NX Component
"TCP Query User{B2BAFD15-5AD4-4CF6-9321-CEE6A7857963}c:\\programy\\samsung\\smartviewer 2.0 for prodvr\\smartviewer.exe"= UDP:c:\programy\samsung\smartviewer 2.0 for prodvr\smartviewer.exe:Viewer MFC ?? ????
"UDP Query User{6289B55F-E737-4F63-8292-5E5E4A9464E0}c:\\programy\\samsung\\smartviewer 2.0 for prodvr\\smartviewer.exe"= TCP:c:\programy\samsung\smartviewer 2.0 for prodvr\smartviewer.exe:Viewer MFC ?? ????
"TCP Query User{C444BA46-8475-4217-ADF2-F6BEB9EF58E9}c:\\program files\\wip miranda im 1.7.3\\miranda32.exe"= UDP:c:\program files\wip miranda im 1.7.3\miranda32.exe:Miranda IM
"UDP Query User{A01BFF27-35F9-4E21-9110-DE6D1CBDF15C}c:\\program files\\wip miranda im 1.7.3\\miranda32.exe"= TCP:c:\program files\wip miranda im 1.7.3\miranda32.exe:Miranda IM
"TCP Query User{183F0C0B-17F5-41EE-ADA8-F1AD5BEE763E}c:\\program files\\qip infium\\infium.exe"= UDP:c:\program files\qip infium\infium.exe:QIP Infium
"UDP Query User{31C625E3-AD97-4C08-8C2D-7FB3A7EA41E6}c:\\program files\\qip infium\\infium.exe"= TCP:c:\program files\qip infium\infium.exe:QIP Infium
"{83220C8F-07F1-4CA7-B889-4433BFBC123F}"= UDP:18284:BitComet 18284 TCP
"{72A175EF-C17C-4D5C-AD7E-2D2140679124}"= TCP:18284:BitComet 18284 UDP
"TCP Query User{AD8C330D-4FAD-4276-AF30-6FA9265A0624}c:\\program files\\miranda im\\miranda32.exe"= UDP:c:\program files\miranda im\miranda32.exe:miranda32
"UDP Query User{90AEFDD3-B73E-4F4B-84F1-BCFD5C8BBB86}c:\\program files\\miranda im\\miranda32.exe"= TCP:c:\program files\miranda im\miranda32.exe:miranda32
"{41294058-8868-42D6-AFC5-3375A39C8ED7}"= UDP:c:\program files\uTorrent\utorrent.exe:ÁTorrent (TCP-In)
"{8F20A439-0B7A-482F-A65F-A3DF4A01F37E}"= TCP:c:\program files\uTorrent\utorrent.exe:ÁTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [2006-10-13 14912]
R1 PSched;PlßnovaŔ paket¨ technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-12 72192]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [2008-06-21 66600]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-02-27 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-02-27 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [2008-10-01 65576]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-02-27 73728]
R4 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2007-11-09 8192]
R4 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R4 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2007-02-02 1327104]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\System32\drivers\Amps2prt.sys [2007-05-15 14336]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [2007-08-28 62464]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security 2007\TmPfw.exe --> c:\program files\Trend Micro\Internet Security 2007\TmPfw.exe [?]

--- OstatnÝ slu×by/ovladaŔe v pamýti ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
*Deregistered* - sptd
*Deregistered* - tmmbd
*Deregistered* - tmtdi

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5fd672-0a3e-11dd-a52a-001c23aafa4e}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2009-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789213292-3213421283-2761632414-1001.job
- c:\users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-14 11:11]
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)


.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.kb.cz/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stßhnout odkaz s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stßhnout vÜechna videa s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stßhnout vÜechny odkazy s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\pabo3437196\AppData\Roaming\Mozilla\Firefox\Profiles\m0c3j43k.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\pabo3437196\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll

---- NASTAVEN═ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 22:23:13
Windows 6.0.6001 Service Pack 1 NTFS

skenovßnÝ skrytřch proces¨ ...

[0] 0x0014F200

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0

**************************************************************************
.
Celkovř Ŕas: 2009-01-30 22:29:03
ComboFix-quarantined-files.txt 2009-01-30 21:28:56

P°ed spuÜtýnÝm: 4á609á851á392
Po spuÜtýnÝ: 4,532,219,904

307 --- E O F --- 2009-01-29 14:06:47

[jaro3]

Toto otestuj na Virustotal
c:\windows\System32\ieUnatt.exe
c:\windows\System32\PDMSetup.exe
c:\windows\System32\iesysprep.dll
c:\windows\System32\RegisterIEPKEYs.exe
c:\windows\System32\SetDepNx.exe
c:\windows\DUMP3ec4.tmp
Vlož sem pak odkazy výsledků.

[numy]

ok, jdu na to, jeste se te zeptam, metim nez se to zkontroluje, zda-li nevis cim by mohlo byt, ze kdyz jsem doma pripojeny pres wifi, nejde mi kerio (musi byt zakazane jinak nejde net) a kdyz jsem na drate tak kerio v poho slape?

[numy]

http://www.virustotal.com/cs/analisis/5 ... a14c5eb063

http://www.virustotal.com/cs/analisis/1 ... efb0ccc4c4

http://www.virustotal.com/cs/analisis/1 ... 1be4866237

http://www.virustotal.com/cs/analisis/8 ... 0daba74535

http://www.virustotal.com/cs/analisis/3 ... 87266e8e13

DUMP3ec4.tmp - nesel otestovat, pac ma cca 2GB

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\windows\DUMP3ec4.tmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
S tím Keriem a wifi by Ti mohl pomoci memphisto , zkus ho požádat, Kerio a wifi nemám , takže nevím , jak je to s tím nastavením.

[numy]

log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:08, on 26.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\w32x86\3\fppdis2a.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIP Miranda IM 1.7.1\miranda32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AutoCAD 2008\acad.exe
C:\Users\PABO34~1\AppData\Local\Temp\AdskCleanup.0001
C:\Windows\system32\conime.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kb.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 141.30.105.19 cad-node1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\WIP Miranda IM 1.7.1\miranda32.exe" "C:\Program Files\WIP Miranda IM 1.7.1\resources\profiles\wipmirandaim"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (file missing)
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe

--
End of file - 12356 bytes



LOG z ComboFix

ComboFix 09-01-21.04 - pabo3437196 2009-02-01 18:16:42.2 - NTFSx86
Microsoft« Windows VistaÖ Business 6.0.6001.1.1250.1.1029.18.2045.713 [GMT 1:00]
SpuÜtýnř z: c:\users\pabo3437196\Desktop\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\users\pabo3437196\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: Kerio WinRoute Firewall *enabled*
FW: Sunbelt Personal Firewall *disabled*
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
* Vytvo°en novř Bod ObnovenÝ
.
- REÄIM S OMEZENOU FUNK╚NOST═ -
.

((((((((((((((((((((((((( Soubory vytvo°enÚ od 2009-01-01 do 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-26 22:20 . 2009-01-26 22:21 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-26 22:20 . 2009-01-26 22:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-26 21:19 . 2009-01-26 21:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-25 21:56 . 2009-01-25 21:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 21:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-25 21:56 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-25 01:28 . 2009-01-25 01:28 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\DAEMON Tools Lite
2009-01-24 18:49 . 2009-01-24 18:49 <DIR> d-------- c:\users\pabo3437196\AppData\Roaming\Leadertech
2009-01-24 18:26 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-01-24 18:26 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-01-24 18:26 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-24 18:26 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-01-24 18:26 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-24 18:26 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-01-14 20:49 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 00:03 . 2009-01-14 00:03 <DIR> d-------- c:\program files\Dart 'm Up
2009-01-14 00:03 . 2009-01-14 00:03 446 --a------ c:\windows\Dartemup.ini
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-01-07 18:39 . 2009-01-07 18:39 <DIR> d-------- c:\programdata\WindowsSearch
2009-01-07 15:21 . 2009-01-11 13:03 <DIR> d-------- c:\users\All Users\Symantec
2009-01-07 15:21 . 2009-01-11 13:03 <DIR> d-------- c:\programdata\Symantec
2009-01-05 12:25 . 2009-01-05 12:24 410,984 --a------ c:\windows\System32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 17:02 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Microgaming
2009-02-01 09:11 271,107 ----a-w c:\users\All Users\nvModes.dat
2009-02-01 09:11 271,107 ----a-w c:\programdata\nvModes.dat
2009-01-30 21:40 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Skype
2009-01-25 20:52 --------- d-----w c:\program files\CCleaner
2009-01-25 12:16 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-25 12:16 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-25 11:37 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-25 11:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-25 00:18 --------- d-----w c:\program files\PowerISO
2009-01-21 17:54 --------- d-----w c:\program files\VPHoldem
2009-01-21 17:54 --------- d-----w c:\program files\Poker Tracker V2
2009-01-15 21:26 --------- d-----w c:\program files\Windows Mail
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-14 12:44 --------- d-----w c:\program files\ParadisePoker
2009-01-10 21:47 --------- d-----w c:\program files\Java
2009-01-06 21:34 2,145,447,135 ----a-w c:\windows\DUMP3ec4.tmp
2008-12-26 18:39 --------- d-----w c:\programdata\Office Genuine Advantage
2008-12-23 10:49 --------- d--h--w c:\programdata\CanonBJ
2008-12-12 12:49 --------- d-----w c:\users\pabo3437196\AppData\Roaming\Canon
2008-12-06 18:16 --------- d-----w c:\program files\Mechanical Calculator
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-05-23 09:04 251,611 ----a-w c:\users\pabo3437196\AppData\Roaming\nvModes.dat
2008-05-17 14:25 174 --sha-w c:\program files\desktop.ini
2007-11-20 15:41 22,328 ----a-w c:\users\pabo3437196\AppData\Roaming\PnkBstrK.sys
2007-11-07 22:51 76 --sha-r c:\windows\CT4CET.bin
2008-03-04 21:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-04 21:19 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-04 21:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\DUMP3ec4.tmp ----

c:\windows\DUMP3ec4.tmp\


((((((((((((((((((((((((((((( snapshot@2009-01-30_22.27.11,88 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-30 21:21:39 6,373,376 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-01 17:15:53 6,373,376 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-01-30 17:22:47 346,812 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-01 09:10:38 354,164 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MirandaIM"="c:\program files\WIP Miranda IM 1.7.1\miranda32.exe" [2007-10-18 551508]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"pdfFactory Pro Dispatcher v2"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-04-06 499712]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-22 20480]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite 4.30.3 Setup]
--a------ 2009-01-25 01:27 7321032 d:\games\daemon4303-lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-09-09 10:16 196608 c:\program files\PowerISO\PWRISOVM.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B03A82B8-32B8-434D-B231-1CDCA95BF287}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5560C872-DDFC-432F-B6AE-7B51D81B305A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{903DEF09-4730-4035-9EDF-4DF204DE82BC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D7246653-542C-4740-9C99-04125632EAC2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A961F7E3-7399-41CE-975B-85969DD59B23}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{679040F2-4F3C-43D8-A09D-5BFC05D33B0E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4E129281-58E1-4B3F-824E-B605112BCEA2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"UDP Query User{2FAB69B7-E86E-4D89-A594-3CC33415F822}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F340CB69-B080-4944-954E-C83AAB238C3A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{81A4D550-31BE-4941-8C93-FB0049D26BD4}"= TCP:c:\program files\uTorrent\utorrent.exe:ÁTorrent
"{8BE86E7B-6F6F-495E-9AC8-F6C20708D44D}"= UDP:c:\program files\uTorrent\utorrent.exe:ÁTorrent
"TCP Query User{B8190E5B-79C8-4A4A-8DE2-BEF925FC17D5}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{EA98365A-6911-4686-8666-0EB5531AA5B8}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{4F604204-E77B-4F32-B677-3936A09FF7A9}d:\\programy\\codemasters\\dirt\\dirt.exe"= UDP:d:\programy\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{7ED567D0-9892-4E1C-8EF6-9741CEB4B406}d:\\programy\\codemasters\\dirt\\dirt.exe"= TCP:d:\programy\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{0EB86A8C-A51D-410A-9676-82058D197E2A}c:\\program files\\wip miranda im 1.7.1\\miranda32.exe"= UDP:c:\program files\wip miranda im 1.7.1\miranda32.exe:Miranda IM
"UDP Query User{90A88C19-27D1-459C-A8D4-0F1990AAF40C}c:\\program files\\wip miranda im 1.7.1\\miranda32.exe"= TCP:c:\program files\wip miranda im 1.7.1\miranda32.exe:Miranda IM
"TCP Query User{0053DCFD-C731-4CB2-8A4F-5525F3634D85}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DFAAF533-3A46-4852-8B3C-ABB37385036E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0D8B92D2-C121-4B89-B1A6-E2371E42A1F6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{586B6126-1303-4CA6-8D78-3CC02D74E9AD}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9BF3AF75-2420-4561-9591-506DABD5CAA5}c:\\users\\pabo3437196\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\pabo3437196\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{CA27B4C4-31B3-4CE2-84C0-010901C3A66E}c:\\users\\pabo3437196\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\pabo3437196\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{04F9DD1C-40E7-4524-9134-1C02F76C5746}c:\\program files\\ironware communication\\iw ftport client\\cftp32.exe"= UDP:c:\program files\ironware communication\iw ftport client\cftp32.exe:IW FTPort Client
"UDP Query User{9FC2BCB9-4DAE-4B50-A8AA-CEF62E3D8313}c:\\program files\\ironware communication\\iw ftport client\\cftp32.exe"= TCP:c:\program files\ironware communication\iw ftport client\cftp32.exe:IW FTPort Client
"TCP Query User{CD895693-E197-4C1B-B23B-AE81302A2312}c:\\program files\\cesarftp\\server.exe"= UDP:c:\program files\cesarftp\server.exe:Server
"UDP Query User{05761583-655A-49B3-A83F-8B1CCF71E0C3}c:\\program files\\cesarftp\\server.exe"= TCP:c:\program files\cesarftp\server.exe:Server
"TCP Query User{21F4AEFC-C1ED-49D6-A13A-CB17ABD33B18}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{136E8A0F-55D3-4520-8AFB-8788014712E2}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6FE0B2B1-2C88-41E4-8696-F555297C5BF0}c:\\program files\\dassault systemes\\b17\\intel_a\\code\\bin\\cnext.exe"= UDP:c:\program files\dassault systemes\b17\intel_a\code\bin\cnext.exe:CATIA
"UDP Query User{8BF1E945-47DB-439A-84D4-B6C72E3630DC}c:\\program files\\dassault systemes\\b17\\intel_a\\code\\bin\\cnext.exe"= TCP:c:\program files\dassault systemes\b17\intel_a\code\bin\cnext.exe:CATIA
"TCP Query User{078FE97E-A160-4F86-9C16-285B9E73B603}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{FE49EE7C-53B1-4DA0-AF82-FF72015C413B}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{FB98EEEE-69FE-464F-9778-F4406FA0B2FA}c:\\program files\\proewildfire 3.0\\i486_nt\\nms\\nmsd.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe:nmsd
"UDP Query User{5A812D92-9EA1-42F2-84BD-062AD2E261AE}c:\\program files\\proewildfire 3.0\\i486_nt\\nms\\nmsd.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe:nmsd
"TCP Query User{DF3C3FAA-49F8-4DDD-9E03-1A1DA96242E5}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe:pro_comm_msg
"UDP Query User{C05F4E9F-6B98-47FA-A8E4-F0C447BAEE1F}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe:pro_comm_msg
"TCP Query User{C9D2765D-661A-44AF-AB9A-5F55F76C5885}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\xtop.exe"= UDP:c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe:xtop
"UDP Query User{9E557DF6-AE1E-4F95-BDA3-F10D4ADFD2D0}c:\\program files\\proewildfire 3.0\\i486_nt\\obj\\xtop.exe"= TCP:c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe:xtop
"TCP Query User{E3E44AEA-E1BA-4E4F-AFDD-CDAD1C18DA05}c:\\program files\\ugs\\nx 5.0\\ugii\\ugraf.exe"= UDP:c:\program files\ugs\nx 5.0\ugii\ugraf.exe:NX Component
"UDP Query User{152D95EB-D043-470D-A069-B43E4A52258D}c:\\program files\\ugs\\nx 5.0\\ugii\\ugraf.exe"= TCP:c:\program files\ugs\nx 5.0\ugii\ugraf.exe:NX Component
"TCP Query User{B2BAFD15-5AD4-4CF6-9321-CEE6A7857963}c:\\programy\\samsung\\smartviewer 2.0 for prodvr\\smartviewer.exe"= UDP:c:\programy\samsung\smartviewer 2.0 for prodvr\smartviewer.exe:Viewer MFC ?? ????
"UDP Query User{6289B55F-E737-4F63-8292-5E5E4A9464E0}c:\\programy\\samsung\\smartviewer 2.0 for prodvr\\smartviewer.exe"= TCP:c:\programy\samsung\smartviewer 2.0 for prodvr\smartviewer.exe:Viewer MFC ?? ????
"TCP Query User{C444BA46-8475-4217-ADF2-F6BEB9EF58E9}c:\\program files\\wip miranda im 1.7.3\\miranda32.exe"= UDP:c:\program files\wip miranda im 1.7.3\miranda32.exe:Miranda IM
"UDP Query User{A01BFF27-35F9-4E21-9110-DE6D1CBDF15C}c:\\program files\\wip miranda im 1.7.3\\miranda32.exe"= TCP:c:\program files\wip miranda im 1.7.3\miranda32.exe:Miranda IM
"TCP Query User{183F0C0B-17F5-41EE-ADA8-F1AD5BEE763E}c:\\program files\\qip infium\\infium.exe"= UDP:c:\program files\qip infium\infium.exe:QIP Infium
"UDP Query User{31C625E3-AD97-4C08-8C2D-7FB3A7EA41E6}c:\\program files\\qip infium\\infium.exe"= TCP:c:\program files\qip infium\infium.exe:QIP Infium
"{83220C8F-07F1-4CA7-B889-4433BFBC123F}"= UDP:18284:BitComet 18284 TCP
"{72A175EF-C17C-4D5C-AD7E-2D2140679124}"= TCP:18284:BitComet 18284 UDP
"TCP Query User{AD8C330D-4FAD-4276-AF30-6FA9265A0624}c:\\program files\\miranda im\\miranda32.exe"= UDP:c:\program files\miranda im\miranda32.exe:miranda32
"UDP Query User{90AEFDD3-B73E-4F4B-84F1-BCFD5C8BBB86}c:\\program files\\miranda im\\miranda32.exe"= TCP:c:\program files\miranda im\miranda32.exe:miranda32
"{41294058-8868-42D6-AFC5-3375A39C8ED7}"= UDP:c:\program files\uTorrent\utorrent.exe:ÁTorrent (TCP-In)
"{8F20A439-0B7A-482F-A65F-A3DF4A01F37E}"= TCP:c:\program files\uTorrent\utorrent.exe:ÁTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [2006-10-13 14912]
R1 PSched;PlßnovaŔ paket¨ technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-12 72192]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [2008-06-21 66600]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-02-27 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-02-27 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [2008-10-01 65576]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-02-27 73728]
R4 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2007-11-09 8192]
R4 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R4 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2007-02-02 1327104]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\System32\drivers\Amps2prt.sys [2007-05-15 14336]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [2007-08-28 62464]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]
S4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security 2007\TmPfw.exe --> c:\program files\Trend Micro\Internet Security 2007\TmPfw.exe [?]

--- OstatnÝ slu×by/ovladaŔe v pamýti ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
*Deregistered* - sptd
*Deregistered* - tmmbd
*Deregistered* - tmtdi

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b5fd672-0a3e-11dd-a52a-001c23aafa4e}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2009-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789213292-3213421283-2761632414-1001.job
- c:\users\pabo3437196\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-14 11:11]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.kb.cz/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stßhnout odkaz s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stßhnout vÜechna videa s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stßhnout vÜechny odkazy s pou×itÝm BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\pabo3437196\AppData\Roaming\Mozilla\Firefox\Profiles\m0c3j43k.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\pabo3437196\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll

---- NASTAVEN═ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 18:17:16
Windows 6.0.6001 Service Pack 1 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0

**************************************************************************
.
Celkovř Ŕas: 2009-02-01 18:21:10
ComboFix-quarantined-files.txt 2009-02-01 17:20:40
ComboFix2.txt 2009-01-30 21:29:06

P°ed spuÜtýnÝm: 4á397á273á088
Po spuÜtýnÝ: 4,260,425,728

295 --- E O F --- 2009-01-29 14:06:47

[jaro3]

Odinstaluj:
FW: Trend Micro PC-cillin Internet Security (Firewall)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\users\All Users\Symantec
c:\programdata\Symantec
c:\windows\DUMP3ec4.tmp

File::
c:\windows\DUMP3ec4.tmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\System32\iesysprep.dll
Vlož sem pak odkaz výsledku.