prosim o kontrolu logu

Kotik · Příspěvekod **Kotik** » 28 led 2010 21:10

Prosim zkontrolovat log, zniceho nic mi pribyly procesy(driv sem mel 36, ted mam 42). jen tak pro kontrolu...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:06, on 28.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATITool\ATITool.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\KYE\WebMate\BM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B21E05E9-9AD3-4797-9F13-44ECC7568F96}: NameServer = 212.80.70.2,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/X/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7578 bytes

Reklama

Příspěvekod **mmmartin** » 01 úno 2010 20:24

Zpět do TOP 30.

Kotik · Příspěvekod **Kotik** » 04 úno 2010 18:21

prosim co to ma znamenat???...nerozumim tomu :-)

Příspěvekod **jaro3** » 05 úno 2010 18:16

Odinstaluj:
ICQToolBar

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Kotik · Příspěvekod **Kotik** » 07 úno 2010 20:16

tak tady je nejdřív log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:20, on 7.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATITool\ATITool.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\KYE\WebMate\BM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B21E05E9-9AD3-4797-9F13-44ECC7568F96}: NameServer = 212.80.70.2,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/X/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 5903 bytes

A log z MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3702
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7.2.2010 20:14:53
mbam-log-2010-02-07 (20-14-48).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 108617
Uplynulý čas: 4 minute(s), 43 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Kotik · Příspěvekod **Kotik** » 11 úno 2010 18:45

prosim moc... :-)

Příspěvekod **jaro3** » 11 úno 2010 19:12

Ty fixy v HJT zopakuj , něco zůstalo. (02)

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Kotik · Příspěvekod **Kotik** » 13 úno 2010 18:42

Tak tady je ten log z COMBOFIXU:
ComboFix 10-02-12.01 - X 13.02.2010 18:29:49.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.595 [GMT 1:00]
Spuštěný z: c:\documents and settings\X\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 16:02 . 2010-02-13 16:02 -------- d-----w- c:\program files\GamePark
2010-02-07 19:08 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 19:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 16:57 . 2010-02-04 18:27 -------- d-----w- c:\program files\a-squared Free
2010-02-02 16:56 . 2010-02-04 18:44 -------- d-----w- C:\spywarebegone
2010-01-26 15:23 . 2010-01-26 15:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-26 15:22 . 2010-02-13 17:33 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 19:55 . 2010-02-07 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 19:07 . 2010-01-18 19:07 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-18 17:26 . 2010-02-08 15:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-01-17 15:03 . 2010-01-18 19:07 -------- d-----w- c:\program files\Common Files\Real
2010-01-17 15:03 . 2010-01-17 15:03 -------- d-----w- c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 19:57 . 2008-05-10 15:22 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-12 19:57 . 2008-05-10 15:22 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavasoft
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavalys1
2010-02-02 16:56 . 2007-09-08 20:34 737280 ----a-w- c:\windows\iun6002.exe
2010-01-31 09:34 . 2009-12-25 20:59 -------- d-----w- c:\program files\Richard Burns Rally
2010-01-31 08:14 . 2007-09-07 01:33 -------- d-----w- c:\program files\ATITool
2010-01-29 09:18 . 2009-01-15 15:21 -------- d-----w- c:\program files\valve
2010-01-17 15:03 . 2007-09-06 02:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-10 17:47 . 2009-06-06 16:12 -------- d-----w- c:\program files\Activision
2010-01-10 14:00 . 2009-05-21 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 15:18 . 2010-01-07 15:18 -------- d-----w- c:\program files\Empire Interactive
2009-12-29 15:09 . 2009-12-29 15:09 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 18:02 . 2009-07-06 14:00 -------- d-----w- c:\program files\HLSW
2009-12-08 17:21 . 2009-12-08 17:21 34 ---ha-w- c:\windows\system32\DVDRipper_sysquict.dat
2009-11-24 23:54 . 2009-01-18 17:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-01-18 17:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-01-18 17:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-01-18 17:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-01-18 17:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-01-18 17:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-01-18 17:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-01-18 17:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-01-18 17:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"ATITool"="c:\program files\ATITool\ATITool.exe" [2007-06-21 3119616]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-18 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8287:TCP"= 8287:TCP:BitComet 8287 TCP
"8287:UDP"= 8287:UDP:BitComet 8287 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.1.2009 18:55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.1.2009 18:55 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [5.9.2007 12:36 35840]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [7.10.2007 13:50 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [7.10.2007 13:23 64896]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 15:08 8704]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {B21E05E9-9AD3-4797-9F13-44ECC7568F96} = 212.80.70.2,212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-13 18:34:59
ComboFix-quarantined-files.txt 2010-02-13 17:34

Před spuštěním: Volných bajtů: 90 244 546 560
Po spuštění: Volných bajtů: 90 216 923 136

- - End Of File - - C6A2FB4B422550CF16B47F47C871CD1D

Kotik · Příspěvekod **Kotik** » 13 úno 2010 18:44

Jo, prosím pošlete mi autorun. (Mám na mysli, aby se mi zobrazil výběr akce, např. po vložení flashky bo DVD atd. Doufám že to pochopíte, co chci říct:D:D. A tady je ten log z COMBOFIXU:
ComboFix 10-02-12.01 - X 13.02.2010 18:29:49.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.595 [GMT 1:00]
Spuštěný z: c:\documents and settings\X\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 16:02 . 2010-02-13 16:02 -------- d-----w- c:\program files\GamePark
2010-02-07 19:08 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 19:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 16:57 . 2010-02-04 18:27 -------- d-----w- c:\program files\a-squared Free
2010-02-02 16:56 . 2010-02-04 18:44 -------- d-----w- C:\spywarebegone
2010-01-26 15:23 . 2010-01-26 15:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-26 15:22 . 2010-02-13 17:33 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 19:55 . 2010-02-07 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 19:07 . 2010-01-18 19:07 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-18 17:26 . 2010-02-08 15:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-01-17 15:03 . 2010-01-18 19:07 -------- d-----w- c:\program files\Common Files\Real
2010-01-17 15:03 . 2010-01-17 15:03 -------- d-----w- c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 19:57 . 2008-05-10 15:22 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-12 19:57 . 2008-05-10 15:22 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavasoft
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavalys1
2010-02-02 16:56 . 2007-09-08 20:34 737280 ----a-w- c:\windows\iun6002.exe
2010-01-31 09:34 . 2009-12-25 20:59 -------- d-----w- c:\program files\Richard Burns Rally
2010-01-31 08:14 . 2007-09-07 01:33 -------- d-----w- c:\program files\ATITool
2010-01-29 09:18 . 2009-01-15 15:21 -------- d-----w- c:\program files\valve
2010-01-17 15:03 . 2007-09-06 02:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-10 17:47 . 2009-06-06 16:12 -------- d-----w- c:\program files\Activision
2010-01-10 14:00 . 2009-05-21 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 15:18 . 2010-01-07 15:18 -------- d-----w- c:\program files\Empire Interactive
2009-12-29 15:09 . 2009-12-29 15:09 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 18:02 . 2009-07-06 14:00 -------- d-----w- c:\program files\HLSW
2009-12-08 17:21 . 2009-12-08 17:21 34 ---ha-w- c:\windows\system32\DVDRipper_sysquict.dat
2009-11-24 23:54 . 2009-01-18 17:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-01-18 17:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-01-18 17:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-01-18 17:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-01-18 17:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-01-18 17:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-01-18 17:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-01-18 17:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-01-18 17:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"ATITool"="c:\program files\ATITool\ATITool.exe" [2007-06-21 3119616]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-18 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8287:TCP"= 8287:TCP:BitComet 8287 TCP
"8287:UDP"= 8287:UDP:BitComet 8287 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.1.2009 18:55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.1.2009 18:55 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [5.9.2007 12:36 35840]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [7.10.2007 13:50 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [7.10.2007 13:23 64896]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 15:08 8704]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {B21E05E9-9AD3-4797-9F13-44ECC7568F96} = 212.80.70.2,212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-13 18:34:59
ComboFix-quarantined-files.txt 2010-02-13 17:34

Před spuštěním: Volných bajtů: 90 244 546 560
Po spuštění: Volných bajtů: 90 216 923 136

- - End Of File - - C6A2FB4B422550CF16B47F47C871CD1D

Příspěvekod **jaro3** » 13 úno 2010 20:51

Odinstaluj:
a-squared Free
spywarebegone

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\iun6002.exe

Folder::
c:\program files\ICQ6Toolbar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\DVDRipper_sysquict.dat
Vlož sem pak odkaz na stránku s výsledky.

Kotik · Příspěvekod **Kotik** » 05 bře 2010 14:50

log po combofixu:ComboFix 10-03-04.05 - X 05.03.2010 14:34:15.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.615 [GMT 1:00]
Spuštěný z: c:\documents and settings\X\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\X\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100305-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\iun6002.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\iun6002.exe
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-04 16:55 . 2010-03-04 16:55 -------- d-----w- c:\program files\MSBuild
2010-03-04 16:52 . 2010-03-04 16:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-04 16:51 . 2010-03-04 16:51 -------- d-----w- c:\program files\Reference Assemblies
2010-03-04 16:51 . 2010-03-04 17:05 -------- d-----w- c:\program files\Converter
2010-02-13 16:02 . 2010-02-13 16:02 -------- d-----w- c:\program files\GamePark
2010-02-04 16:57 . 2010-02-04 18:27 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 16:55 . 2001-10-25 12:00 81286 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 16:55 . 2001-10-25 12:00 432668 ----a-w- c:\windows\system32\perfh005.dat
2010-03-03 19:15 . 2008-05-10 15:22 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-03 19:15 . 2008-05-10 15:22 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-27 17:16 . 2009-12-25 20:59 -------- d-----w- c:\program files\Richard Burns Rally
2010-02-26 15:19 . 2010-01-18 17:26 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-21 15:17 . 2010-01-24 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 12:58 . 2009-09-13 17:56 -------- d-----w- c:\program files\DsNET Corp
2010-02-14 19:25 . 2009-12-05 15:56 -------- d-----w- c:\program files\FreeTime
2010-02-13 17:33 . 2010-01-26 15:22 -------- d-----w- c:\program files\ICQ6.5
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavasoft
2010-02-04 17:40 . 2010-02-04 17:40 0 ----a-w- c:\program files\Lavalys1
2010-01-31 08:14 . 2007-09-07 01:33 -------- d-----w- c:\program files\ATITool
2010-01-29 09:18 . 2009-01-15 15:21 -------- d-----w- c:\program files\valve
2010-01-18 19:07 . 2010-01-17 15:03 -------- d-----w- c:\program files\Common Files\Real
2010-01-18 19:07 . 2010-01-18 19:07 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-17 15:03 . 2007-09-06 02:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-17 15:03 . 2010-01-17 15:03 -------- d-----w- c:\program files\Real
2010-01-10 17:47 . 2009-06-06 16:12 -------- d-----w- c:\program files\Activision
2010-01-10 14:00 . 2009-05-21 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 15:18 . 2010-01-07 15:18 -------- d-----w- c:\program files\Empire Interactive
2009-12-29 15:09 . 2009-12-29 15:09 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-17 04:53 . 2004-08-17 13:49 1386496 ----a-w- c:\windows\system32\msvbvm60.dll
2009-12-08 17:21 . 2009-12-08 17:21 34 ---ha-w- c:\windows\system32\DVDRipper_sysquict.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_17.33.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 13:39 . 2010-03-05 13:39 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
+ 2006-10-20 20:29 . 2006-10-20 20:29 20768 c:\windows\system32\PresentationHostProxy.dll
+ 2001-10-25 12:00 . 2010-03-04 16:55 70202 c:\windows\system32\perfc009.dat
+ 2006-07-19 09:55 . 2006-07-19 09:55 86728 c:\windows\system32\msxml6r.dll
+ 2006-10-30 02:33 . 2006-10-30 02:33 83968 c:\windows\system32\infocardapi.dll
+ 2006-10-20 20:29 . 2006-10-20 20:29 69408 c:\windows\system32\dxva2.dll
+ 2006-10-20 20:21 . 2006-10-20 20:21 14848 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2006-10-20 20:21 . 2006-10-20 20:21 36864 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-20 20:21 . 2006-10-20 20:21 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-20 20:29 . 2006-10-20 20:29 72992 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-07-25 20:32 . 2006-07-25 20:32 14648 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-30 02:34 . 2006-10-30 02:34 16384 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 94208 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 11264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 61440 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2010-03-04 16:51 . 2010-03-04 16:51 80896 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-29 22:18 . 2006-10-29 22:18 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 99328 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 99840 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 99840 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 99840 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 99840 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 98816 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-29 22:15 . 2006-10-29 22:15 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 90112 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 90624 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 82432 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 83968 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 82944 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 84480 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 86528 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 83968 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 87040 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 88064 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 89600 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 91648 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 82944 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 94208 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 89600 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 87040 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 86016 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 80384 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 02:25 . 2006-10-30 02:25 99600 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 03:06 . 2006-10-30 03:06 74012 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2010-03-04 16:53 . 2010-03-04 16:53 51200 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4d9ca72e24bab743a2f08d4b5f527f26\UIAutomationProvider.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 49152 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0a8c662ae9537c42927671ac677f3b5a\PresentationFontCache.ni.exe
+ 2010-03-04 16:53 . 2010-03-04 16:53 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\04ee0625afaea84787520cc072ef1aca\PresentationCFFRasterizer.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\34706f1c74c8de4ebc094d785d401302\Microsoft.VisualC.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 81920 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 86016 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 32768 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 16384 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 94208 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2006-10-30 02:33 . 2006-10-30 02:33 9480 c:\windows\system32\icardres.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 2560 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-10-20 20:29 . 2006-10-20 20:29 304928 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-10-20 20:29 . 2006-10-20 20:29 159008 c:\windows\system32\UIAutomationCore.dll
+ 2006-08-24 15:15 . 2006-08-24 15:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2006-10-20 20:30 . 2006-10-20 20:30 769312 c:\windows\system32\PresentationNative_v0300.dll
+ 2006-10-20 20:29 . 2006-10-20 20:29 344352 c:\windows\system32\PresentationHost.exe
+ 2006-10-20 20:29 . 2006-10-20 20:29 104224 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2001-10-25 12:00 . 2010-03-04 16:55 436056 c:\windows\system32\perfh009.dat
+ 2006-10-30 02:33 . 2006-10-30 02:33 556296 c:\windows\system32\icardagt.exe
+ 2007-09-05 11:40 . 2010-03-05 13:12 137256 c:\windows\system32\FNTCACHE.DAT
+ 2006-10-20 20:30 . 2006-10-20 20:30 478496 c:\windows\system32\evr.dll
+ 2006-10-20 20:21 . 2006-10-20 20:21 897024 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-20 20:29 . 2006-10-20 20:29 106272 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-20 15:08 . 2006-10-20 15:08 797696 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 143360 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-10-30 02:34 . 2006-10-30 02:34 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 884736 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 122880 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 02:34 . 2006-10-30 02:34 151552 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 02:34 . 2006-10-30 02:34 352256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 626440 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2006-10-30 02:33 . 2006-10-30 02:33 741376 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2006-10-30 02:34 . 2006-10-30 02:34 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 02:18 . 2006-10-30 02:18 102400 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 02:19 . 2006-10-30 02:19 101376 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 101376 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 102400 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 02:18 . 2006-10-30 02:18 103424 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 104448 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 02:17 . 2006-10-30 02:17 102400 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-29 22:18 . 2006-10-29 22:18 816128 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-29 22:20 . 2006-10-29 22:20 541184 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-29 22:18 . 2006-10-29 22:18 590848 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 03:04 . 2006-10-30 03:04 557056 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.msi
+ 2006-10-30 02:25 . 2006-10-30 02:25 365320 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 02:25 . 2006-10-30 02:25 167176 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 02:25 . 2006-10-30 02:25 194320 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-29 22:14 . 2006-10-29 22:14 163328 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-29 22:15 . 2006-10-29 22:15 220672 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 454144 c:\windows\Installer\45ad15.msi
+ 2010-03-04 16:55 . 2010-03-04 16:55 472576 c:\windows\Installer\45ad10.msi
+ 2010-03-04 16:52 . 2010-03-04 16:52 525824 c:\windows\Installer\45ad06.msi
+ 2010-03-04 16:51 . 2010-03-04 16:51 867840 c:\windows\Installer\45ad01.msi
+ 2010-03-04 17:53 . 2010-03-04 17:53 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ad4b96ab3f3d88448b5d714fa16c9c2d\WsatConfig.ni.exe
+ 2010-03-04 17:53 . 2010-03-04 17:53 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a1e1760364a6454a843e17dab40aee1c\WindowsFormsIntegration.ni.dll
+ 2010-03-04 16:53 . 2010-03-04 16:53 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\157595c63a5a87459831e0bb6e1e460c\UIAutomationTypes.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\636515ec3975dc4bb9b25414254c423d\UIAutomationClient.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f8e67e208b88a34f9db1371fe20a22c8\System.ServiceProcess.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01d6d4a5f8e3f842879cb8607c9c6559\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 815104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e5f2e666aa2f6041905f3f0c41951428\System.Runtime.Remoting.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 655360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\7d956baf5750394b98c8fb88eac5e41f\System.Messaging.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 425984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\c533e6fa1ad99442ae9d4feab09be592\System.IO.Log.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 995328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f79c7703ce041d43b84bc1c80f512a59\System.IdentityModel.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\871aee08ac727c44b9003435e49bc73c\System.IdentityModel.Selectors.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\a2e8b38a9ae2894384271168ae057e56\System.Configuration.Install.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 262144 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\d34dfd0c80daf645a693c83a1c0cffa1\sysglobl.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 323584 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\47b7fb8b28a07f4e98f231e6266fb547\SMSvcHost.ni.exe
+ 2010-03-04 17:53 . 2010-03-04 17:53 286720 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b3e03d9713bc494da4852c955edf9cf4\SMDiagnostics.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\52b0d7c0c7c6af458a3d4ec5ad2e22e3\ServiceModelReg.ni.exe
+ 2010-03-04 16:55 . 2010-03-04 16:55 204800 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b80a41f917d890418a6f496c0ba51570\PresentationFramework.Classic.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b6796c664b2ba240a81b5593bb8e689e\PresentationFramework.Aero.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 266240 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8f10bbc4a56c57449df3d894913654cf\PresentationFramework.Royale.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 548864 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6b82b414d573064daae4e0d9af48488c\PresentationFramework.Luna.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 405504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\5ace86a8bcc8c24cb057bc8738c62f14\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 434176 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\e643c254a0fdfe47902062d2a28dd3bb\ComSvcConfig.ni.exe
+ 2010-03-04 16:52 . 2010-03-04 16:52 372736 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 163840 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 588592 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 159744 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 884736 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 401408 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 897024 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 151552 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 376832 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 126976 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 184320 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 593920 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 352256 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 344064 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 151552 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-09-01 11:08 . 2006-09-01 11:08 1334032 c:\windows\system32\msxml6.dll
+ 2006-10-20 20:30 . 2006-10-20 20:30 1980704 c:\windows\system32\milcore.dll
+ 2006-10-20 13:03 . 2006-10-20 13:03 2628608 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-20 15:09 . 2006-10-20 15:09 4874240 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-30 03:05 . 2006-10-30 03:05 2723840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\WF_3.0_x86.msi
+ 2010-03-04 16:51 . 2010-03-04 16:51 8044544 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\wcf.msi
+ 2006-10-30 02:34 . 2006-10-30 02:34 5623808 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-29 22:19 . 2006-10-29 22:19 1103872 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-29 22:16 . 2006-10-29 22:16 1139712 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-29 22:15 . 2006-10-29 22:15 1621504 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-29 22:17 . 2006-10-29 22:17 1054720 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 1142784 c:\windows\Installer\45ad0b.msi
+ 2010-03-04 16:52 . 2010-03-04 16:52 3289088 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\aca0ea73f68bc442a2cf9d641b27ae7b\WindowsBase.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 1122304 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\cfab22cceefa384cabdf448e8a7d691a\UIAutomationClientsideProviders.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 2064384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\bc41c9ce6066694f908a2f9b9de28f55\System.Workflow.Runtime.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 4599808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c1399c5c26a2b64e9758daf0cf0eb518\System.Workflow.ComponentModel.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 2965504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\c8b925bd3ddfb64084d2c055ee1113b5\System.Workflow.Activities.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 2043904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\db0bff2aa9d7da44bf93b507d58b7123\System.Speech.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 2371584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d9edd4543578004290a8d30c1294b7b2\System.Runtime.Serialization.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 1052672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f3ee11ed5a81d8418ac898c7347eadc9\System.Printing.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 2703360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\b04f363b7a6cb841aff9f5446e120a80\System.Data.SqlXml.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1bac9378ce5f014eb018a310118024c4\System.Data.OracleClient.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 2338816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\f5c647ebeab23543ba5cb4f7d0196b67\ReachFramework.ni.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 1757184 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51427bcc37be174eb057b2e19255d8a6\PresentationUI.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 1576960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4707d8aa927d9f4cb7fd490f72971c79\PresentationBuildTasks.ni.dll
+ 2010-03-04 17:53 . 2010-03-04 17:53 1069056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf1f40b7a8e66c40a6e6f588db657881\Microsoft.Transactions.Bridge.ni.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 1167360 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 1641272 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-03-04 16:55 . 2010-03-04 16:55 1108784 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-03-04 16:51 . 2010-03-04 16:51 5623808 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 4972544 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-03-04 16:52 . 2010-03-04 16:52 3915776 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2006-10-30 03:05 . 2006-10-30 03:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2010-03-04 17:53 . 2010-03-04 17:53 17506304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3f6e5f6c78e51640bcbbb778e88694d9\System.ServiceModel.ni.dll
+ 2010-03-04 16:54 . 2010-03-04 16:54 14643200 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe700d4168143429088e24db6ddf9a3\PresentationFramework.ni.dll
+ 2010-03-04 16:53 . 2010-03-04 16:53 12038144 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef980bd657111a4c9344de7f32dcadc1\PresentationCore.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"ATITool"="c:\program files\ATITool\ATITool.exe" [2007-06-21 3119616]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-18 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8287:TCP"= 8287:TCP:BitComet 8287 TCP
"8287:UDP"= 8287:UDP:BitComet 8287 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.1.2009 18:55 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.1.2009 18:55 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [5.9.2007 12:36 35840]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [7.10.2007 13:50 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [7.10.2007 13:23 64896]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 15:08 8704]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {B21E05E9-9AD3-4797-9F13-44ECC7568F96} = 212.80.70.2,212.80.66.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 14:39
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-03-05 14:42:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-05 13:42

Před spuštěním: Volných bajtů: 93 494 620 160
Po spuštění: Volných bajtů: 93 516 689 408

- - End Of File - - 1A3729924654CBE0828156ED92A9E1A9

tady je ten odkaz na virustotal:http://www.virustotal.com/cs/analisis/e2e246d93e217f68dd7035580ee127dfa19402095dd7de9a3c57d936ec427673-1266176544

Příspěvekod **jaro3** » 06 bře 2010 11:36

Ještě jeden script:

Kód: Vybrat vše

DDS::
uStart Page = hxxp://eu.ask.com?o=15383&l=dis

Vlož sem oba logy z Combofixu a nový log z HJT.

Autorun:

Klikni pravým na odkaz : M-Autorun
Vyber uložit cíl jako.....Ulož si ho na plochu.
Potom na něj poklepat a potvrdit do registru.
Restart PC.

Nebo:
http://majorgeeks.com/downloadget.php?i ... 1888e3e444
( spustit postupně obě ikony)

prosim o kontrolu logu Vyřešeno

prosim o kontrolu logu Vyřešeno

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Kdo je online