Prosim o kontrolu logu,ztratila se moznost usporny rezim Vyřešeno

[busak]

Ahoj, prosim o kontrolu logu,ztratila se mi moznost usporneho rezimu,tacitko je v nabidce vypnout neaktivni.

mailbox:/C|/Documents and Settings/Miroslav/Data aplikací/Thunderbird/Profiles/ddkuu6h9.default/Mail/Local Folders/Trash.sbd/ESET AntispamLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:23, on 23.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Em-date.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Energie pod palcem\hlidac.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [EM-DATE] C:\Program Files\Em-date.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Hlídač] C:\Program Files\Energie pod palcem\hlidac.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download with Rapget - C:\Program Files\rapget141\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9ad81f496ca40) (gupdate1c9ad81f496ca40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5298 bytes

[Reklama]

[jaro3]

Pro kontrolu:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[busak]

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2032
Windows 5.1.2600 Service Pack 2

23.4.2009 22:05:08
mbam-log-2009-04-23 (22-05-03).txt

Typ skenu: Rychlý sken
Objektu skenováno: 66779
Uplynulý cas: 4 minute(s), 39 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochrany u ESS i firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[busak]

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2032
Windows 5.1.2600 Service Pack 2

24.4.2009 20:41:16
mbam-log-2009-04-24 (20-41-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 66735
Uplynulý cas: 5 minute(s), 11 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[busak]

ComboFix 09-04-25.01 - Miroslav 24.04.2009 20:54.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.447 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslav\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))
.

2015-04-02 18:40 . 2000-03-23 22:00 618 ----a-w c:\windows\system32\kernel.exe
2015-04-02 18:39 . 2000-03-23 22:00 206 ----a-w c:\windows\system32\Winsys.t4r
2009-04-20 01:53 . 2009-04-20 01:53 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Malwarebytes
2009-04-20 01:53 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 01:53 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 01:52 . 2009-04-20 01:52 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-19 20:45 . 2009-04-19 20:45 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-19 20:27 . 2000-05-07 23:13 27312 ----a-w c:\windows\system32\drivers\chintps2.sys
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\UC.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\RAR.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\PKZIP.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\LHA.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\ARJ.PIF
2009-04-19 18:54 . 2009-04-19 18:57 1081 ----a-w c:\windows\wincmd.ini
2009-04-18 14:42 . 2009-04-18 14:42 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kristanix Games
2009-04-18 08:44 . 2009-04-18 08:44 26 ----a-w c:\windows\Zone.Identifier
2009-04-13 18:54 . 2009-04-13 19:02 79477 ----a-w c:\windows\hpfins05.dat
2009-04-13 18:54 . 2005-05-24 01:19 1395 ------w c:\windows\hpfmdl05.dat
2009-04-12 10:05 . 2009-04-12 10:05 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Innovative Solutions
2009-04-05 08:55 . 2004-06-10 09:54 286720 ----a-w c:\windows\vsnpstd2.exe
2009-04-05 08:55 . 2004-06-08 16:25 53248 ----a-w c:\windows\system32\dsnpstd2.dll
2009-04-05 08:55 . 2003-04-21 12:09 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-05 08:55 . 2003-01-17 15:35 13023 ----a-w c:\windows\snpstd2.src
2009-04-05 08:55 . 2003-01-17 15:34 15541 ----a-w c:\windows\snpstd2.ini
2009-04-05 08:54 . 2004-07-28 09:49 334080 ----a-w c:\windows\system32\drivers\snpstd2.sys
2009-04-05 08:54 . 2004-06-08 16:57 36864 ----a-w c:\windows\system32\vsnpstd2.dll
2009-04-05 08:54 . 2004-06-08 16:57 36864 ----a-w c:\windows\system32\dsnpstd2.ax
2009-04-05 08:54 . 2004-06-08 16:56 40960 ----a-w c:\windows\system32\rsnpstd2.dll
2009-04-05 08:54 . 2004-02-16 11:59 61440 ----a-w c:\windows\system32\csnpstd2.dll
2009-04-05 08:54 . 2004-06-09 14:00 20480 ----a-w c:\windows\usnpstd2.exe
2009-03-29 20:49 . 2009-03-29 20:49 -------- d-----w c:\documents and settings\All Users\Data aplikací\Veselé Omalovánky 3
2009-03-29 20:40 . 2007-03-05 04:32 201216 ----a-w c:\windows\system32\mediarcpt.dll
2009-03-29 08:15 . 2008-08-26 07:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-03-29 08:15 . 2009-03-29 10:02 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-29 08:14 . 2008-09-15 05:56 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-03-29 08:13 . 2009-03-29 10:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2009-03-29 07:54 . 2009-03-29 07:55 -------- d-----w c:\documents and settings\All Users\Data aplikací\Bluetooth
2009-03-28 15:50 . 2004-08-03 22:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-03-28 12:24 . 2009-03-28 12:24 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\WinZip
2009-03-28 12:23 . 2009-03-28 12:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\WinZip
2009-03-28 12:20 . 2009-03-28 12:20 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Uniblue
2009-03-28 10:59 . 2009-03-28 10:59 -------- d-sh--w c:\windows\ftpcache
2009-03-28 10:06 . 2009-03-28 10:06 14 ----a-w c:\windows\popcinfot.dat
2009-03-28 10:05 . 2009-03-28 10:05 -------- d-----w c:\documents and settings\All Users\Data aplikací\PopCap Games
2009-03-28 09:45 . 2009-03-28 10:07 10 ----a-w c:\windows\popcinfo.dat
2009-03-27 22:39 . 2009-04-05 08:44 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\uTorrent
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 17:05 . 2004-08-17 13:49 219648 ----a-w c:\windows\system32\uxtheme.dll.backup
2009-03-27 17:04 . 2009-03-27 20:35 -------- d--h--w c:\windows\NiwradSoft Shell Pack
2009-03-27 16:27 . 2009-03-27 16:27 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Ahead
2009-03-26 19:16 . 2009-03-26 19:16 -------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2009-03-26 17:05 . 2009-03-26 17:05 -------- d--h--w c:\windows\$hf_mig$
2009-03-26 16:38 . 2009-03-26 16:38 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\ESET
2009-03-26 16:34 . 2009-03-26 16:34 -------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-03-26 02:36 . 2009-03-26 02:36 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-03-25 19:43 . 2009-03-25 19:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-03-25 19:43 . 2009-03-25 19:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-03-25 19:43 . 2009-03-25 19:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-03-25 19:41 . 2009-03-25 20:46 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Google
2009-03-25 19:29 . 2009-03-25 19:29 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Lavasoft
2009-03-25 19:22 . 2009-04-13 05:46 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\esmska
2009-03-25 19:03 . 2009-03-28 12:03 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-02 18:40 . 2015-04-02 18:39 -------- d-----w c:\program files\Energie pod palcem
2009-04-24 15:32 . 2009-03-23 21:15 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-23 19:07 . 2009-03-24 03:11 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Skype
2009-04-23 19:07 . 2009-03-23 20:57 -------- d-----w c:\program files\RapidDown
2009-04-23 19:04 . 2009-03-23 18:56 -------- d-----w c:\program files\Mgutil
2009-04-20 01:53 . 2009-04-20 01:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 01:44 . 2009-04-20 01:44 -------- d-----w c:\program files\Trend Micro
2009-04-19 18:55 . 2009-04-19 18:54 -------- d-----w c:\program files\totalcmd
2009-04-19 07:53 . 2009-03-24 18:34 -------- d-----w c:\program files\Uloz.to Uploader
2009-04-18 14:00 . 2009-03-24 19:24 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-18 13:59 . 2009-03-24 19:26 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\MyPhoneExplorer
2009-04-18 07:10 . 2009-03-24 03:13 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\skypePM
2009-04-13 16:17 . 2009-03-25 15:43 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\HP
2009-04-13 16:17 . 2009-03-23 17:26 21552 ----a-w c:\documents and settings\Miroslav\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-12 10:04 . 2009-04-12 10:04 -------- d-----w c:\program files\Innovative Solutions
2009-04-10 02:11 . 2009-04-10 02:11 -------- d-----w c:\program files\MSECache
2009-04-05 14:22 . 2009-03-25 16:14 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\AIMP
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\program files\BitComet FLV Converter
2009-04-05 09:31 . 2009-04-05 09:31 -------- d-----w c:\program files\Common Files\SWF Studio
2009-04-05 08:55 . 2009-04-05 08:55 -------- d-----w c:\program files\KYE
2009-04-05 08:55 . 2009-04-05 08:54 -------- d-----w c:\program files\Common Files\snpstd2
2009-04-05 08:54 . 2009-03-23 17:50 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 08:44 . 2009-03-28 10:04 -------- d-----w c:\program files\PopCap Games
2009-04-02 19:38 . 2009-03-29 20:39 -------- d-----w c:\program files\Recepty doma
2009-04-02 18:48 . 2009-04-02 18:48 -------- d-----w c:\program files\RealVNC
2009-04-02 18:28 . 2009-03-23 20:25 -------- d-----w c:\program files\QIP Infium
2009-03-29 10:30 . 2009-03-29 10:08 -------- d-----w c:\program files\Common Files\Nokia
2009-03-29 10:08 . 2009-03-29 10:08 -------- d-----w c:\program files\Nokia
2009-03-29 06:43 . 2001-10-25 12:00 68736 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 06:43 . 2001-10-25 12:00 389664 ----a-w c:\windows\system32\perfh005.dat
2009-03-28 15:17 . 2009-03-28 15:16 -------- d-----w c:\program files\IrfanView
2009-03-28 10:39 . 2009-03-28 10:39 -------- d-----w c:\program files\iGO POI Explorer beta
2009-03-28 09:59 . 2009-03-27 21:55 -------- d-----w c:\program files\SuperCleaner
2009-03-28 09:56 . 2009-03-28 09:56 -------- d-----w c:\program files\Green Forest
2009-03-28 09:04 . 2009-03-28 09:03 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 22:40 . 2009-03-27 22:39 -------- d-----w c:\program files\uTorrent
2009-03-27 17:05 . 2004-08-17 13:49 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-26 17:30 . 2009-03-26 17:30 -------- d-----w c:\program files\Verdict Free
2009-03-26 17:12 . 2009-03-23 20:46 -------- d-----w c:\program files\Quick Moto
2009-03-26 16:34 . 2009-03-23 18:49 -------- d-----w c:\program files\ESET
2009-03-26 02:35 . 2009-03-25 19:40 -------- d-----w c:\program files\Google
2009-03-25 22:32 . 2009-03-24 18:29 -------- d-----w c:\program files\Online TV Player 4
2009-03-25 19:22 . 2009-03-25 19:22 -------- d-----w c:\program files\Lavasoft
2009-03-25 19:22 . 2009-03-24 19:19 -------- d--h--w c:\program files\InstallJammer Registry
2009-03-25 19:21 . 2009-03-25 19:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 16:13 . 2009-03-25 16:11 -------- d-----w c:\program files\AIMP2
2009-03-25 16:00 . 2009-03-25 16:00 -------- d-----w c:\program files\Common Files\HP
2009-03-25 16:00 . 2009-03-25 15:51 -------- d-----w c:\program files\HP
2009-03-25 15:57 . 2009-03-25 15:57 -------- d-----w c:\program files\Hewlett-Packard
2009-03-25 15:57 . 2009-03-25 15:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2009-03-25 14:53 . 2009-03-24 18:04 -------- d-----w c:\program files\Dragon
2009-03-25 03:14 . 2009-03-25 03:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-25 03:14 . 2009-03-25 03:14 -------- d-----w c:\program files\Java
2009-03-25 03:12 . 2009-03-25 03:12 1577984 ----a-w C:\Fotoalba nahravac.exe
2009-03-24 19:58 . 2009-03-24 19:58 -------- d-----w c:\program files\IVT Corporation
2009-03-24 19:26 . 2009-03-24 19:23 -------- d-----w c:\program files\MyPhoneExplorer
2009-03-24 19:26 . 2009-03-24 19:26 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-24 18:48 . 2009-03-24 18:48 4096 ----a-w c:\windows\d3dx.dat
2009-03-24 18:42 . 2009-03-24 18:42 -------- d-----w c:\program files\MumboJumbo
2009-03-24 18:28 . 2009-03-24 18:28 -------- d-----w c:\program files\Clobrdo
2009-03-24 18:28 . 2009-03-24 18:28 282624 ----a-r c:\windows\Setup1.exe
2009-03-24 18:28 . 2009-03-24 18:28 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-24 18:28 . 2009-03-24 18:28 102400 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-03-24 18:05 . 2009-03-24 18:05 -------- d-----w c:\documents and settings\All Users\Data aplikací\Meridian93
2009-03-24 18:05 . 2009-03-24 18:05 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Meridian93
2009-03-24 17:59 . 2009-03-24 03:14 -------- d-----w c:\program files\Chroma Crash!
2009-03-24 17:56 . 2009-03-24 17:54 -------- d-----w c:\program files\Mio DigiWalker
2009-03-24 17:54 . 2009-03-23 17:50 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-24 16:12 . 2009-03-24 16:11 -------- d-----w c:\program files\Ahead
2009-03-24 16:11 . 2009-03-24 16:11 -------- d-----w c:\program files\Common Files\Ahead
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----w c:\program files\Common Files\Skype
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----r c:\program files\Skype
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-24 02:43 . 2009-03-23 19:12 -------- d-----w c:\program files\MozBackup
2009-03-23 21:49 . 2009-03-23 21:49 -------- d-----w c:\program files\CCleaner
2009-03-23 21:49 . 2009-03-23 21:49 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-23 21:15 . 2009-03-23 21:15 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Thunderbird
2009-03-23 20:36 . 2009-03-23 20:26 -------- d-----w c:\program files\ICQ6.5
2009-03-23 20:36 . 2009-03-23 20:21 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\ICQ
2009-03-23 20:23 . 2009-03-23 19:13 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\SiteAdvisor
2009-03-23 19:41 . 2009-03-23 19:41 -------- d-----w c:\program files\Runtime Software
2009-03-23 19:13 . 2009-03-23 19:13 -------- d-----w c:\documents and settings\All Users\Data aplikací\McAfee
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Media Player Classic
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-23 17:54 . 2009-03-23 17:53 -------- d-----w c:\program files\SiS VGA Utilities V3.65
2009-03-23 17:38 . 2009-03-23 17:38 -------- d-----w c:\program files\C-Media
2009-03-23 17:33 . 2009-03-23 17:15 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 17:18 . 2009-03-23 17:18 -------- d-----w c:\program files\microsoft frontpage
2009-03-23 17:12 . 2009-03-23 17:12 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 03:34 . 2004-08-17 13:49 981504 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-17 13:49 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-17 13:49 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-17 13:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-17 13:49 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-17 13:49 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-17 13:49 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-17 13:48 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-17 13:49 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2001-10-25 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2002-12-27 14:15 . 2009-03-23 18:27 104960 ----a-w c:\program files\Em-date.exe
.

------- Sigcheck -------

[7] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-17 13:49 577024 CA2BE87B92496E69BC62EFD69F6084B1 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 577024 CA2BE87B92496E69BC62EFD69F6084B1 c:\windows\system32\dllcache\user32.dll

[7] 2004-08-17 13:49 657408 50D263E3454E8357D13BB598129185AD c:\windows\ie8\wininet.dll
[7] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-08 03:34 981504 97C2DC4A0C6F8068424A6CED25983006 c:\windows\system32\wininet.dll
[-] 2009-03-08 03:34 981504 97C2DC4A0C6F8068424A6CED25983006 c:\windows\system32\dllcache\wininet.dll

[7] 2004-08-17 13:57 2059008 E86DD06F2B8F919DDF23F78A3BF2AA23 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-17 13:57 2220160 4D81C816786CF0C9EAFB2E8CB1728602 c:\windows\system32\ntkrnlpa.exe

[7] 2004-08-17 13:45 2183168 12C80E46DCEC9B82473D1B1B9DA1F16B c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-17 13:45 2344320 400FFE8B2F1EC725B9107488A9E0FA60 c:\windows\system32\ntoskrnl.exe

[-] 2004-08-17 13:49 1539584 A5E2D7766A26A60F92C58163093E96F6 c:\windows\explorer.exe
[7] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-17 13:49 1539584 A5E2D7766A26A60F92C58163093E96F6 c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-17 13:49 40448 82B0ED1EE0F3552290749FB80C074835 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 40448 82B0ED1EE0F3552290749FB80C074835 c:\windows\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 40448]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Hlídač"="c:\program files\Energie pod palcem\hlidac.exe" [2005-04-04 569856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM-DATE"="c:\program files\Em-date.exe" [2002-12-27 104960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-03-30 353379]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-19 358632]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 40448]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-23 331776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoGoTo"= 1 (0x1)
"NoOptions"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoBandCustomize"= 1 (0x1)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"Btn_Folders"= 2 (0x2)
"Btn_Favorites"= 2 (0x2)
"Btn_Media"= 2 (0x2)
"Btn_History"= 2 (0x2)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Tools"= 2 (0x2)
"Btn_MailNews"= 2 (0x2)
"Btn_Size"= 2 (0x2)
"Btn_Edit"= 2 (0x2)
"Btn_Discussions"= 2 (0x2)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 2 (0x2)
"Btn_Paste"= 2 (0x2)
"Btn_Encoding"= 2 (0x2)
"Btn_PrintPreview"= 2 (0x2)
"ForceCopyAclwithFile"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate1c9ad81f496ca40;Služba Google Update (gupdate1c9ad81f496ca40);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
R3 uir1100a;uir1100a;c:\windows\system32\DRIVERS\uir1100a.sys [2004-12-01 31048]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 19:41]

2015-04-02 c:\windows\Tasks\User_Feed_Synchronization-{0AF8753F-D0A3-4365-A407-A1DF2A492B23}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download with Rapget - c:\program files\rapget141\rapget.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 20:57
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Celkový čas: 2009-04-24 20:59
ComboFix-quarantined-files.txt 2009-04-24 18:59

Před spuštěním: Volných bajtů: 13 877 506 048
Po spuštění: Volných bajtů: 13 870 141 440

332

[jaro3]

Odinstaluj:
c:\program files\PopCap Games

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\Winsys.t4r
c:\windows\popcinfot.dat
c:\windows\popcinfo.dat
c:\program files\Em-date.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM-DATE"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\kernel.exe
c:\windows\ie8\wininet.dll
c:\windows\system32\mediarcpt.dll
Vlož sem pak odkazy výsledků.

[busak]

http://www.virustotal.com/cs/analisis/b ... e68d81bfe0
http://www.virustotal.com/cs/analisis/2 ... b588aac47a
http://www.virustotal.com/cs/analisis/b ... 7e1034ec67

[busak]

ComboFix 09-04-25.03 - Miroslav 24.04.2009 22:30.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.383 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miroslav\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Em-date.exe
c:\windows\popcinfo.dat
c:\windows\popcinfot.dat
c:\windows\system32\Winsys.t4r
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Em-date.exe
c:\windows\popcinfo.dat
c:\windows\popcinfot.dat
c:\windows\system32\Winsys.t4r

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))
.

2015-04-02 18:40 . 2000-03-23 22:00 618 ----a-w c:\windows\system32\kernel.exe
2009-04-20 01:53 . 2009-04-20 01:53 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Malwarebytes
2009-04-20 01:53 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 01:53 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 01:52 . 2009-04-20 01:52 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-19 20:45 . 2009-04-19 20:45 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-19 20:27 . 2000-05-07 23:13 27312 ----a-w c:\windows\system32\drivers\chintps2.sys
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\UC.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\RAR.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\PKZIP.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\LHA.PIF
2009-04-19 18:54 . 2007-04-11 05:00 545 ----a-w c:\windows\ARJ.PIF
2009-04-19 18:54 . 2009-04-19 18:57 1081 ----a-w c:\windows\wincmd.ini
2009-04-18 14:42 . 2009-04-18 14:42 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kristanix Games
2009-04-18 08:44 . 2009-04-18 08:44 26 ----a-w c:\windows\Zone.Identifier
2009-04-13 18:54 . 2009-04-13 19:02 79477 ----a-w c:\windows\hpfins05.dat
2009-04-13 18:54 . 2005-05-24 01:19 1395 ------w c:\windows\hpfmdl05.dat
2009-04-12 10:05 . 2009-04-12 10:05 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Innovative Solutions
2009-04-05 08:55 . 2004-06-10 09:54 286720 ----a-w c:\windows\vsnpstd2.exe
2009-04-05 08:55 . 2004-06-08 16:25 53248 ----a-w c:\windows\system32\dsnpstd2.dll
2009-04-05 08:55 . 2003-04-21 12:09 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-05 08:55 . 2003-01-17 15:35 13023 ----a-w c:\windows\snpstd2.src
2009-04-05 08:55 . 2003-01-17 15:34 15541 ----a-w c:\windows\snpstd2.ini
2009-04-05 08:54 . 2004-07-28 09:49 334080 ----a-w c:\windows\system32\drivers\snpstd2.sys
2009-04-05 08:54 . 2004-06-08 16:57 36864 ----a-w c:\windows\system32\vsnpstd2.dll
2009-04-05 08:54 . 2004-06-08 16:57 36864 ----a-w c:\windows\system32\dsnpstd2.ax
2009-04-05 08:54 . 2004-06-08 16:56 40960 ----a-w c:\windows\system32\rsnpstd2.dll
2009-04-05 08:54 . 2004-02-16 11:59 61440 ----a-w c:\windows\system32\csnpstd2.dll
2009-04-05 08:54 . 2004-06-09 14:00 20480 ----a-w c:\windows\usnpstd2.exe
2009-03-29 20:49 . 2009-03-29 20:49 -------- d-----w c:\documents and settings\All Users\Data aplikací\Veselé Omalovánky 3
2009-03-29 20:40 . 2007-03-05 04:32 201216 ----a-w c:\windows\system32\mediarcpt.dll
2009-03-29 08:15 . 2008-08-26 07:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-03-29 08:15 . 2009-03-29 10:02 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-29 08:14 . 2008-09-15 05:56 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-03-29 08:13 . 2009-03-29 10:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2009-03-29 07:54 . 2009-03-29 07:55 -------- d-----w c:\documents and settings\All Users\Data aplikací\Bluetooth
2009-03-28 15:50 . 2004-08-03 22:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-03-28 12:24 . 2009-03-28 12:24 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\WinZip
2009-03-28 12:23 . 2009-03-28 12:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\WinZip
2009-03-28 12:20 . 2009-03-28 12:20 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Uniblue
2009-03-28 10:59 . 2009-03-28 10:59 -------- d-sh--w c:\windows\ftpcache
2009-03-28 10:05 . 2009-03-28 10:05 -------- d-----w c:\documents and settings\All Users\Data aplikací\PopCap Games
2009-03-27 22:39 . 2009-04-05 08:44 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\uTorrent
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 22:09 . 2009-03-27 22:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2009-03-27 17:05 . 2004-08-17 13:49 219648 ----a-w c:\windows\system32\uxtheme.dll.backup
2009-03-27 17:04 . 2009-03-27 20:35 -------- d--h--w c:\windows\NiwradSoft Shell Pack
2009-03-27 16:27 . 2009-03-27 16:27 -------- d-----w c:\documents and settings\Miroslav\Local Settings\Data aplikací\Ahead
2009-03-26 19:16 . 2009-03-26 19:16 -------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2009-03-26 17:05 . 2009-03-26 17:05 -------- d--h--w c:\windows\$hf_mig$
2009-03-26 16:38 . 2009-03-26 16:38 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\ESET
2009-03-26 16:34 . 2009-03-26 16:34 -------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-03-26 02:36 . 2009-03-26 02:36 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-02 18:40 . 2015-04-02 18:39 -------- d-----w c:\program files\Energie pod palcem
2009-04-24 20:14 . 2009-03-24 03:11 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Skype
2009-04-24 19:56 . 2009-03-24 03:13 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\skypePM
2009-04-24 19:04 . 2009-03-23 21:15 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-23 19:07 . 2009-03-25 19:22 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\esmska
2009-04-23 19:07 . 2009-03-23 20:57 -------- d-----w c:\program files\RapidDown
2009-04-23 19:04 . 2009-03-23 18:56 -------- d-----w c:\program files\Mgutil
2009-04-20 01:53 . 2009-04-20 01:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 01:44 . 2009-04-20 01:44 -------- d-----w c:\program files\Trend Micro
2009-04-19 18:55 . 2009-04-19 18:54 -------- d-----w c:\program files\totalcmd
2009-04-19 07:53 . 2009-03-24 18:34 -------- d-----w c:\program files\Uloz.to Uploader
2009-04-18 14:00 . 2009-03-24 19:24 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-18 13:59 . 2009-03-24 19:26 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\MyPhoneExplorer
2009-04-13 16:17 . 2009-03-25 15:43 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\HP
2009-04-13 16:17 . 2009-03-23 17:26 21552 ----a-w c:\documents and settings\Miroslav\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-12 10:04 . 2009-04-12 10:04 -------- d-----w c:\program files\Innovative Solutions
2009-04-10 02:11 . 2009-04-10 02:11 -------- d-----w c:\program files\MSECache
2009-04-05 14:22 . 2009-03-25 16:14 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\AIMP
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\program files\BitComet FLV Converter
2009-04-05 09:31 . 2009-04-05 09:31 -------- d-----w c:\program files\Common Files\SWF Studio
2009-04-05 08:55 . 2009-04-05 08:55 -------- d-----w c:\program files\KYE
2009-04-05 08:55 . 2009-04-05 08:54 -------- d-----w c:\program files\Common Files\snpstd2
2009-04-05 08:54 . 2009-03-23 17:50 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 08:44 . 2009-03-28 10:04 -------- d-----w c:\program files\PopCap Games
2009-04-02 19:38 . 2009-03-29 20:39 -------- d-----w c:\program files\Recepty doma
2009-04-02 18:48 . 2009-04-02 18:48 -------- d-----w c:\program files\RealVNC
2009-04-02 18:28 . 2009-03-23 20:25 -------- d-----w c:\program files\QIP Infium
2009-03-29 10:30 . 2009-03-29 10:08 -------- d-----w c:\program files\Common Files\Nokia
2009-03-29 06:43 . 2001-10-25 12:00 68736 ----a-w c:\windows\system32\perfc005.dat
2009-03-29 06:43 . 2001-10-25 12:00 389664 ----a-w c:\windows\system32\perfh005.dat
2009-03-28 15:17 . 2009-03-28 15:16 -------- d-----w c:\program files\IrfanView
2009-03-28 10:39 . 2009-03-28 10:39 -------- d-----w c:\program files\iGO POI Explorer beta
2009-03-28 09:59 . 2009-03-27 21:55 -------- d-----w c:\program files\SuperCleaner
2009-03-28 09:56 . 2009-03-28 09:56 -------- d-----w c:\program files\Green Forest
2009-03-28 09:04 . 2009-03-28 09:03 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 22:40 . 2009-03-27 22:39 -------- d-----w c:\program files\uTorrent
2009-03-27 17:05 . 2004-08-17 13:49 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-26 17:30 . 2009-03-26 17:30 -------- d-----w c:\program files\Verdict Free
2009-03-26 17:12 . 2009-03-23 20:46 -------- d-----w c:\program files\Quick Moto
2009-03-26 16:34 . 2009-03-23 18:49 -------- d-----w c:\program files\ESET
2009-03-26 02:35 . 2009-03-25 19:40 -------- d-----w c:\program files\Google
2009-03-25 22:32 . 2009-03-24 18:29 -------- d-----w c:\program files\Online TV Player 4
2009-03-25 19:29 . 2009-03-25 19:29 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Lavasoft
2009-03-25 19:22 . 2009-03-25 19:22 -------- d-----w c:\program files\Lavasoft
2009-03-25 19:22 . 2009-03-24 19:19 -------- d--h--w c:\program files\InstallJammer Registry
2009-03-25 19:21 . 2009-03-25 19:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 16:13 . 2009-03-25 16:11 -------- d-----w c:\program files\AIMP2
2009-03-25 16:00 . 2009-03-25 16:00 -------- d-----w c:\program files\Common Files\HP
2009-03-25 16:00 . 2009-03-25 15:51 -------- d-----w c:\program files\HP
2009-03-25 15:57 . 2009-03-25 15:57 -------- d-----w c:\program files\Hewlett-Packard
2009-03-25 15:57 . 2009-03-25 15:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2009-03-25 14:53 . 2009-03-24 18:04 -------- d-----w c:\program files\Dragon
2009-03-25 03:14 . 2009-03-25 03:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-25 03:14 . 2009-03-25 03:14 -------- d-----w c:\program files\Java
2009-03-25 03:12 . 2009-03-25 03:12 1577984 ----a-w C:\Fotoalba nahravac.exe
2009-03-24 19:58 . 2009-03-24 19:58 -------- d-----w c:\program files\IVT Corporation
2009-03-24 19:26 . 2009-03-24 19:23 -------- d-----w c:\program files\MyPhoneExplorer
2009-03-24 19:26 . 2009-03-24 19:26 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-24 18:48 . 2009-03-24 18:48 4096 ----a-w c:\windows\d3dx.dat
2009-03-24 18:42 . 2009-03-24 18:42 -------- d-----w c:\program files\MumboJumbo
2009-03-24 18:28 . 2009-03-24 18:28 -------- d-----w c:\program files\Clobrdo
2009-03-24 18:28 . 2009-03-24 18:28 282624 ----a-r c:\windows\Setup1.exe
2009-03-24 18:28 . 2009-03-24 18:28 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-24 18:28 . 2009-03-24 18:28 102400 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-03-24 18:05 . 2009-03-24 18:05 -------- d-----w c:\documents and settings\All Users\Data aplikací\Meridian93
2009-03-24 18:05 . 2009-03-24 18:05 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Meridian93
2009-03-24 17:59 . 2009-03-24 03:14 -------- d-----w c:\program files\Chroma Crash!
2009-03-24 17:56 . 2009-03-24 17:54 -------- d-----w c:\program files\Mio DigiWalker
2009-03-24 17:54 . 2009-03-23 17:50 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-24 16:12 . 2009-03-24 16:11 -------- d-----w c:\program files\Ahead
2009-03-24 16:11 . 2009-03-24 16:11 -------- d-----w c:\program files\Common Files\Ahead
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----w c:\program files\Common Files\Skype
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----r c:\program files\Skype
2009-03-24 03:11 . 2009-03-24 03:11 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-24 02:43 . 2009-03-23 19:12 -------- d-----w c:\program files\MozBackup
2009-03-23 21:49 . 2009-03-23 21:49 -------- d-----w c:\program files\CCleaner
2009-03-23 21:49 . 2009-03-23 21:49 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-23 21:15 . 2009-03-23 21:15 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Thunderbird
2009-03-23 20:36 . 2009-03-23 20:26 -------- d-----w c:\program files\ICQ6.5
2009-03-23 20:36 . 2009-03-23 20:21 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\ICQ
2009-03-23 20:23 . 2009-03-23 19:13 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\SiteAdvisor
2009-03-23 19:41 . 2009-03-23 19:41 -------- d-----w c:\program files\Runtime Software
2009-03-23 19:13 . 2009-03-23 19:13 -------- d-----w c:\documents and settings\All Users\Data aplikací\McAfee
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\documents and settings\Miroslav\Data aplikací\Media Player Classic
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-23 17:54 . 2009-03-23 17:53 -------- d-----w c:\program files\SiS VGA Utilities V3.65
2009-03-23 17:38 . 2009-03-23 17:38 -------- d-----w c:\program files\C-Media
2009-03-23 17:33 . 2009-03-23 17:15 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 17:18 . 2009-03-23 17:18 -------- d-----w c:\program files\microsoft frontpage
2009-03-23 17:12 . 2009-03-23 17:12 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 03:34 . 2004-08-17 13:49 981504 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-17 13:49 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-17 13:49 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-17 13:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-17 13:49 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-17 13:49 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-17 13:49 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-17 13:48 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-17 13:49 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2001-10-25 12:00 156160 ----a-w c:\windows\system32\msls31.dll
.

------- Sigcheck -------

[7] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-17 13:49 577024 CA2BE87B92496E69BC62EFD69F6084B1 c:\windows\system32\user32.dll
[-] 2004-08-17 13:49 577024 CA2BE87B92496E69BC62EFD69F6084B1 c:\windows\system32\dllcache\user32.dll

[7] 2004-08-17 13:49 657408 50D263E3454E8357D13BB598129185AD c:\windows\ie8\wininet.dll
[7] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-08 03:34 981504 97C2DC4A0C6F8068424A6CED25983006 c:\windows\system32\wininet.dll
[-] 2009-03-08 03:34 981504 97C2DC4A0C6F8068424A6CED25983006 c:\windows\system32\dllcache\wininet.dll

[7] 2004-08-17 13:57 2059008 E86DD06F2B8F919DDF23F78A3BF2AA23 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-17 13:57 2220160 4D81C816786CF0C9EAFB2E8CB1728602 c:\windows\system32\ntkrnlpa.exe

[7] 2004-08-17 13:45 2183168 12C80E46DCEC9B82473D1B1B9DA1F16B c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-17 13:45 2344320 400FFE8B2F1EC725B9107488A9E0FA60 c:\windows\system32\ntoskrnl.exe

[-] 2004-08-17 13:49 1539584 A5E2D7766A26A60F92C58163093E96F6 c:\windows\explorer.exe
[7] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-17 13:49 1539584 A5E2D7766A26A60F92C58163093E96F6 c:\windows\system32\dllcache\explorer.exe

[7] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-17 13:49 40448 82B0ED1EE0F3552290749FB80C074835 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 40448 82B0ED1EE0F3552290749FB80C074835 c:\windows\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 40448]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Hlídač"="c:\program files\Energie pod palcem\hlidac.exe" [2005-04-04 569856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-03-30 353379]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-19 358632]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 40448]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-23 331776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoGoTo"= 1 (0x1)
"NoOptions"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoBandCustomize"= 1 (0x1)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"Btn_Folders"= 2 (0x2)
"Btn_Favorites"= 2 (0x2)
"Btn_Media"= 2 (0x2)
"Btn_History"= 2 (0x2)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Tools"= 2 (0x2)
"Btn_MailNews"= 2 (0x2)
"Btn_Size"= 2 (0x2)
"Btn_Edit"= 2 (0x2)
"Btn_Discussions"= 2 (0x2)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 2 (0x2)
"Btn_Paste"= 2 (0x2)
"Btn_Encoding"= 2 (0x2)
"Btn_PrintPreview"= 2 (0x2)
"ForceCopyAclwithFile"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate1c9ad81f496ca40;Služba Google Update (gupdate1c9ad81f496ca40);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
R3 uir1100a;uir1100a;c:\windows\system32\DRIVERS\uir1100a.sys [2004-12-01 31048]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 19:41]

2015-04-02 c:\windows\Tasks\User_Feed_Synchronization-{0AF8753F-D0A3-4365-A407-A1DF2A492B23}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download with Rapget - c:\program files\rapget141\rapget.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 22:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-04-24 22:35
ComboFix-quarantined-files.txt 2009-04-24 20:35
ComboFix2.txt 2009-04-24 18:59

Před spuštěním: Volných bajtů: 13 849 460 736
Po spuštění: Volných bajtů: 13 839 716 352

320

[jaro3]

Pokud si odinstaloval PopCap Games, smaž jeho složku:
c:\program files\PopCap Games

Vlož sem ještě nový log z HJT.

[busak]

PopCap Games bych nerad mazal,protoze to ma mala hru a v tomto a Em Date bych nevydel problem,protoze oba tyto programky jsem uz mel davno pred tim a PC fungovalo bez problemů.Problemy zacaly az jsem se snazil nainstalovat program ETKA 7,to se ztratil spravce uloh,prestala jit volba slozky(po kliknuti pravym mysi na slozku),ale to uz jsem dal pomoci tohoto fora dohromady.Jedine co je zatim nefunkcni tak tlacitko usporny rezim.(start-vypnout pocitac-usporny rezim)

[jaro3]

Hra sama je neškodná , ale co jsem četl tak se do ní stahuje malware, takže se doporučuje odinstalovat.
Dej sem ten log z HJT , dočistíme a pak zkusíme opravit win( ovl. panely).