Kontrola_logu- Nefunguje Flashplayer Vyřešeno

[iMan543]

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Google Update"="c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"xScanService"="c:\windows\system32\xScanSetup.exe" [2007-06-08 36864]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="d:\videa\Programy\Quick\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Karel Koçśal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Mirror's edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Hry\\The settlers\\base\\bin\\Settlers6.exe"=
"d:\\Videa\\Programy\\ICQ\\ICQ7.0\\ICQ.exe"=
"d:\\Videa\\Programy\\ICQ\\ICQ7.0\\aolload.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Karel Košťal\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Videa\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 10:08 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 13:16 810144]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1ca0c59a356a94e;Služba Google Update (gupdate1ca0c59a356a94e);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2009 13:24 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {7027906B-A0C6-4844-840C-99261386EB87} = 194.228.41.65,194.228.41.113
TCP: {E1168C61-2CEC-4230-9885-89A5FAD28D48} = 194.228.41.65,194.228.41.113
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.122.210.25:8080/activex/AMC.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-MyAshampoo Toolbar - c:\progra~1\MYASHA~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1844823847-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,99,f2,66,b0,87,1c,ec,d2,c5,57,6a,aa,f7,e1,0e,34,4d,04,38,ed,dd,50,
90,04,a6,b7,90,8a,96,97,8f,51,32,50,b3,69,b4,d0,ea,01,3c,ea,51,5b,e6,93,c8,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-823518204-1844823847-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9d,95,48,5c,16,ee,a0,c9,8f,05,f5,6d,68,b2,f8,57,61,38,99,8e,66,
50,ff,82,5a,e3,91,37,3a,9e,dd,47,57,c8,46,3f,fa,4f,02,f2,b4,4b,a4,c6,76,7f,\
"rkeysecu"=hex:6f,e8,72,25,8a,92,c2,89,a1,bd,32,a8,34,77,e3,32
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1196)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3968)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2011-02-27 15:07:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-27 14:07
ComboFix2.txt 2011-02-27 12:49

Před spuštěním: Volných bajtů: 20 032 045 056
Po spuštění: Volných bajtů: 19 914 735 616

- - End Of File - - 6A9E96452718EB4EB1F288CCCB4C49D1

[Reklama]

[memphisto]

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine
c:\program files\ConduitEngine


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[iMan543]

ComboFix 11-02-26.01 - Karel Košťal 27.02.2011 16:49:04.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1345 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel Košťal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel Košťal\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\CacheIcons\http___storage_conduit_com_images_skins_skin_nch_gif.gif
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\EngineSettings.json
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=cs-cz.xml
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=cs-cz.xml
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=cs-cz.xml
c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=cs-cz.xml
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-27 do 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 10:06 . 2011-02-27 10:06 -------- d-----w- c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\Opera
2011-02-27 10:06 . 2011-02-27 10:13 -------- d-----w- c:\program files\Opera
2011-02-27 09:34 . 2011-02-27 09:34 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\Windows Search
2011-02-27 09:23 . 2011-02-27 09:23 -------- d-----w- c:\program files\Common Files\Java
2011-02-27 09:23 . 2011-02-27 09:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-27 09:09 . 2011-02-27 09:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Adobe
2011-02-27 09:05 . 2011-02-27 09:05 -------- d-----w- c:\windows\system32\winrm
2011-02-27 09:05 . 2011-02-27 09:05 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-27 09:05 . 2011-02-27 09:05 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\Windows Desktop Search
2011-02-27 09:04 . 2011-02-27 09:04 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-27 09:04 . 2011-02-27 09:04 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-27 09:03 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-02-27 09:03 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-02-27 09:03 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-02-27 09:02 . 2011-02-27 09:02 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-26 10:41 . 2011-02-26 10:41 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\Malwarebytes
2011-02-26 10:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-26 10:41 . 2011-02-26 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-26 10:41 . 2011-02-26 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 10:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 19:19 . 2011-02-25 19:19 -------- d-----w- c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\Mozilla
2011-02-24 17:43 . 2011-02-24 17:43 -------- d-----w- c:\program files\Common Files\Skype
2011-02-22 15:35 . 2011-02-22 16:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVD Shrink
2011-02-20 20:33 . 2011-02-20 20:33 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\DivX
2011-02-20 12:15 . 2011-02-20 12:15 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\Ashampoo
2011-02-20 12:15 . 2011-02-20 12:15 -------- d-----w- c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\ashampoo
2011-02-20 12:15 . 2011-02-20 12:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ashampoo
2011-02-16 13:53 . 2011-02-21 14:56 -------- d-----w- c:\documents and settings\Karel Košťal\Data aplikací\uTorrent
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 09:23 . 2010-05-29 08:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-18 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-18 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-18 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-05-18 17:14 . 2009-05-18 17:14 7918106 ----a-w- c:\program files\Naviextras_Toolbox_Setup.exe
2009-04-16 06:07 . 2009-04-16 06:07 25786688 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2008-12-12 21:24 . 2008-12-12 21:24 1373090 ----a-w- c:\program files\wrar380b5cz.exe
2008-11-26 17:39 . 2008-11-26 17:38 26032274 ----a-w- c:\program files\Start2008.exe
2008-09-08 08:43 . 2008-09-08 08:43 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2008-09-08 08:37 . 2008-09-08 08:37 5335992 ----a-w- c:\program files\winamp5541_lite_all.exe
2008-09-08 08:23 . 2008-09-08 08:23 10050902 ----a-w- c:\program files\Codecs6030_allin1.exe
2008-09-05 18:55 . 2008-09-05 18:54 22458664 ----a-w- c:\program files\SkypeSetup.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Google Update"="c:\documents and settings\Karel Košťal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"xScanService"="c:\windows\system32\xScanSetup.exe" [2007-06-08 36864]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="d:\videa\Programy\Quick\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Karel Koçśal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Mirror's edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Hry\\The settlers\\base\\bin\\Settlers6.exe"=
"d:\\Videa\\Programy\\ICQ\\ICQ7.0\\ICQ.exe"=
"d:\\Videa\\Programy\\ICQ\\ICQ7.0\\aolload.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"d:\\Hry\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Karel Košťal\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Videa\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 10:08 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 13:16 810144]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
S2 gupdate1ca0c59a356a94e;Služba Google Update (gupdate1ca0c59a356a94e);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2009 13:24 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {7027906B-A0C6-4844-840C-99261386EB87} = 194.228.41.65,194.228.41.113
TCP: {E1168C61-2CEC-4230-9885-89A5FAD28D48} = 194.228.41.65,194.228.41.113
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.122.210.25:8080/activex/AMC.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 17:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1844823847-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,99,f2,66,b0,87,1c,ec,d2,c5,57,6a,aa,f7,e1,0e,34,4d,04,38,ed,dd,50,
90,04,a6,b7,90,8a,96,97,8f,51,32,50,b3,69,b4,d0,ea,01,3c,ea,51,5b,e6,93,c8,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-823518204-1844823847-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9d,95,48,5c,16,ee,a0,c9,8f,05,f5,6d,68,b2,f8,57,61,38,99,8e,66,
50,ff,82,5a,e3,91,37,3a,9e,dd,47,57,c8,46,3f,fa,4f,02,f2,b4,4b,a4,c6,76,7f,\
"rkeysecu"=hex:6f,e8,72,25,8a,92,c2,89,a1,bd,32,a8,34,77,e3,32
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3888)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2011-02-27 17:13:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-27 16:13
ComboFix2.txt 2011-02-27 14:07
ComboFix3.txt 2011-02-27 12:49

Před spuštěním: Volných bajtů: 19 911 180 288
Po spuštění: Volných bajtů: 19 868 667 904

- - End Of File - - B2BE2BB2CA8B68BA697CB31D3796D5D4

[iMan543]

Mám ten počítač hodně zavirovaný??

[memphisto]

Zavirovaný ne, spíše zbytečnosti a pozůstatky po předchozích antivirech, apod.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT
Jak se chová PC?
Přeinstaluj Flash Player

[iMan543]

Reinstal Flashe nepomohl... Vždy když zapnu nějaké video podporujíci Flash, tak při načítání zamrzne počítač a po chvíli zčerná obrazovka úplně a musím počítač natvrdo vypnout

[memphisto]

Jaký máš prohlížeč?

[iMan543]

Explorer a Chrome...jako první mi to začal dělat Chrome...teď už to dělají všechny prohlížeče

[memphisto]

Tohle viry nebude. Obrať se s dotazem do správné sekce. Na tohle odpověď neznám

[iMan543]

OK... zatím to řeším nainstalováním starší verze a Chrome už nepoužívám, protože ten má Flash integrovaný a já nevím jak v něm nainstalovat starší verzi

[iMan543]

Díky za pomoc