Prosím o kontrolu :)

[Hikari]

Na požádání, aby se vyřešilo něco jiné sem dávám toto ..

Logfile of HijackThis v1.99.1
Scan saved at 21:25:24, on 5.6.2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\RegDoctor\RegDoctor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Karoll\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TC UP] "C:\Program Files\TC UP\TC UP.exe" /wnd=min
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RegDoctor] "C:\Program Files\RegDoctor\RegDoctor.exe" -Quick
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Služba Google Update (gupdate1c9ae46cb4f0301) (gupdate1c9ae46cb4f0301) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Reklama]

[Damned]

Z mého pozpisu si stáhni novější HJT a log udělej z něho.
Máš tam MbAM, aktualizuj ho, spusť rychlý sken a vlož sem také log

[Hikari]

Stáhnuto vloženo a MbAm taky :)

Hijacthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:42, on 5.6.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\RegDoctor\RegDoctor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TC UP] "C:\Program Files\TC UP\TC UP.exe" /wnd=min
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RegDoctor] "C:\Program Files\RegDoctor\RegDoctor.exe" -Quick
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Služba Google Update (gupdate1c9ae46cb4f0301) (gupdate1c9ae46cb4f0301) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5468 bytes

mbam :

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4170

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5.6.2010 22:23:30
mbam-log-2010-06-05 (22-23-30).txt

Typ skenu: Rychlý sken
Skenované objekty: 121170
Uplynulý čas: 7 minuta(y), 32 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Hikari]

Edit : double Srry

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Hikari]

Okáá tak hotovo :) combofix mi opravil i nějaké chybičky ^^ (nešla změnit plocha a ikonky složek a obrázků nebyly vidět)
edit : ááá !! ono mi to opravilo to co už přes týden řeším v jinem topicu *-*zázrak

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\system
c:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-05 do 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-05 21:16 . 2010-06-05 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-05 20:25 . 2010-06-05 20:25 388096 ----a-r- c:\users\Karol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-05 20:25 . 2010-06-05 20:25 -------- d-----w- c:\program files\Trend Micro
2010-06-05 17:57 . 2010-06-05 18:00 -------- d-----w- c:\programdata\Symantec
2010-06-05 17:57 . 2010-06-05 17:57 -------- d-----w- c:\programdata\Norton
2010-06-05 17:57 . 2010-06-05 17:57 -------- d-----w- c:\windows\system32\drivers\NSS
2010-06-05 17:57 . 2010-06-05 17:57 -------- d-----w- c:\program files\Norton Security Scan
2010-06-05 17:57 . 2010-06-05 17:57 -------- d-----w- c:\programdata\NortonInstaller
2010-06-05 17:57 . 2010-06-05 17:57 -------- d-----w- c:\program files\NortonInstaller
2010-06-05 17:56 . 2010-06-05 17:56 -------- d-----w- c:\windows\system32\Adobe
2010-06-05 17:41 . 2010-06-05 17:41 -------- d-----w- c:\program files\VS Revo Group
2010-06-05 16:36 . 2010-06-05 16:36 -------- d-----w- c:\program files\CCleaner
2010-06-05 16:24 . 2010-06-05 16:24 -------- d-----w- c:\users\Karol\AppData\Roaming\Uniblue
2010-06-05 16:24 . 2010-06-05 16:24 -------- d-----w- c:\program files\Uniblue
2010-06-03 22:06 . 2010-06-03 22:06 -------- d-----w- c:\program files\ScreenShots
2010-06-01 09:50 . 2010-06-01 09:50 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-01 09:50 . 2010-06-01 09:50 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-05-26 10:20 . 2010-05-26 10:20 -------- d-----w- C:\$AVG
2010-05-25 22:52 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-16 21:08 . 2010-05-16 21:08 -------- d-----w- c:\users\Karol\AppData\Local\Downloaded Installations
2010-05-16 20:40 . 2010-05-16 21:11 -------- d-----w- c:\temp\ACDSee Pro 2.5 Build 335_CZ
2010-05-16 12:45 . 2010-05-16 12:45 -------- d-----w- c:\program files\RegDoctor
2010-05-16 12:45 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-05-16 12:45 . 1999-08-02 15:11 57344 ----a-w- c:\windows\system32\CGZipLibrary.DLL
2010-05-16 12:22 . 2010-05-15 08:27 1894504 ----a-w- c:\temp\regsetup.exe
2010-05-16 12:20 . 2010-05-16 20:40 -------- d-----w- C:\TEMP
2010-05-16 10:20 . 2010-05-16 10:20 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-16 10:17 . 2010-05-16 10:19 -------- d-----w- c:\users\Karol\{49665f9c-df1d-4618-bebc-870a01a52f92}
2010-05-16 09:56 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-15 13:34 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-15 13:34 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-14 19:48 . 2010-05-14 19:48 -------- d-----w- c:\program files\RegVac Registry Cleaner
2010-05-14 18:18 . 2010-05-27 03:00 -------- d-----w- c:\users\Karol\AppData\Roaming\MxBoost
2010-05-13 19:33 . 2010-06-05 20:54 -------- d-----w- c:\users\Karol\AppData\Roaming\ICQ
2010-05-13 17:51 . 2010-05-13 17:51 -------- d-----w- c:\users\Karol\AppData\Local\GHISLER
2010-05-13 17:33 . 2010-05-13 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-13 17:32 . 2010-06-05 20:52 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-13 17:32 . 2010-05-13 17:32 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-13 17:32 . 2010-05-13 17:32 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-05-13 17:32 . 2010-06-01 09:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-13 17:32 . 2010-05-13 17:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-13 17:32 . 2010-06-01 09:49 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-13 17:32 . 2010-05-13 17:32 -------- d-----w- c:\program files\AVG
2010-05-13 17:32 . 2010-05-13 17:32 -------- d-----w- c:\programdata\avg9
2010-05-13 17:26 . 2010-05-13 17:26 -------- d-----w- c:\users\Karol\AppData\Roaming\HEXelon
2010-05-13 17:25 . 2010-05-14 19:04 -------- d-----w- c:\program files\TC UP
2010-05-13 14:50 . 2010-05-07 16:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-13 14:50 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-13 14:50 . 2010-05-07 16:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-05-13 14:50 . 2010-05-13 14:50 -------- d-----w- c:\users\Karol\AppData\Roaming\TuneUp Software
2010-05-13 14:50 . 2010-05-13 14:50 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-13 14:49 . 2010-05-13 14:50 -------- d-----w- c:\programdata\TuneUp Software
2010-05-13 14:49 . 2010-05-13 14:49 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-12 18:41 . 2010-06-05 17:48 -------- d-----w- c:\users\Karol\AppData\Local\LogMeIn
2010-05-12 18:41 . 2009-09-28 17:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-05-12 18:41 . 2009-09-28 17:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-05-12 18:41 . 2009-09-28 17:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-05-12 18:41 . 2008-08-11 10:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-05-12 18:41 . 2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-12 16:34 . 2010-05-12 16:34 -------- d-----w- c:\users\Karol\AppData\Roaming\Malwarebytes
2010-05-12 16:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 16:34 . 2010-05-12 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 16:34 . 2010-05-12 16:34 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 16:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 16:29 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-09 01:24 . 2010-05-09 01:24 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-09 01:22 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-09 01:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-09 01:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-09 01:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-09 01:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-09 01:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-09 01:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-08 10:32 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-08 10:32 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-08 10:32 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-07 16:46 . 2010-05-07 16:46 -------- d-----w- c:\windows\system32\ca-ES
2010-05-07 16:46 . 2010-05-07 16:46 -------- d-----w- c:\windows\system32\eu-ES
2010-05-07 16:46 . 2010-05-07 16:46 -------- d-----w- c:\windows\system32\vi-VN

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 20:58 . 2010-05-04 11:59 48175 ----a-w- c:\programdata\nvModes.dat
2010-06-05 20:58 . 2009-03-26 19:11 -------- d-----w- c:\program files\Google
2010-06-05 20:40 . 2009-09-17 05:29 -------- d-----w- c:\program files\Metin2_CZ
2010-06-05 19:47 . 2008-10-20 15:23 1 ----a-w- c:\users\Karol\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 19:25 . 2008-08-12 19:42 -------- d-----w- c:\users\Karol\AppData\Roaming\Skype
2010-06-05 16:52 . 2008-08-12 19:44 -------- d-----w- c:\users\Karol\AppData\Roaming\skypePM
2010-06-05 16:38 . 2009-08-31 01:07 -------- d-----w- c:\program files\MediaMonkey
2010-06-05 10:24 . 2008-10-01 17:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 20:47 . 2008-11-22 14:25 -------- d-----w- c:\users\Karol\AppData\Roaming\uTorrent
2010-05-24 17:00 . 2007-01-02 08:57 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-05-24 17:00 . 2007-01-02 08:57 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 10:19 . 2007-01-02 01:13 -------- d-----w- c:\programdata\NVIDIA
2010-05-15 15:30 . 2008-12-06 23:09 1356 ----a-w- c:\users\Karol\AppData\Local\d3d9caps.dat
2010-05-13 17:28 . 2008-07-25 21:06 194696 ----a-w- c:\users\Karol\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-13 14:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-13 03:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-09 10:34 . 2008-12-23 01:05 -------- d-----w- c:\program files\Opera
2010-05-09 01:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-09 01:23 . 2010-05-09 01:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-09 01:23 . 2010-05-09 01:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-09 01:23 . 2007-01-02 01:23 -------- d-----w- c:\program files\Common Files\Java
2010-05-09 01:22 . 2007-01-02 01:23 -------- d-----w- c:\program files\Java
2010-05-07 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-07 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-07 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-07 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-07 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-06 08:36 . 2010-05-05 17:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 22:38 . 2007-01-02 01:24 -------- d-----w- c:\program files\Microsoft Works
2010-05-04 11:57 . 2010-05-04 11:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-03 06:13 . 2008-12-31 14:13 -------- d-----w- c:\program files\PhotoFiltre Studio
2010-04-18 19:50 . 2010-04-18 19:50 -------- d-----w- c:\users\Karol\AppData\Roaming\RenPy
2010-04-17 16:44 . 2010-03-10 22:02 -------- d-----w- c:\users\Karol\AppData\Roaming\Hamachi
2010-04-17 12:23 . 2009-11-15 15:33 -------- d-----w- c:\programdata\PMB Files
2010-04-12 20:18 . 2010-04-12 20:18 -------- d-----w- c:\program files\Mp3 Knife
2010-04-09 13:50 . 2008-08-22 06:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 14:54 . 2007-01-02 01:07 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\31549\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\31549\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\31549\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\31549\AcrobatUpdater.exe
2010-03-10 22:39 . 2010-03-12 15:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-10-26 18:16 . 2008-10-26 14:03 24 --sh--w- c:\windows\S9E06962E.tmp
2008-09-06 21:16 . 2008-08-12 21:14 88 --sha-r- c:\windows\System32\AC967F493A.sys
2008-09-06 21:16 . 2008-08-12 21:09 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-01-02 09:33 . 2007-01-02 08:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"TC UP"="c:\program files\TC UP\TC UP.exe" [2009-10-04 37376]
"RegDoctor"="c:\program files\RegDoctor\RegDoctor.exe" [2007-08-14 2256896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Karol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-01 09:49 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-11-15 15:33 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 01:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):14,ab,fc,e1,05,ee,ca,01

R2 gupdate1c9ae46cb4f0301;Služba Google Update (gupdate1c9ae46cb4f0301);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-05-13 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-13 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-13 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-01 242896]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-13 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-13 308064]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-05-13 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-05-13 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-05-13 27144]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2008-08-11 12192]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 19:12]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 19:12]

2010-06-05 c:\windows\Tasks\Norton Security Scan for Karol.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 10:50]

2010-06-05 c:\windows\Tasks\User_Feed_Synchronization-{A8E8DE0C-CA34-448C-B010-85D20CB4890F}.job
- c:\windows\system32\msfeedssync.exe [2010-05-05 04:54]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\6nq7s6fk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-svchost - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 23:16
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0\OpenWithList]
@Class="Shell"
"MRUList"="a"
"a"="wmplayer.exe"

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0\OpenWithProgids]
")???????magnet?????????_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000_Classes\)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000_Classes\)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000_Classes\)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"

[HKEY_USERS\S-1-5-21-2734975228-3758529289-1971672716-1000_Classes\)*0†0ˆ0†0c0z00m*a*g*n*e*t*Lkc0f00_00+sH’0_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
.
Celkový čas: 2010-06-05 23:19:42
ComboFix-quarantined-files.txt 2010-06-05 21:19

Před spuštěním: Volných bajtů: 172 032 131 072
Po spuštění: Volných bajtů: 172 082 753 536

- - End Of File - - D17BD8C83F6408DB99BBB8058317B161

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\Tasks\Norton Security Scan for Karol.job
c:\users\Karol\AppData\Local\d3d9caps.dat
c:\windows\S9E06962E.tmp
c:\windows\System32\AC967F493A.sys
c:\windows\System32\KGyGaAvL.sys

Driver::
KGyGaAvL
AC967F493A
VD_FileDisk

Folder::
c:\programdata\Symantec
c:\programdata\Norton
c:\windows\system32\drivers\NSS
c:\program files\Norton Security Scan
c:\programdata\NortonInstaller
c:\program files\NortonInstaller

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.pc-help.cz/"

Rootkit::
c:\windows\System32\KGyGaAvL.sys




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Hikari]

Tak jsem to udělala.. vše probíhalo v ph a když bylo ,,mažu složky" (nbo tk nějak) tak se to seklo.. bylo vidět jenom okno příkazovýho řádku v kterym byl spuštěn combofix a ikonky na ploše lišta atak.. myší se hýbat dalo tak jsem počkala (čekala jsem skoro přesnou hodinu) a nic .. najednou nešlo hejbat ani myší (pc se sekl) musela sem ho natvrdo restartovat, když teďka spustím combofix nebo nedej bože zkusím to co jsi napsal dříve sekne se pc.. nebo se nic neděje :/ ...

[Damned]

A při čem se to sekne? Napíše konkrétní složku?

[Hikari]

Pro upřesnění jsem to zkoušela znova.. skončila jsem u ,,dokončena fáze 50", včera jsem se dostala dál ://

[Damned]

Zkusíme to popořadě.
Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si nový ComboFix podle pokynů výše a ulož si ho na Plochu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\S9E06962E.tmp
c:\windows\System32\AC967F493A.sys
c:\windows\System32\KGyGaAvL.sys

Driver::
KGyGaAvL
AC967F493A
VD_FileDisk



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu