Pomůže mi prosím někdo s viry?

Příspěvekod **jaro3** » 26 dub 2009 19:35

Podle toho screenu klikni levým jednou na složku SvcHost a pošli mi screen ( i z pravé strany).

Chtěl jsem ještě log z OTListIt2.

Reklama

Fanthomas · Příspěvekod **Fanthomas** » 26 dub 2009 19:50

Myslel jsem že ten OTListIt2.exe mám udělat až po tom registru.

Možná by Ti ještě mohlo toto něco prozradit. Dřív jsem bez konzultace s experty tady na foru v MbAM dal do karantény několik napadení.

OTListIt logfile created on: 26.4.2009 19:42:23 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tomas\Plocha\Bezpečnost
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,48 Mb Total Physical Memory | 468,11 Mb Available Physical Memory | 45,74% Memory free
2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98,54 Gb Total Space | 83,13 Gb Free Space | 84,36% Space Free | Partition Type: NTFS
Drive D: | 98,54 Gb Total Space | 14,02 Gb Free Space | 14,23% Space Free | Partition Type: NTFS
Drive E: | 35,81 Gb Total Space | 30,51 Gb Free Space | 85,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TP
Current User Name: Tomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007.09.29 04:56:32 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006.11.03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007.09.29 04:56:32 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007.02.06 18:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
PRC - [2008.10.24 21:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.04.20 21:32:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.04.14 05:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007.02.26 16:03:02 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008.10.24 21:50:00 | 01,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.09.23 15:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009.02.07 06:16:54 | 01,286,656 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\Hardcopy\hardcopy.exe
PRC - [2007.10.18 17:35:29 | 01,443,328 | ---- | M] (C. Ghisler & Co.) -- C:\wincmd\WINCMD32.EXE
PRC - [2006.11.03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009.04.26 19:40:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomas\Plocha\Bezpečnost\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007.09.29 04:56:32 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007.09.28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008.10.24 21:56:30 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2008.10.24 21:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008.04.14 05:21:53 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009.04.20 21:32:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007.02.06 18:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007.02.06 18:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2006.11.03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007.01.05 21:57:30 | 00,913,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005.03.09 16:53:00 | 00,042,496 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2007.09.29 05:05:59 | 02,456,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008.10.24 21:45:32 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008.10.24 21:46:24 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys -- (easdrv [System | Running])
DRV - [2008.10.24 21:53:20 | 00,073,224 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\epfw.sys -- (epfw [Auto | Running])
DRV - [2008.10.24 21:53:24 | 00,031,240 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running])
DRV - [2008.10.24 21:53:26 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\epfwtdi.sys -- (epfwtdi [System | Running])
DRV - [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007.03.01 18:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007.02.06 18:42:40 | 01,691,808 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Running])
DRV - [2007.02.06 18:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007.02.06 18:45:04 | 00,025,632 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007.02.03 20:32:34 | 00,041,504 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2006.04.24 18:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006.03.22 08:24:00 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006.03.22 08:24:02 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2009.01.11 20:32:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2007.02.03 20:27:15 | 00,014,240 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007.02.03 20:27:27 | 00,938,272 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2004.08.18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007.11.13 12:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008.04.13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Seznam"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.04.20 21:32:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009.04.23 19:34:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009.04.23 19:34:35 | 00,000,000 | ---D | M]

[2008.09.01 20:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\mozilla\Extensions
[2008.09.01 20:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007.11.11 21:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\mozilla\Firefox\Profiles\ih5vf0wz.default\extensions
[2009.04.26 08:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.04.23 19:34:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.04.20 21:33:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.04.23 19:34:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.04.23 19:34:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.11.25 21:23:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008.11.25 21:23:34 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.11.25 21:23:34 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.11.25 21:23:34 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.11.25 21:23:34 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.11.25 21:23:34 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění\Windows Commander 32.lnk = C:\wincmd\WINCMD32.EXE (C. Ghisler & Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2271583734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009.04.26 19:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Seven Zip
[2009.04.26 19:12:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009.04.26 19:09:25 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.04.26 16:45:21 | 00,167,838 | ---- | C] () -- C:\Documents and Settings\Tomas\Plocha\editor registru.jpg
[2009.04.26 11:16:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.04.26 08:32:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.04.26 08:32:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.04.26 08:32:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.04.26 08:32:41 | 00,111,104 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009.04.26 08:32:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.04.26 08:32:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.04.26 08:32:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.04.26 08:32:41 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.04.26 08:30:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.04.26 08:29:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.04.26 08:27:22 | 03,006,230 | R--- | C] () -- C:\Documents and Settings\Tomas\Plocha\ComboFix.exe
[2009.04.25 22:59:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.04.25 22:59:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.04.25 22:59:57 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.04.25 22:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.04.25 22:58:20 | 00,125,246 | ---- | C] () -- C:\Documents and Settings\Tomas\Plocha\SKYpe.jpg
[2009.04.25 21:17:32 | 00,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2009.04.25 21:16:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomas\Plocha\Kontrola
[2009.04.25 21:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009.04.22 19:59:49 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.04.22 19:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009.04.19 19:54:16 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009.04.19 19:54:15 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009.04.19 19:54:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009.04.19 19:54:15 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009.04.19 19:54:14 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009.04.19 19:54:14 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009.04.19 19:54:13 | 00,728,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009.04.19 19:54:13 | 00,709,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009.04.19 19:54:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009.04.19 19:53:54 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009.04.19 19:53:54 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009.04.01 21:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2009.03.31 21:22:20 | 00,000,456 | ---- | C] () -- C:\Documents and Settings\Tomas\Plocha\Zástupce - HijackThis.lnk
[2009.03.30 21:00:13 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009.03.30 21:00:12 | 00,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2009.03.30 21:00:11 | 00,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2009.03.30 21:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2009.03.30 21:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.03.30 20:54:17 | 45,696,336 | ---- | C] () -- C:\Documents and Settings\Tomas\Plocha\mwav.exe
[2008.11.04 20:46:28 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008.03.06 21:46:42 | 00,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.02.11 19:05:11 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.11.26 20:38:05 | 00,000,155 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.10.31 14:50:11 | 00,001,892 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.10.31 14:49:48 | 00,003,933 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2007.10.20 14:39:34 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.10.18 20:10:43 | 00,002,146 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.10.18 18:36:13 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.18 18:01:41 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.10.18 17:34:36 | 00,001,554 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.03.16 14:46:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.03.16 14:24:29 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.02.06 18:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.02.06 18:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005.10.14 12:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.08.18 14:00:00 | 00,000,767 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.18 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999.01.22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009.04.26 19:23:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.04.26 19:03:43 | 00,001,554 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009.04.26 19:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.04.26 19:03:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.04.26 16:51:38 | 02,536,812 | -H-- | M] () -- C:\Documents and Settings\Tomas\Local Settings\Data aplikací\IconCache.db
[2009.04.26 16:45:21 | 00,167,838 | ---- | M] () -- C:\Documents and Settings\Tomas\Plocha\editor registru.jpg
[2009.04.26 11:18:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.04.26 11:17:50 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.04.26 08:27:30 | 03,006,230 | R--- | M] () -- C:\Documents and Settings\Tomas\Plocha\ComboFix.exe
[2009.04.25 23:22:25 | 00,125,246 | ---- | M] () -- C:\Documents and Settings\Tomas\Plocha\SKYpe.jpg
[2009.04.25 22:59:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.04.25 22:11:19 | 00,000,155 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2009.04.25 13:59:03 | 00,111,104 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009.04.24 21:30:49 | 00,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009.04.22 19:56:54 | 00,067,280 | ---- | M] () -- C:\Documents and Settings\Tomas\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.04.22 19:55:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.04.21 07:59:01 | 00,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.04.19 21:04:35 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.04.19 21:04:35 | 00,312,970 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009.04.19 21:04:35 | 00,047,206 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009.04.19 21:04:35 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.04.19 21:04:34 | 00,723,102 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.04.06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009.04.06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.04.06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.03.31 21:22:20 | 00,000,456 | ---- | M] () -- C:\Documents and Settings\Tomas\Plocha\Zástupce - HijackThis.lnk
[2009.03.30 21:00:12 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009.03.30 21:00:11 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2009.03.30 20:58:58 | 45,696,336 | ---- | M] () -- C:\Documents and Settings\Tomas\Plocha\mwav.exe
[2009.03.28 13:54:28 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== LOP Check ==========

[2009.04.26 19:26:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2009.04.26 19:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\~0
[2008.07.08 20:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Adobe
[2007.12.18 19:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CyberLink
[2008.01.16 19:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.03.06 21:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Logishrd
[2008.03.06 21:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Logitech
[2009.03.26 22:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2009.04.22 19:56:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft
[2008.01.11 19:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
[2009.03.30 21:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2008.11.04 21:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nero
[2009.04.01 21:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2007.11.12 20:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Skype
[2009.04.26 19:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.01.11 20:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2007.12.02 19:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2007.03.16 14:43:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Data aplikací
[2007.03.16 13:59:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Data aplikací\Microsoft
[2007.03.16 14:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací
[2007.03.16 13:59:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2007.03.16 14:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací
[2009.04.22 20:16:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.03.31 21:41:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomas\Data aplikací
[2008.11.13 21:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Adobe
[2009.03.07 19:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\BSplayer
[2007.11.26 21:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\BSplayer Pro
[2007.11.17 19:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Bullzip
[2007.10.20 14:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\CyberLink
[2007.12.02 19:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\DivX
[2008.01.16 19:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\ESET
[2009.01.28 21:46:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Google
[2007.11.12 15:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Help
[2007.10.18 16:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Identities
[2007.11.14 23:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Macromedia
[2009.03.26 22:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Malwarebytes
[2008.01.16 20:56:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Tomas\Data aplikací\Microsoft
[2007.10.18 18:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Microsoft Web Folders
[2007.11.11 21:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Mozilla
[2008.11.04 20:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Nero
[2007.10.19 17:55:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomas\Data aplikací\SecuROM
[2009.04.26 19:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Skype
[2008.03.08 21:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\skypePM
[2008.02.12 20:49:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Sun
[2009.02.28 20:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Vso
[2008.11.10 21:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\WinRAR
[2007.10.18 18:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomas\Data aplikací\Zoner
[2004.08.18 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.04.26 19:23:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009.04.26 19:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
< End of report >

Příspěvekod **jaro3** » 26 dub 2009 22:39

Kromě prvních tří můžeš vše z karantény smazat.

Vypni rezidentní ochranu antiviru i antispyware .

spusť opět OTlistit2 , do textového pole zkopíruj obsah z bílého políčka

Kód: Vybrat vše

:otli
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel prezent
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

:commands
[EmptyTemp]

Klikni na RunFix, při případném restartu, by se měl vytvořit log, jeho obsah sem zkopíruj. Pokud se log neotevře, najdeš ho v míste spuštěni OTlistit2.

Fanthomas · Příspěvekod **Fanthomas** » 27 dub 2009 06:44

Takže se to bohužel nepodařilo. Vypnul jsem ESS, SpywareBlaster i WinDefender a několikrát to zkusil, ale pokaždé bez výsledku. Nechal jsem program chvilku běžet, ale vždy to zkončilo tím že program neodpovídá.

Příspěvekod **jaro3** » 27 dub 2009 07:05

Nejspíše jsi to nezkopíroval celé, chybí Ti jak koukám začátek , tam musí být toto:

Kód: Vybrat vše

:otli

Fanthomas · Příspěvekod **Fanthomas** » 27 dub 2009 15:43

Bylo tam vše, zkoušel jsem to pro jistotu ještě jednou. Vypadá to, jako by se to hned u toho prvního zaseklo.

Příspěvekod **jaro3** » 27 dub 2009 18:34

Pokud si tam měl i toto :otli tak nevím , kde je chyba.

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Poté nový Combofix.

Fanthomas · Příspěvekod **Fanthomas** » 27 dub 2009 19:30

Dr. Web Curelt nic nenašel. Našel jsem částečně důvod proč nefungoval ten OTlistit2. V prvním řádku bylo Control Panel prezent a mělo být Control Panel present.

Pak to dojelo až po červeně označený řádek a zase to vytuhlo. Není možný že i v tom červeně označeným je něco špatně?

ComboFix 09-04-25.A3 - Tomas 27.04.2009 19:20.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.469 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 04:19 . 2009-04-27 04:19 -------- d-----w C:\_OTListIt
2009-04-26 17:26 . 2009-04-26 17:26 -------- d-----w c:\documents and settings\Tomas\Local Settings\Data aplikací\Seven Zip
2009-04-26 17:09 . 2009-04-26 17:09 -------- d-----w c:\program files\CCleaner
2009-04-25 20:59 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 20:59 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 20:59 . 2009-04-25 21:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 19:17 . 2009-04-25 19:21 -------- d-----w c:\program files\RegCleaner
2009-04-25 19:07 . 2009-04-26 17:04 -------- d-----w c:\program files\SpywareBlaster
2009-04-22 17:56 . 2009-04-22 17:56 -------- d-----w c:\program files\Windows Defender
2009-04-20 19:33 . 2009-04-20 19:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 17:54 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 17:54 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 17:54 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 17:54 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 17:54 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 17:54 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 17:54 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 17:54 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 17:54 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 17:53 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 17:53 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-01 19:03 . 2009-04-01 19:03 -------- d-----w c:\documents and settings\All Users\Data aplikací\NortonInstaller
2009-03-31 18:25 . 2009-03-31 18:25 -------- d-----w c:\documents and settings\Tomas\DoctorWeb
2009-03-30 19:00 . 2009-03-30 19:00 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-03-30 19:00 . 2009-03-30 19:00 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-03-30 19:00 . 2005-09-22 21:22 522 ----a-w c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-30 19:00 . 2009-03-30 19:00 -------- d-----w c:\program files\Common Files\MicroWorld
2009-03-30 19:00 . 2009-03-30 19:00 -------- d-----w c:\documents and settings\All Users\Data aplikací\MicroWorld

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 17:13 . 2007-11-12 18:47 -------- d-----w c:\documents and settings\Tomas\Data aplikací\Skype
2009-04-27 17:06 . 2009-03-27 16:08 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-26 06:53 . 2009-02-13 08:08 -------- d-----w c:\program files\Hardcopy
2009-04-22 17:56 . 2007-11-13 16:29 67280 ----a-w c:\documents and settings\Tomas\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-20 19:34 . 2008-02-15 09:19 -------- d-----w c:\program files\Java
2009-04-19 19:04 . 2004-08-18 12:00 47206 ----a-w c:\windows\system32\perfc005.dat
2009-04-19 19:04 . 2004-08-18 12:00 312970 ----a-w c:\windows\system32\perfh005.dat
2009-04-01 19:03 . 2007-03-16 12:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-27 16:59 . 2007-12-01 16:16 -------- d-----w c:\program files\Winamp
2009-03-27 16:06 . 2009-03-27 15:49 -------- d-----w c:\program files\Free Windows Registry Cleaner
2009-03-27 15:47 . 2009-03-27 15:36 -------- d-----w c:\program files\Registry Clean Expert
2009-03-26 20:33 . 2009-03-26 20:33 -------- d-----w c:\documents and settings\Tomas\Data aplikací\Malwarebytes
2009-03-26 20:32 . 2009-03-26 20:32 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-20 12:26 . 2007-10-18 17:30 -------- d-----w c:\program files\GameTop.com
2009-03-13 19:37 . 2009-03-13 19:37 -------- d-----w c:\program files\Codec Pack - All In 1
2009-03-13 19:36 . 2009-03-13 19:37 737280 ----a-w c:\windows\iun6002.exe
2009-03-07 17:15 . 2007-11-26 19:40 -------- d-----w c:\documents and settings\Tomas\Data aplikací\BSplayer
2009-03-06 14:23 . 2004-08-18 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 18:45 . 2008-11-10 19:51 -------- d-----w c:\documents and settings\Tomas\Data aplikací\Vso
2009-02-20 08:12 . 2004-08-18 12:00 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2004-08-18 12:00 81920 -c--a-w c:\windows\system32\ieencode.dll
2009-02-09 14:07 . 2004-08-18 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-18 12:00 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2004-08-18 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-18 12:00 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-18 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-18 12:00 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2004-08-18 12:00 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2004-08-18 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-18 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-11 18:32 . 2008-11-10 19:51 47360 ----a-w c:\documents and settings\Tomas\Data aplikací\pcouffin.sys
2008-03-02 17:11 . 2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-26_06.34.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-27 16:52 . 2009-04-27 16:52 16384 c:\windows\temp\Perflib_Perfdata_208.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-04-20 19:32 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-04-20 19:32 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2009-2-13 1286656]
Windows Commander 32.lnk - c:\wincmd\WINCMD32.EXE [2007-10-18 1443328]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - DwShield000005CA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UlkqaEnpuxv
.
Obsah adresáře 'Naplánované úlohy'

2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\ih5vf0wz.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 19:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\MessengerService]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Run]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)

[HKEY_USERS\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,99,cf,bd,01,69,ff,0e,a0,3b,3a,9f,bd,5f,ec,a5,c7,78,ea,72,f2,08,cd,
9c,2f,e0,a8,64,3a,b3,c7,89,ab,28,12,20,4b,30,d6,9e,29,3b,9b,4a,34,0b,71,6b,\
"??"=hex:6f,78,d6,80,a5,79,1f,fb,6f,a7,34,1e,1d,9f,8c,96
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(588)
c:\program files\Hardcopy\HcDLL2_28_Win32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-04-27 19:22
ComboFix-quarantined-files.txt 2009-04-27 17:21
ComboFix2.txt 2009-04-26 09:20
ComboFix3.txt 2009-04-26 06:35

Před spuštěním: Volných bajtů: 89 419 309 056
Po spuštění: Volných bajtů: 89 420 267 520

187 --- E O F --- 2009-04-19 18:58

Příspěvekod **jaro3** » 27 dub 2009 19:46

Jo je, moje chyba , psal jsem to do wordu a on to přepsal (s na z)...
Chyba je i v tom posledním 07, takže by to mělo být takto:

Kód: Vybrat vše

:otli
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

:commands
[EmptyTemp]

V CF nic není , jen tam straší v Netsvcs ten UlkqaEnpuxv
Zkusím se ještě někde podívat, ale zítra tu asi možná nebudu vůbec, takže přinejhorším pozítří..

Fanthomas · Příspěvekod **Fanthomas** » 27 dub 2009 20:01

Nechávám Dr.Web kompletně skenovat (předtím jen expres)

Prozatím našel toto:

Ten T-Cleaner se nakazil až u mě?

Jakmile mi dojede Dr.Web tak udělám ten log z OTlistit2

Příspěvekod **jaro3** » 27 dub 2009 20:09

T-Cleaner není nákaza , některé antivirové programy a další skenovací programy ho za nákazu mají ( false!)

Ten gui.exe smaž:
http://www.processlibrary.com/directory/files/gui/

Jo udělej celkový sken, ComboFix hledá jen v systémových souborech a v datech aplikací, nemůže obsahovat všechny nákazy v PC.

Fanthomas · Příspěvekod **Fanthomas** » 27 dub 2009 20:30

Tak už to konečně s OTlistit2 vyšlo.

Dr.Web už nic víc nenašel. Takže jsem smazal ten gui.exe (budu muset hledat nějakou jinou PDF tiskárnu :-) , vypnul obnovení systému a restartoval.

========== OTLISTIT ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1460304000-3615762775-1979223112-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:* deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_34c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04272009_202344

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_34c.dat not found!

Registry entries deleted on Reboot...
Registry delete failed. :HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.

Pomůže mi prosím někdo s viry? Vyřešeno

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Re: Pomůže mi prosím někdo s viry?

Kdo je online