Prosím o kontrolu logu HJT (celkově je pc zpomalený) Vyřešeno

[actionboy]

PC je pročištěn Ccleanrem a regcleanrem, přehrávání videa se občas seká
LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:29, on 1.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\QIP\qip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{53190101-7CBF-4AD5-BB54-792FE70940ED}: NameServer = 81.30.225.2,81.30.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5999 bytes

[Reklama]

[jaro3]

Odinstaluj:
Ask Toolbar
AskBarDis

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[actionboy]

Ask toolbar sem nenašel na odinstalovaání, ani v přidat/odebrat programy, ani v ccleaneru.
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1813
Windows 6.0.6001 Service Pack 1

1.3.2009 20:13:12
mbam-log-2009-03-01 (20-13-12).txt

Typ skenu: Rychlý sken
Objektu skenováno: 67462
Uplynulý cas: 5 minute(s), 18 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Pokud máš 32 bitovou verzi win, postupuj takto:
Vypni rez. ochranu u Aviry.+deaktivuj Comodo internet Security.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[actionboy]

tady to je, jen se chci zeptat jestli je to schválně že mi combofix odstranil adresu výchozí brány v sítových připojeních (ja ji tam zase znovu vypsal abych se vubec dostal na net)

ComboFix 09-03-01.01 - Honza 2009-03-02 16:13:20.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2303.1216 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
FW: COMODO Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC.dll
c:\windows\system32\pthreadGC2.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 20:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-01 20:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-01 18:22 . 2009-03-01 18:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 15:58 . 2009-02-28 15:58 <DIR> d-------- c:\program files\RV House
2009-02-28 12:52 . 2009-02-28 12:52 <DIR> d-------- c:\program files\NeroInstall.bak
2009-02-28 12:50 . 2009-02-28 12:50 <DIR> d-------- c:\users\Honza\AppData\Roaming\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\users\All Users\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\programdata\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\program files\Nero
2009-02-28 12:46 . 2009-02-28 12:48 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-27 19:16 . 2009-02-27 19:16 <DIR> d-------- c:\users\All Users\id Software
2009-02-27 19:16 . 2009-02-27 19:16 <DIR> d-------- c:\programdata\id Software
2009-02-27 19:10 . 2009-02-27 19:10 0 --a------ c:\windows\bench32.INI
2009-02-27 17:56 . 2009-02-27 17:56 <DIR> d-------- c:\program files\Acclaim Entertainment
2009-02-27 17:56 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe
2009-02-26 20:03 . 2009-02-26 20:11 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d-------- c:\users\All Users\Autodesk, Inc
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d-------- c:\programdata\Autodesk, Inc
2009-02-26 19:39 . 2009-02-26 20:14 <DIR> d-------- c:\program files\Autodesk
2009-02-26 19:36 . 2009-02-26 19:37 <DIR> d-------- c:\program files\AOEMView 2009
2009-02-26 19:34 . 2009-02-26 19:34 <DIR> d-------- c:\program files\Microsoft WSE
2009-02-26 19:33 . 2009-02-26 20:19 <DIR> d-------- c:\users\Honza\AppData\Roaming\Autodesk
2009-02-26 19:32 . 2009-02-26 20:14 <DIR> d-------- c:\users\All Users\Autodesk
2009-02-26 19:32 . 2009-02-26 20:14 <DIR> d-------- c:\programdata\Autodesk
2009-02-26 19:32 . 2009-02-26 19:33 <DIR> d-------- c:\program files\DWG TrueView 2009
2009-02-26 19:32 . 2009-02-26 19:51 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-02-26 19:22 . 2009-02-27 17:52 <DIR> d-------- c:\users\Honza\AppData\Roaming\DAEMON Tools
2009-02-26 19:22 . 2009-02-26 19:27 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-26 19:19 . 2009-02-26 19:19 715,248 --a------ c:\windows\System32\drivers\sptd.sys
2009-02-25 21:20 . 2009-02-25 21:23 <DIR> d-------- c:\users\Honza\AppData\Roaming\U3
2009-02-24 19:11 . 2009-02-24 19:11 <DIR> d-------- c:\program files\Activision
2009-02-23 16:48 . 2009-02-23 16:48 <DIR> d-------- c:\users\Honza\AppData\Roaming\GRETECH
2009-02-23 16:44 . 2009-02-23 16:44 <DIR> d-------- c:\program files\GRETECH
2009-02-22 17:51 . 2003-02-24 17:17 299,552 --a------ c:\windows\wmsysprx.prx
2009-02-22 17:49 . 2009-02-22 17:49 <DIR> d-------- c:\users\Honza\AppData\Roaming\Acoustica
2009-02-22 17:49 . 2009-02-22 17:52 <DIR> d-------- c:\program files\Acoustica CD Label Maker
2009-02-21 21:24 . 2009-02-21 21:24 <DIR> d-------- c:\program files\Testy Autoškola
2009-02-20 17:51 . 2009-02-27 18:20 189,496 --a------ c:\windows\System32\PnkBstrB.xtr
2009-02-20 17:31 . 2009-02-20 17:31 <DIR> d-------- c:\program files\Windows Doctor
2009-02-16 18:21 . 2009-02-16 18:40 <DIR> d-------- c:\program files\Electronic Arts
2009-02-16 17:57 . 2009-02-16 18:07 <DIR> d-------- c:\program files\RegCleaner
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-16 16:06 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-02-16 16:06 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-02-16 16:06 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-02-16 16:06 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-02-16 16:06 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-02-16 16:06 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-02-16 16:06 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\users\Honza\AppData\Roaming\Locktime
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\users\All Users\Locktime
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\programdata\Locktime
2009-02-14 11:04 . 2009-02-14 11:05 <DIR> d-------- c:\program files\NetLimiter 2 Pro
2009-02-11 22:00 . 2009-02-11 22:22 <DIR> d-------- c:\users\Honza\AppData\Roaming\Bitmeter2
2009-02-11 22:00 . 2009-02-28 22:44 <DIR> d-------- c:\users\All Users\Bitmeter2
2009-02-11 22:00 . 2009-02-28 22:44 <DIR> d-------- c:\programdata\Bitmeter2
2009-02-11 22:00 . 2009-02-11 22:00 <DIR> d-------- c:\program files\Codebox
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\users\All Users\Creative Labs
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\programdata\Creative Labs
2009-02-11 20:04 . 2009-02-11 20:04 <DIR> d-------- c:\users\Honza\AppData\Roaming\Creative
2009-02-11 19:54 . 2009-02-11 19:54 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared
2009-02-11 19:54 . 2000-05-22 16:58 647,872 --------- c:\windows\System32\Mscomct2.ocx
2009-02-11 19:54 . 2006-10-06 14:17 53,248 --------- c:\windows\Ctregrun.exe
2009-02-11 19:44 . 2009-02-11 19:44 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-11 19:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 19:21 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-02-11 19:21 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-02-11 11:33 . 2009-02-11 11:33 <DIR> d-------- c:\users\Honza\AppData\Roaming\IrfanView
2009-02-11 11:33 . 2009-02-11 11:33 <DIR> d-------- c:\program files\IrfanView
2009-02-10 17:01 . 2009-02-10 17:02 <DIR> d-------- c:\users\All Users\Adobe
2009-02-10 17:01 . 2009-02-10 17:01 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-10 11:31 . 2009-02-10 11:31 <DIR> d-------- c:\users\All Users\Skype
2009-02-10 11:31 . 2009-02-10 11:31 <DIR> d-------- c:\programdata\Skype
2009-02-10 10:46 . 2009-02-10 10:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-09 21:23 . 2009-02-09 21:24 <DIR> d-------- c:\program files\MediaCoder
2009-02-08 22:18 . 2009-02-08 22:18 <DIR> d-------- c:\users\Honza\AppData\Roaming\Foxit
2009-02-08 22:18 . 2009-02-08 22:18 <DIR> d-------- c:\program files\Foxit Software
2009-02-08 22:01 . 2009-02-08 22:01 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-08 16:51 . 2009-02-08 16:51 <DIR> d-------- c:\users\Honza\AppData\Roaming\Desktopicon
2009-02-08 16:51 . 2009-02-08 16:52 <DIR> d-------- c:\program files\Unlocker
2009-02-07 19:53 . 2009-02-25 18:54 <DIR> d-------- c:\program files\GamePark
2009-02-07 18:01 . 2009-02-07 20:12 <DIR> d-------- c:\users\Honza\AppData\Roaming\uTorrent
2009-02-07 18:01 . 2009-02-07 18:02 <DIR> d-------- c:\program files\uTorrent
2009-02-07 17:22 . 2007-04-20 13:16 8,393 --a------ c:\windows\System32\CTAPO32.cat
2009-02-07 17:02 . 2009-02-07 16:27 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-02-07 17:02 . 2009-02-07 16:27 47,560 --a------ c:\windows\System32\SPReview.exe
2009-02-07 16:42 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-02-07 16:42 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-02-07 16:41 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-02-07 16:41 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-02-07 16:41 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-02-07 16:29 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-02-07 16:27 . 2009-02-07 17:02 <DIR> d-------- C:\195bcaed02845a243ee2
2009-02-07 16:27 . 2009-02-07 17:06 131,072 --a------ c:\windows\SPInstall.etl
2009-02-07 13:24 . 2009-02-07 13:26 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 13:24 . 2009-02-07 13:30 79,073 --a------ c:\windows\War3Unin.dat
2009-02-07 13:24 . 2009-02-07 13:26 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 13:22 . 2009-03-01 21:20 <DIR> d-------- c:\program files\Warcraft III
2009-02-06 20:54 . 2009-02-06 20:54 <DIR> dr-h----- c:\users\Honza\AppData\Roaming\SecuROM
2009-02-06 20:14 . 2009-02-06 20:14 <DIR> d-------- c:\program files\ffdshow
2009-02-06 20:14 . 2008-06-12 19:36 7,680 --a------ c:\windows\System32\ff_vfw.dll
2009-02-06 20:14 . 2008-06-12 19:37 6,144 --a------ c:\windows\System32\ff_acm.acm
2009-02-06 20:14 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\program files\Deep Silver
2009-02-06 19:44 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-02-06 19:44 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-02-06 19:44 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-02-06 19:44 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-02-06 19:44 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-02-06 19:44 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\windows\System32\AGEIA
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\program files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 20:24 --------- d-----w c:\program files\Testy Autoškola
2009-02-11 18:55 --------- d-----w c:\program files\Windows Mail
2009-02-07 16:38 174 --sha-w c:\program files\desktop.ini
2009-02-07 16:29 --------- d-----w c:\program files\Windows Sidebar
2009-02-07 16:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-07 16:29 --------- d-----w c:\program files\Windows Journal
2009-02-07 16:29 --------- d-----w c:\program files\Windows Defender
2009-02-07 16:29 --------- d-----w c:\program files\Windows Collaboration
2009-02-07 16:29 --------- d-----w c:\program files\Windows Calendar
2009-02-07 16:16 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-07 16:16 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-05 20:23 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-05 20:23 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-05 20:23 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-05 20:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-05 20:23 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-05 20:23 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-05 19:11 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-02-05 16:07 --------- d-----w c:\program files\MSBuild
2009-02-05 15:36 --------- d-sh--w c:\programdata\Plocha
2009-02-05 15:36 --------- d-sh--w c:\programdata\Oblíbené položky
2009-02-05 15:36 --------- d-sh--w c:\programdata\Šablony
2009-02-05 15:36 --------- d-sh--w c:\programdata\Nabídka Start
2009-02-05 15:36 --------- d-sh--w c:\programdata\Dokumenty
2009-02-05 15:36 --------- d-sh--w c:\programdata\Data aplikací
2008-12-05 04:32 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-12-05 04:32 293,376 ----a-w c:\windows\System32\psisdecd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-01 1851128]
"P17RunE"="P17RunE.dll" [2007-04-09 c:\windows\System32\P17RunE.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
--a------ 2007-07-31 00:42 906528 c:\program files\ScanSoft\OmniPage16\OpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 08:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-18 23:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1714877282-3552057300-8663167-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{389F3DED-8F9F-4ACC-B487-16A3205C321C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{189CFCA1-8048-4448-A969-89138373B593}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{176BE266-6841-4E29-9164-88A47D716BC8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FB8A6737-DB7E-4BC5-8619-2147EF4246D7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31F70F74-7E83-4EE6-A8A8-C27246622163}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F5AD9E5-5F23-4133-82CA-15C589907AFF}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{14F8DED2-36D1-4D79-B1BC-519855958418}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{0134D0BF-219A-479F-B1C3-9473CD464FAB}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{3EB07886-2718-4D5F-BC6A-209AE142A478}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"TCP Query User{ADFAFACB-C6ED-4DE4-B8A2-30FB32A5EE6A}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{44B06C4D-D031-4664-9A25-45D63A03C3C1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{F01253B9-1308-4858-B25A-0A3B52911180}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7041D2B9-1C6E-4A07-A227-345602A83ED7}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1CA39592-30E7-4BB7-98CF-71BDE4D34700}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4733882B-9CC4-477A-BFB4-D43E756AEB4E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{0F70EF7B-884E-4665-A73E-02A8CB6861B0}c:\\program files\\activision\\call of duty - world at war\\codwaw-lanfixed.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw-lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{60247F6D-ED30-4EF2-957C-21B90DEF0D00}c:\\program files\\activision\\call of duty - world at war\\codwaw-lanfixed.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw-lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"{45942EDC-3D09-4B97-90D6-C23BFF7C4247}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{386FD032-59C0-412A-A087-44E9475CE17A}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{DD433D28-CCEE-4BF5-9932-0A551D53826B}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{1B2CB8E6-5E72-4B3F-A5F3-10DAC7106120}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{09026263-CA5F-4167-B3C0-E947ED1EF53A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{9DDA7BF9-D445-4821-9E3E-3C44991AE418}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{147655A2-6873-406E-A6AA-0A319304020D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D1D8017B-6E98-4947-8B5B-35EF63D0CE44}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{223FF069-B143-4C92-8394-FB84CE3A7ED1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B719BDA6-E10F-4C83-B47F-326F956E39BA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{221F47F7-589C-450B-A8AA-769C6BAADA71}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{924FBD8E-3DA8-4B65-86A4-DC28E8380AFB}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{0F92C3B6-3770-4BC1-947A-6AA14C95277E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A3FC0F97-4E4D-480C-93DB-A81B155F99B3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{2071E478-D685-43C5-93D5-A721F0294ABD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{408BDFF1-6AAA-4BD6-BB41-57137FD60484}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F1545781-E41E-4898-AF88-3AA563FF9CEA}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{F88DF5C8-9925-49F6-B2E3-5DFA675DA1A6}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FA6FF3CB-7CDA-4F8D-A8C1-91E9EF07E41A}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{C771AAB8-6AE0-469D-8032-E71CABBC19CC}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{BD9A2AF7-1B33-47F8-ACE3-1755987CF243}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{D31E3996-DB45-4B14-B4F2-1540BB9723A3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{AEB09B1B-A9E1-4756-9A2A-3E5969953C5E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{B79AC5DF-2CCF-424D-B08C-DD5608A5776A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-02-05 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-02-05 25104]
R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [2007-04-23 82200]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2009-02-11 72192]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-02-05 68865]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-02-11 79360]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {53190101-7CBF-4AD5-BB54-792FE70940ED} = 81.30.225.2,81.30.224.2
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\i437g2hr.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 16:18:11
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-03-02 16:21:43
ComboFix-quarantined-files.txt 2009-03-02 15:21:39

Před spuštěním: 3 500 036 096
Po spuštění: 3,349,745,664

306 --- E O F --- 2009-02-11 18:52:22

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\program files\NeroInstall.bak

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[actionboy]

ComboFix 09-03-01.01 - Honza 2009-03-02 19:08:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2303.1074 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
FW: COMODO Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NeroInstall.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-01 20:05 . 2009-03-01 20:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 20:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-01 20:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-01 18:22 . 2009-03-01 18:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 15:58 . 2009-02-28 15:58 <DIR> d-------- c:\program files\RV House
2009-02-28 12:50 . 2009-02-28 12:50 <DIR> d-------- c:\users\Honza\AppData\Roaming\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\users\All Users\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\programdata\Nero
2009-02-28 12:46 . 2009-02-28 12:46 <DIR> d-------- c:\program files\Nero
2009-02-28 12:46 . 2009-02-28 12:48 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-27 19:16 . 2009-02-27 19:16 <DIR> d-------- c:\users\All Users\id Software
2009-02-27 19:16 . 2009-02-27 19:16 <DIR> d-------- c:\programdata\id Software
2009-02-27 19:10 . 2009-02-27 19:10 0 --a------ c:\windows\bench32.INI
2009-02-27 17:56 . 2009-02-27 17:56 <DIR> d-------- c:\program files\Acclaim Entertainment
2009-02-27 17:56 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe
2009-02-26 20:03 . 2009-02-26 20:11 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d-------- c:\users\All Users\Autodesk, Inc
2009-02-26 19:39 . 2009-02-26 19:39 <DIR> d-------- c:\programdata\Autodesk, Inc
2009-02-26 19:39 . 2009-02-26 20:14 <DIR> d-------- c:\program files\Autodesk
2009-02-26 19:36 . 2009-02-26 19:37 <DIR> d-------- c:\program files\AOEMView 2009
2009-02-26 19:34 . 2009-02-26 19:34 <DIR> d-------- c:\program files\Microsoft WSE
2009-02-26 19:33 . 2009-02-26 20:19 <DIR> d-------- c:\users\Honza\AppData\Roaming\Autodesk
2009-02-26 19:32 . 2009-02-26 20:14 <DIR> d-------- c:\users\All Users\Autodesk
2009-02-26 19:32 . 2009-02-26 20:14 <DIR> d-------- c:\programdata\Autodesk
2009-02-26 19:32 . 2009-02-26 19:33 <DIR> d-------- c:\program files\DWG TrueView 2009
2009-02-26 19:32 . 2009-02-26 19:51 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-02-26 19:22 . 2009-02-27 17:52 <DIR> d-------- c:\users\Honza\AppData\Roaming\DAEMON Tools
2009-02-26 19:22 . 2009-02-26 19:27 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-26 19:19 . 2009-02-26 19:19 715,248 --a------ c:\windows\System32\drivers\sptd.sys
2009-02-25 21:20 . 2009-02-25 21:23 <DIR> d-------- c:\users\Honza\AppData\Roaming\U3
2009-02-24 19:11 . 2009-02-24 19:11 <DIR> d-------- c:\program files\Activision
2009-02-23 16:48 . 2009-02-23 16:48 <DIR> d-------- c:\users\Honza\AppData\Roaming\GRETECH
2009-02-23 16:44 . 2009-02-23 16:44 <DIR> d-------- c:\program files\GRETECH
2009-02-22 17:51 . 2003-02-24 17:17 299,552 --a------ c:\windows\wmsysprx.prx
2009-02-22 17:49 . 2009-02-22 17:49 <DIR> d-------- c:\users\Honza\AppData\Roaming\Acoustica
2009-02-22 17:49 . 2009-02-22 17:52 <DIR> d-------- c:\program files\Acoustica CD Label Maker
2009-02-21 21:24 . 2009-02-21 21:24 <DIR> d-------- c:\program files\Testy Autoškola
2009-02-20 17:51 . 2009-02-27 18:20 189,496 --a------ c:\windows\System32\PnkBstrB.xtr
2009-02-20 17:31 . 2009-02-20 17:31 <DIR> d-------- c:\program files\Windows Doctor
2009-02-16 18:21 . 2009-02-16 18:40 <DIR> d-------- c:\program files\Electronic Arts
2009-02-16 17:57 . 2009-02-16 18:07 <DIR> d-------- c:\program files\RegCleaner
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-16 16:41 . 2009-02-16 16:41 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-16 16:06 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-02-16 16:06 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-02-16 16:06 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-02-16 16:06 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-02-16 16:06 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-02-16 16:06 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-02-16 16:06 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\users\Honza\AppData\Roaming\Locktime
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\users\All Users\Locktime
2009-02-14 11:05 . 2009-02-14 11:05 <DIR> d-------- c:\programdata\Locktime
2009-02-14 11:04 . 2009-02-14 11:05 <DIR> d-------- c:\program files\NetLimiter 2 Pro
2009-02-11 22:00 . 2009-02-11 22:22 <DIR> d-------- c:\users\Honza\AppData\Roaming\Bitmeter2
2009-02-11 22:00 . 2009-03-02 19:07 <DIR> d-------- c:\users\All Users\Bitmeter2
2009-02-11 22:00 . 2009-03-02 19:07 <DIR> d-------- c:\programdata\Bitmeter2
2009-02-11 22:00 . 2009-02-11 22:00 <DIR> d-------- c:\program files\Codebox
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\users\All Users\Creative Labs
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\programdata\Creative Labs
2009-02-11 20:04 . 2009-02-11 20:04 <DIR> d-------- c:\users\Honza\AppData\Roaming\Creative
2009-02-11 19:54 . 2009-02-11 19:54 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared
2009-02-11 19:54 . 2000-05-22 16:58 647,872 --------- c:\windows\System32\Mscomct2.ocx
2009-02-11 19:54 . 2006-10-06 14:17 53,248 --------- c:\windows\Ctregrun.exe
2009-02-11 19:44 . 2009-02-11 19:44 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-11 19:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 19:21 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-02-11 19:21 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-02-11 11:33 . 2009-02-11 11:33 <DIR> d-------- c:\users\Honza\AppData\Roaming\IrfanView
2009-02-11 11:33 . 2009-02-11 11:33 <DIR> d-------- c:\program files\IrfanView
2009-02-10 17:01 . 2009-02-10 17:02 <DIR> d-------- c:\users\All Users\Adobe
2009-02-10 17:01 . 2009-02-10 17:01 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-10 11:31 . 2009-02-10 11:31 <DIR> d-------- c:\users\All Users\Skype
2009-02-10 11:31 . 2009-02-10 11:31 <DIR> d-------- c:\programdata\Skype
2009-02-10 10:46 . 2009-02-10 10:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-09 21:23 . 2009-02-09 21:24 <DIR> d-------- c:\program files\MediaCoder
2009-02-08 22:18 . 2009-02-08 22:18 <DIR> d-------- c:\users\Honza\AppData\Roaming\Foxit
2009-02-08 22:18 . 2009-02-08 22:18 <DIR> d-------- c:\program files\Foxit Software
2009-02-08 22:01 . 2009-02-08 22:01 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-08 16:51 . 2009-02-08 16:51 <DIR> d-------- c:\users\Honza\AppData\Roaming\Desktopicon
2009-02-08 16:51 . 2009-02-08 16:52 <DIR> d-------- c:\program files\Unlocker
2009-02-07 19:53 . 2009-02-25 18:54 <DIR> d-------- c:\program files\GamePark
2009-02-07 18:01 . 2009-02-07 20:12 <DIR> d-------- c:\users\Honza\AppData\Roaming\uTorrent
2009-02-07 18:01 . 2009-02-07 18:02 <DIR> d-------- c:\program files\uTorrent
2009-02-07 17:22 . 2007-04-20 13:16 8,393 --a------ c:\windows\System32\CTAPO32.cat
2009-02-07 17:02 . 2009-02-07 16:27 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-02-07 17:02 . 2009-02-07 16:27 47,560 --a------ c:\windows\System32\SPReview.exe
2009-02-07 16:42 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-02-07 16:42 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-02-07 16:41 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-02-07 16:41 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-02-07 16:41 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-02-07 16:29 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-02-07 16:27 . 2009-02-07 17:02 <DIR> d-------- C:\195bcaed02845a243ee2
2009-02-07 16:27 . 2009-02-07 17:06 131,072 --a------ c:\windows\SPInstall.etl
2009-02-07 13:24 . 2009-02-07 13:26 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 13:24 . 2009-02-07 13:30 79,073 --a------ c:\windows\War3Unin.dat
2009-02-07 13:24 . 2009-02-07 13:26 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 13:22 . 2009-03-01 21:20 <DIR> d-------- c:\program files\Warcraft III
2009-02-06 20:54 . 2009-02-06 20:54 <DIR> dr-h----- c:\users\Honza\AppData\Roaming\SecuROM
2009-02-06 20:14 . 2009-02-06 20:14 <DIR> d-------- c:\program files\ffdshow
2009-02-06 20:14 . 2008-06-12 19:36 7,680 --a------ c:\windows\System32\ff_vfw.dll
2009-02-06 20:14 . 2008-06-12 19:37 6,144 --a------ c:\windows\System32\ff_acm.acm
2009-02-06 20:14 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2009-02-06 20:13 . 2009-02-06 20:13 <DIR> d-------- c:\program files\Deep Silver
2009-02-06 19:44 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-02-06 19:44 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-02-06 19:44 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-02-06 19:44 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-02-06 19:44 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-02-06 19:44 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\windows\System32\AGEIA
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-06 19:24 . 2009-02-06 19:24 <DIR> d-------- c:\program files\AGEIA Technologies
2009-02-06 17:48 . 2009-02-06 17:48 <DIR> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 20:24 --------- d-----w c:\program files\Testy Autoškola
2009-02-11 18:55 --------- d-----w c:\program files\Windows Mail
2009-02-07 16:38 174 --sha-w c:\program files\desktop.ini
2009-02-07 16:29 --------- d-----w c:\program files\Windows Sidebar
2009-02-07 16:29 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-07 16:29 --------- d-----w c:\program files\Windows Journal
2009-02-07 16:29 --------- d-----w c:\program files\Windows Defender
2009-02-07 16:29 --------- d-----w c:\program files\Windows Collaboration
2009-02-07 16:29 --------- d-----w c:\program files\Windows Calendar
2009-02-07 16:16 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-07 16:16 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-05 20:23 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-05 20:23 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-05 20:23 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-05 20:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-05 20:23 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-05 20:23 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-05 19:11 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-02-05 16:07 --------- d-----w c:\program files\MSBuild
2009-02-05 15:36 --------- d-sh--w c:\programdata\Plocha
2009-02-05 15:36 --------- d-sh--w c:\programdata\Oblíbené položky
2009-02-05 15:36 --------- d-sh--w c:\programdata\Šablony
2009-02-05 15:36 --------- d-sh--w c:\programdata\Nabídka Start
2009-02-05 15:36 --------- d-sh--w c:\programdata\Dokumenty
2009-02-05 15:36 --------- d-sh--w c:\programdata\Data aplikací
2008-12-05 04:32 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-12-05 04:32 293,376 ----a-w c:\windows\System32\psisdecd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_16.19.11,40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-02 15:25:59 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-02 15:25:59 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 15:25:59 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-02 14:55:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 15:26:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 15:26:12 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-02 15:18:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:14:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:14:23 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-02 15:00:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-02 16:53:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-02 15:00:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 16:53:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-02 15:00:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-02 16:53:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-01 12:05:35 138,784 ----a-w c:\windows\System32\drivers\PnkBstrK.sys
+ 2009-03-02 17:53:21 138,784 ----a-w c:\windows\System32\drivers\PnkBstrK.sys
- 2009-03-02 15:01:21 133,820 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-02 15:37:24 133,820 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-02 15:01:21 119,718 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-02 15:37:24 119,718 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-02 15:01:21 648,562 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-02 15:37:24 648,562 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-02 15:01:21 636,592 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-02 15:37:24 636,592 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-01 12:05:13 188,896 ----a-w c:\windows\System32\PnkBstrB.exe
+ 2009-03-02 17:52:56 188,896 ----a-w c:\windows\System32\PnkBstrB.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-01 1851128]
"P17RunE"="P17RunE.dll" [2007-04-09 c:\windows\System32\P17RunE.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 c:\windows\SOUNDMAN.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-06-29 1462272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
--a------ 2007-07-31 00:42 906528 c:\program files\ScanSoft\OmniPage16\OpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 08:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-18 23:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1714877282-3552057300-8663167-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{389F3DED-8F9F-4ACC-B487-16A3205C321C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{189CFCA1-8048-4448-A969-89138373B593}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{176BE266-6841-4E29-9164-88A47D716BC8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FB8A6737-DB7E-4BC5-8619-2147EF4246D7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31F70F74-7E83-4EE6-A8A8-C27246622163}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F5AD9E5-5F23-4133-82CA-15C589907AFF}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{14F8DED2-36D1-4D79-B1BC-519855958418}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{0134D0BF-219A-479F-B1C3-9473CD464FAB}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{3EB07886-2718-4D5F-BC6A-209AE142A478}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"TCP Query User{ADFAFACB-C6ED-4DE4-B8A2-30FB32A5EE6A}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{44B06C4D-D031-4664-9A25-45D63A03C3C1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{F01253B9-1308-4858-B25A-0A3B52911180}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7041D2B9-1C6E-4A07-A227-345602A83ED7}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1CA39592-30E7-4BB7-98CF-71BDE4D34700}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4733882B-9CC4-477A-BFB4-D43E756AEB4E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{0F70EF7B-884E-4665-A73E-02A8CB6861B0}c:\\program files\\activision\\call of duty - world at war\\codwaw-lanfixed.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw-lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{60247F6D-ED30-4EF2-957C-21B90DEF0D00}c:\\program files\\activision\\call of duty - world at war\\codwaw-lanfixed.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw-lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"{45942EDC-3D09-4B97-90D6-C23BFF7C4247}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{386FD032-59C0-412A-A087-44E9475CE17A}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{DD433D28-CCEE-4BF5-9932-0A551D53826B}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{1B2CB8E6-5E72-4B3F-A5F3-10DAC7106120}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{09026263-CA5F-4167-B3C0-E947ED1EF53A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{9DDA7BF9-D445-4821-9E3E-3C44991AE418}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{147655A2-6873-406E-A6AA-0A319304020D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D1D8017B-6E98-4947-8B5B-35EF63D0CE44}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{223FF069-B143-4C92-8394-FB84CE3A7ED1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B719BDA6-E10F-4C83-B47F-326F956E39BA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{221F47F7-589C-450B-A8AA-769C6BAADA71}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{924FBD8E-3DA8-4B65-86A4-DC28E8380AFB}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{0F92C3B6-3770-4BC1-947A-6AA14C95277E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{A3FC0F97-4E4D-480C-93DB-A81B155F99B3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{2071E478-D685-43C5-93D5-A721F0294ABD}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{408BDFF1-6AAA-4BD6-BB41-57137FD60484}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F1545781-E41E-4898-AF88-3AA563FF9CEA}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{F88DF5C8-9925-49F6-B2E3-5DFA675DA1A6}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FA6FF3CB-7CDA-4F8D-A8C1-91E9EF07E41A}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{C771AAB8-6AE0-469D-8032-E71CABBC19CC}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{BD9A2AF7-1B33-47F8-ACE3-1755987CF243}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{D31E3996-DB45-4B14-B4F2-1540BB9723A3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{AEB09B1B-A9E1-4756-9A2A-3E5969953C5E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{B79AC5DF-2CCF-424D-B08C-DD5608A5776A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-02-05 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-02-05 25104]
R1 nltdi;nltdi;c:\windows\System32\drivers\nltdi.sys [2007-04-23 82200]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2009-02-11 72192]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-02-05 68865]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-02-11 79360]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {53190101-7CBF-4AD5-BB54-792FE70940ED} = 81.30.225.2,81.30.224.2
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\i437g2hr.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 19:14:32
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(4696)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-03-02 19:19:03
ComboFix-quarantined-files.txt 2009-03-02 18:18:39
ComboFix2.txt 2009-03-02 15:21:45

Před spuštěním: 2 870 083 584
Po spuštění: 4,624,584,704

341 --- E O F --- 2009-02-11 18:52:22





HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:39, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\QIP\qip.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{53190101-7CBF-4AD5-BB54-792FE70940ED}: NameServer = 81.30.225.2,81.30.224.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{53190101-7CBF-4AD5-BB54-792FE70940ED}: NameServer = 81.30.225.2,81.30.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5436 bytes
+ poděkování, že se mi věnuješ

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O20 - AppInit_DLLs:

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj si javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Vše.

[actionboy]

Děkuji ti mnohokrát