PC-HELP.CZ

Dobrý den,

v pondělí jsem nainstaloval Hamachi a od té doby mám problémy s compem - nejede net, počítač nejde vypnout. V síťovém připojení v ovládacích panelech přibylo nové připojení k místní síti 3, které tam nemá co dělat. Myslím si, že tam mám nějakého vira. Moc prosím o kontrolu logu z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:40, on 4.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TurboLaunch\TurboLaunch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TurboLaunch.lnk = C:\Program Files\TurboLaunch\TurboLaunch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3709067593
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8056 bytes


Děkuji moc za pomoc!

Měl bych kdyžtak použít bodu obnovení?

Odinstaluj si Ask Bar Dis (nebo Ask Toolbar) a Daemon Tools Toolbar.

S pusť HJT a fixni (zatrhnout políčko před hodnoto a zmáčknout "Fix checked"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Aktualizace se nezdařila, protože mi nefunguje ten net (píšu teď z notebooku). Jo a po nějaké době (asi 10 minut začne ,,papat" aplikace ekrn.exe 90% CPU, nechápu - bere to permanentně. A počítač nejde vypínat ani restartovat, jedině natvrdo. Děkuju Vám opravdu moc, jsem bezradný
Tady je log z MbAM:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2182
Windows 5.1.2600 Service Pack 2

4.6.2009 19:39:37
mbam-log-2009-06-04 (19-39-32).txt

Typ skenu: Rychlý sken
Objektu skenováno: 92710
Uplynulý cas: 5 minute(s), 8 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\program files\HPZUCI12.DLL (Spyware.OnlineGames) -> No action taken.
c:\program files\tls704d.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Log z MbAM:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2182
Windows 5.1.2600 Service Pack 2

4.6.2009 20:40:01
mbam-log-2009-06-04 (20-40-01).txt

Typ skenu: Rychlý sken
Objektu skenováno: 99002
Uplynulý cas: 4 minute(s), 40 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\program files\HPZUCI12.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\tls704d.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.



Log z Combofixu:

ComboFix 09-06-04.01 - Milan 04.06.2009 20:46.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.180 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 18:34 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 18:34 . 2009-06-04 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 18:34 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 16:46 . 2009-06-04 16:48 80948042 ----a-w- c:\windows\hklmSW.reg
2009-06-04 16:45 . 2009-06-04 16:48 4416934 ----a-w- c:\windows\REGBK00.ZIP
2009-06-04 15:58 . 2009-06-04 15:58 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-04 15:55 . 2009-06-04 15:55 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-04 15:55 . 2009-06-04 15:55 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-04 15:55 . 2009-06-04 15:55 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-04 15:55 . 2009-06-04 15:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-04 15:53 . 2009-06-04 15:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 10:27 . 2009-06-03 10:27 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-03 10:27 . 2009-06-03 10:27 -------- d-----w- c:\program files\Hamachi
2009-06-01 21:17 . 2009-06-01 21:17 -------- d-sh--w- C:\FOUND.011
2009-05-30 16:12 . 2003-08-11 06:44 77824 ----a-r- c:\windows\system32\hpovst08.dll
2009-05-30 16:12 . 2003-08-11 06:44 565248 ----a-r- c:\windows\system32\hpotscl.dll
2009-05-30 15:19 . 2009-05-30 16:16 28960 ----a-w- c:\windows\hpoins03.dat
2009-05-30 15:19 . 2003-08-11 06:44 34480 ------w- c:\windows\hpomdl03.dat
2009-05-29 18:40 . 2009-05-29 18:40 -------- d-----w- c:\program files\DVD Shrink
2009-05-21 19:25 . 2009-05-21 19:25 -------- d-sh--w- C:\FOUND.010
2009-05-16 10:38 . 2009-05-16 10:38 -------- d-----w- c:\program files\TI Education
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w- c:\program files\Graphmatica
2009-05-16 08:57 . 2009-05-16 08:57 -------- d-sh--w- C:\FOUND.009
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w- c:\program files\Common Files\HP
2009-05-09 18:10 . 2009-05-09 18:10 43488 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-05-09 16:12 . 2009-05-09 16:12 -------- d-----w- c:\program files\HP
2009-05-09 16:11 . 2009-05-09 16:11 -------- d-----w- c:\program files\util
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Setup
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\enu
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Drivers
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\common
2009-05-09 15:41 . 2009-05-09 15:41 -------- d-----w- c:\temp\HP_WebRelease
2009-05-08 08:44 . 2009-05-08 08:44 0 ----a-w- c:\windows\cpqAssetData.dat
2009-05-07 20:59 . 2009-05-07 20:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-07 20:34 . 2009-05-07 20:34 -------- d-----w- c:\documents and settings\Milan\TopconTools
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- C:\Binaries
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Topcon
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Common Files\Topcon
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 08:44 . 1979-12-31 22:00 70764 ----a-w- c:\windows\system32\perfc005.dat
2009-05-08 08:44 . 1979-12-31 22:00 400378 ----a-w- c:\windows\system32\perfh005.dat
2009-04-26 18:49 . 2009-04-26 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 07:48 . 2009-04-24 07:48 -------- d-----w- c:\program files\iPod
2009-04-24 07:45 . 2009-04-24 07:45 -------- d-----w- c:\program files\iTunes
2009-04-14 18:57 . 2009-04-14 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-14 18:57 . 2009-04-14 18:57 -------- d-----w- c:\program files\Common Files\Skype
2009-03-19 14:32 . 2006-09-19 12:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-01-22 16:27 . 2008-01-22 16:27 8 --sh--w- c:\program files\.drv120405.dat
2008-01-22 16:27 . 2008-01-22 16:27 8 --sh--w- c:\program files\.data211204.dat
2008-01-22 16:27 . 2008-01-22 16:27 8 --sh--w- c:\program files\.data211004.dat
2008-01-22 16:27 . 2008-01-22 16:27 8 --sh--w- c:\program files\.dat000002.dat
2008-01-22 16:27 . 2008-01-22 16:27 8 --sh--w- c:\program files\.dat000001.dat
2007-09-11 14:59 . 2007-09-11 14:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 14:59 . 2007-09-11 14:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 14:55 . 2007-09-11 14:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 14:55 . 2007-09-11 14:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-09-11 14:54 . 2007-09-11 14:54 1821008 ----a-w- c:\program files\instmsiw.exe
2007-09-11 14:54 . 2007-09-11 14:54 1707856 ----a-w- c:\program files\instmsia.exe
2007-09-11 14:54 . 2007-09-11 14:54 4358656 ----a-w- c:\program files\openofficeorg23.msi
2007-09-11 14:54 . 2007-09-11 14:54 217 ----a-w- c:\program files\setup.ini
2007-06-04 18:55 . 2007-06-04 18:55 376 ----a-w- c:\program files\Zástupce - Geus140.lnk
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2006-10-22 86016]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - c:\program files\TurboLaunch\TurboLaunch.exe [2006-3-20 1588736]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\usmt\\migwiz.exe"=
"c:\\Windows\\system32\\mshta.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\GeusISKN\\GeusISKN.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [14.8.2004 15:11 9344]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [14.8.2004 15:11 390400]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [1.1.1980 24000]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1.1.1980 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [24.11.2007 13:39 16269]
S4 Rdgosk;Rdgosk;c:\windows\system32\drivers\wmilib.sys [1.1.1980 4352]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
c:\windows\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}
.
Obsah adresáře 'Naplánované úlohy'

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-= - (no file)
SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\292t6lfa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 20:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c4,23,28,6e,0a,
21,e4,fc,e2,63,26,f1,3f,c8,ff,68,0c,06,54,21,1f,72,30,d1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ec,19,b8,20,e5,
c8,75,7b,6a,9c,d6,61,af,45,84,18,8b,31,da,5a,d1,6c,5f,e4,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7c,41,d5,ca,ec,
c2,ac,b7,ff,7c,85,e0,43,d4,0e,fe,d0,bf,d8,96,37,7f,ef,30,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,02,af,7e,2b,0d,
57,dc,32,86,8c,21,01,be,91,eb,e7,e2,ec,15,a3,16,e9,12,47,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,b0,85,49,df,
f8,c6,aa,f5,1d,4d,73,a8,13,5c,05,db,8c,cb,e6,39,45,20,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,30,e9,9b,7e,56,
c9,12,01,df,20,58,62,78,6b,cf,c8,65,41,17,dd,fa,37,14,59,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,2c,dc,78,22,
4c,98,54,fb,a7,78,e6,12,2f,9a,ea,c5,e1,7c,8f,6d,83,fe,8a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,b8,0b,62,0a,0e,
5e,af,b4,01,3a,48,fc,e8,04,4a,f1,25,3f,07,d5,68,e9,14,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,2e,53,3a,35,
9c,a5,73,f6,0f,4e,58,98,5b,89,c9,c3,7f,7c,cb,83,22,fa,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b6,74,61,47,8d,
e9,8a,66,3d,ce,ea,26,2d,45,aa,78,1a,32,36,42,5e,cf,8e,94,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,fd,26,5b,6c,
a6,fd,15,2a,b7,cc,b5,b9,7f,41,e7,7b,02,49,5d,70,e0,6f,ac,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,35,85,bf,5e,dd,
7e,72,ba,6c,43,2d,1e,aa,22,2f,9c,d8,34,c3,7a,35,75,d4,78,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSSLSRV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSRVC.EXE
c:\windows\SYSTEM32\DVDRAMSV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\PINNACLE\MEDIASERVER\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\BINN\SQLSERVR.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\OODAG.EXE
c:\program files\PINNACLE\SHARED FILES\PROGRAMS\MEDIASERVER\PMSHOST.EXE
.
**************************************************************************
.
Celkový čas: 2009-06-04 21:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-04 19:02

Před spuštěním: Volných bajtů: 24 881 397 760
Po spuštění: Volných bajtů: 24 874 942 464

273 --- E O F --- 2009-05-31 08:10

To hamachi si odinstaloval?

Noooo zkoušel jsem odinstalovat ale nešlo to vůbec, tak jsem ty soubory smazal a smazal je i v registrech. Ale asi je to málo co?

Já jen že v CF jsou vidět ovladače a složka.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
File::
c:\program files\Hamachi
c:\windows\system32\drivers\hamachi.sys
c:\windows\cpqAssetData.dat
c:\windows\system32\ezsidmv.dat
c:\program files\.drv120405.dat
c:\program files\.data211204.dat
c:\program files\.data211004.dat
c:\program files\.dat000002.dat
c:\program files\.dat000001.dat
c:\program files\setup.ini

Driver::
hamachi



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Log z ComboFixu:

ComboFix 09-06-04.01 - Milan 04.06.2009 22:54.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.189 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\program files\.dat000001.dat"
"c:\program files\.dat000002.dat"
"c:\program files\.data211004.dat"
"c:\program files\.data211204.dat"
"c:\program files\.drv120405.dat"
"c:\program files\Hamachi"
"c:\program files\setup.ini"
"c:\windows\cpqAssetData.dat"
"c:\windows\system32\drivers\hamachi.sys"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\.dat000001.dat
c:\program files\.dat000002.dat
c:\program files\.data211004.dat
c:\program files\.data211204.dat
c:\program files\.drv120405.dat
c:\program files\setup.ini
c:\windows\cpqAssetData.dat
c:\windows\system32\drivers\hamachi.sys
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hamachi


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----w- c:\program files\Total Uninstall 5
2009-06-04 19:46 . 2009-06-04 19:46 -------- d-----w- c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP
2009-06-04 18:34 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 18:34 . 2009-06-04 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 18:34 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 16:46 . 2009-06-04 16:48 80948042 ----a-w- c:\windows\hklmSW.reg
2009-06-04 16:45 . 2009-06-04 16:48 4416934 ----a-w- c:\windows\REGBK00.ZIP
2009-06-04 15:58 . 2009-06-04 15:58 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-04 15:55 . 2009-06-04 15:55 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-04 15:55 . 2009-06-04 15:55 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-04 15:55 . 2009-06-04 15:55 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-04 15:55 . 2009-06-04 15:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-04 15:53 . 2009-06-04 15:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 10:27 . 2009-06-03 10:27 -------- d-----w- c:\program files\Hamachi
2009-06-01 21:17 . 2009-06-01 21:17 -------- d-sh--w- C:\FOUND.011
2009-05-30 16:12 . 2003-08-11 06:44 77824 ----a-r- c:\windows\system32\hpovst08.dll
2009-05-30 16:12 . 2003-08-11 06:44 565248 ----a-r- c:\windows\system32\hpotscl.dll
2009-05-30 15:19 . 2009-05-30 16:16 28960 ----a-w- c:\windows\hpoins03.dat
2009-05-30 15:19 . 2003-08-11 06:44 34480 ------w- c:\windows\hpomdl03.dat
2009-05-29 18:40 . 2009-05-29 18:40 -------- d-----w- c:\program files\DVD Shrink
2009-05-21 19:25 . 2009-05-21 19:25 -------- d-sh--w- C:\FOUND.010
2009-05-16 10:38 . 2009-05-16 10:38 -------- d-----w- c:\program files\TI Education
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w- c:\program files\Graphmatica
2009-05-16 08:57 . 2009-05-16 08:57 -------- d-sh--w- C:\FOUND.009
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w- c:\program files\Common Files\HP
2009-05-09 18:10 . 2009-05-09 18:10 43488 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-05-09 16:12 . 2009-05-09 16:12 -------- d-----w- c:\program files\HP
2009-05-09 16:11 . 2009-05-09 16:11 -------- d-----w- c:\program files\util
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Setup
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\enu
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Drivers
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\common
2009-05-09 15:41 . 2009-05-09 15:41 -------- d-----w- c:\temp\HP_WebRelease
2009-05-07 20:59 . 2009-05-07 20:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-07 20:34 . 2009-05-07 20:34 -------- d-----w- c:\documents and settings\Milan\TopconTools
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- C:\Binaries
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Topcon
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Common Files\Topcon
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 08:44 . 1979-12-31 22:00 70764 ----a-w- c:\windows\system32\perfc005.dat
2009-05-08 08:44 . 1979-12-31 22:00 400378 ----a-w- c:\windows\system32\perfh005.dat
2009-04-26 18:49 . 2009-04-26 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 07:48 . 2009-04-24 07:48 -------- d-----w- c:\program files\iPod
2009-04-24 07:45 . 2009-04-24 07:45 -------- d-----w- c:\program files\iTunes
2009-04-14 18:57 . 2009-04-14 18:57 -------- d-----w- c:\program files\Common Files\Skype
2009-03-19 14:32 . 2006-09-19 12:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-09-11 14:59 . 2007-09-11 14:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 14:59 . 2007-09-11 14:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 14:55 . 2007-09-11 14:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 14:55 . 2007-09-11 14:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-09-11 14:54 . 2007-09-11 14:54 1821008 ----a-w- c:\program files\instmsiw.exe
2007-09-11 14:54 . 2007-09-11 14:54 1707856 ----a-w- c:\program files\instmsia.exe
2007-09-11 14:54 . 2007-09-11 14:54 4358656 ----a-w- c:\program files\openofficeorg23.msi
2007-06-04 18:55 . 2007-06-04 18:55 376 ----a-w- c:\program files\Zástupce - Geus140.lnk
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_18.59.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 21:05 . 2009-06-04 21:05 16384 c:\windows\Temp\Perflib_Perfdata_56c.dat
+ 2009-06-04 21:05 . 2009-06-04 21:05 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat
- 2009-06-04 18:59 . 2009-06-04 18:59 49152 c:\windows\Temp\CompiledAdapter.dll
+ 2009-06-04 21:05 . 2009-06-04 21:05 49152 c:\windows\Temp\CompiledAdapter.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 45056 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla51.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla39.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla38.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla37.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla36.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla35.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla33.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla27.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla26.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla25.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla24.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla23.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla22.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla21.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla18.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 26421 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCall.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 125719 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla50.exe
+ 2009-06-04 19:46 . 2009-06-04 19:46 110799 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla49.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 116956 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla48.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110936 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla47.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110797 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla46.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110500 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla44.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111260 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla43.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111269 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla42.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111476 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla41.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2006-10-22 86016]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - c:\program files\TurboLaunch\TurboLaunch.exe [2006-3-20 1588736]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\usmt\\migwiz.exe"=
"c:\\Windows\\system32\\mshta.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\GeusISKN\\GeusISKN.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [14.8.2004 15:11 9344]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [14.8.2004 15:11 390400]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [1.1.1980 24000]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1.1.1980 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [24.11.2007 13:39 16269]
S4 Rdgosk;Rdgosk;c:\windows\system32\drivers\wmilib.sys [1.1.1980 4352]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
c:\windows\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}
.
Obsah adresáře 'Naplánované úlohy'

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-= - (no file)


.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\292t6lfa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 23:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c4,23,28,6e,0a,
21,e4,fc,e2,63,26,f1,3f,c8,ff,68,0c,06,54,21,1f,72,30,d1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ec,19,b8,20,e5,
c8,75,7b,6a,9c,d6,61,af,45,84,18,8b,31,da,5a,d1,6c,5f,e4,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7c,41,d5,ca,ec,
c2,ac,b7,ff,7c,85,e0,43,d4,0e,fe,d0,bf,d8,96,37,7f,ef,30,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,02,af,7e,2b,0d,
57,dc,32,86,8c,21,01,be,91,eb,e7,e2,ec,15,a3,16,e9,12,47,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,b0,85,49,df,
f8,c6,aa,f5,1d,4d,73,a8,13,5c,05,db,8c,cb,e6,39,45,20,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,30,e9,9b,7e,56,
c9,12,01,df,20,58,62,78,6b,cf,c8,65,41,17,dd,fa,37,14,59,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,2c,dc,78,22,
4c,98,54,fb,a7,78,e6,12,2f,9a,ea,c5,e1,7c,8f,6d,83,fe,8a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,b8,0b,62,0a,0e,
5e,af,b4,01,3a,48,fc,e8,04,4a,f1,25,3f,07,d5,68,e9,14,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,2e,53,3a,35,
9c,a5,73,f6,0f,4e,58,98,5b,89,c9,c3,7f,7c,cb,83,22,fa,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b6,74,61,47,8d,
e9,8a,66,3d,ce,ea,26,2d,45,aa,78,1a,32,36,42,5e,cf,8e,94,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,fd,26,5b,6c,
a6,fd,15,2a,b7,cc,b5,b9,7f,41,e7,7b,02,49,5d,70,e0,6f,ac,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,35,85,bf,5e,dd,
7e,72,ba,6c,43,2d,1e,aa,22,2f,9c,d8,34,c3,7a,35,75,d4,78,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSSLSRV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSRVC.EXE
c:\windows\SYSTEM32\DVDRAMSV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\PINNACLE\MEDIASERVER\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\BINN\SQLSERVR.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\OODAG.EXE
c:\program files\PINNACLE\SHARED FILES\PROGRAMS\MEDIASERVER\PMSHOST.EXE
.
**************************************************************************
.
Celkový čas: 2009-06-04 23:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-04 21:08
ComboFix2.txt 2009-06-04 19:02

Před spuštěním: Volných bajtů: 24 502 009 856
Po spuštění: Volných bajtů: 24 484 511 744

315 --- E O F --- 2009-05-31 08:10



Log z HJT:

ComboFix 09-06-04.01 - Milan 04.06.2009 22:54.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.189 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\program files\.dat000001.dat"
"c:\program files\.dat000002.dat"
"c:\program files\.data211004.dat"
"c:\program files\.data211204.dat"
"c:\program files\.drv120405.dat"
"c:\program files\Hamachi"
"c:\program files\setup.ini"
"c:\windows\cpqAssetData.dat"
"c:\windows\system32\drivers\hamachi.sys"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\.dat000001.dat
c:\program files\.dat000002.dat
c:\program files\.data211004.dat
c:\program files\.data211204.dat
c:\program files\.drv120405.dat
c:\program files\setup.ini
c:\windows\cpqAssetData.dat
c:\windows\system32\drivers\hamachi.sys
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hamachi


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-04 do 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----w- c:\program files\Total Uninstall 5
2009-06-04 19:46 . 2009-06-04 19:46 -------- d-----w- c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP
2009-06-04 18:34 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 18:34 . 2009-06-04 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 18:34 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 16:46 . 2009-06-04 16:48 80948042 ----a-w- c:\windows\hklmSW.reg
2009-06-04 16:45 . 2009-06-04 16:48 4416934 ----a-w- c:\windows\REGBK00.ZIP
2009-06-04 15:58 . 2009-06-04 15:58 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-04 15:55 . 2009-06-04 15:55 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-04 15:55 . 2009-06-04 15:55 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-04 15:55 . 2009-06-04 15:55 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-04 15:55 . 2009-06-04 15:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-04 15:53 . 2009-06-04 15:53 -------- d-----w- c:\program files\Trend Micro
2009-06-03 10:27 . 2009-06-03 10:27 -------- d-----w- c:\program files\Hamachi
2009-06-01 21:17 . 2009-06-01 21:17 -------- d-sh--w- C:\FOUND.011
2009-05-30 16:12 . 2003-08-11 06:44 77824 ----a-r- c:\windows\system32\hpovst08.dll
2009-05-30 16:12 . 2003-08-11 06:44 565248 ----a-r- c:\windows\system32\hpotscl.dll
2009-05-30 15:19 . 2009-05-30 16:16 28960 ----a-w- c:\windows\hpoins03.dat
2009-05-30 15:19 . 2003-08-11 06:44 34480 ------w- c:\windows\hpomdl03.dat
2009-05-29 18:40 . 2009-05-29 18:40 -------- d-----w- c:\program files\DVD Shrink
2009-05-21 19:25 . 2009-05-21 19:25 -------- d-sh--w- C:\FOUND.010
2009-05-16 10:38 . 2009-05-16 10:38 -------- d-----w- c:\program files\TI Education
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w- c:\program files\Graphmatica
2009-05-16 08:57 . 2009-05-16 08:57 -------- d-sh--w- C:\FOUND.009
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w- c:\program files\Common Files\HP
2009-05-09 18:10 . 2009-05-09 18:10 43488 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-05-09 16:12 . 2009-05-09 16:12 -------- d-----w- c:\program files\HP
2009-05-09 16:11 . 2009-05-09 16:11 -------- d-----w- c:\program files\util
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Setup
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\enu
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Drivers
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\common
2009-05-09 15:41 . 2009-05-09 15:41 -------- d-----w- c:\temp\HP_WebRelease
2009-05-07 20:59 . 2009-05-07 20:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-07 20:34 . 2009-05-07 20:34 -------- d-----w- c:\documents and settings\Milan\TopconTools
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- C:\Binaries
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Topcon
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Common Files\Topcon
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 08:44 . 1979-12-31 22:00 70764 ----a-w- c:\windows\system32\perfc005.dat
2009-05-08 08:44 . 1979-12-31 22:00 400378 ----a-w- c:\windows\system32\perfh005.dat
2009-04-26 18:49 . 2009-04-26 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 07:48 . 2009-04-24 07:48 -------- d-----w- c:\program files\iPod
2009-04-24 07:45 . 2009-04-24 07:45 -------- d-----w- c:\program files\iTunes
2009-04-14 18:57 . 2009-04-14 18:57 -------- d-----w- c:\program files\Common Files\Skype
2009-03-19 14:32 . 2006-09-19 12:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-09-11 14:59 . 2007-09-11 14:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 14:59 . 2007-09-11 14:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 14:55 . 2007-09-11 14:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 14:55 . 2007-09-11 14:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-09-11 14:54 . 2007-09-11 14:54 1821008 ----a-w- c:\program files\instmsiw.exe
2007-09-11 14:54 . 2007-09-11 14:54 1707856 ----a-w- c:\program files\instmsia.exe
2007-09-11 14:54 . 2007-09-11 14:54 4358656 ----a-w- c:\program files\openofficeorg23.msi
2007-06-04 18:55 . 2007-06-04 18:55 376 ----a-w- c:\program files\Zástupce - Geus140.lnk
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_18.59.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 21:05 . 2009-06-04 21:05 16384 c:\windows\Temp\Perflib_Perfdata_56c.dat
+ 2009-06-04 21:05 . 2009-06-04 21:05 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat
- 2009-06-04 18:59 . 2009-06-04 18:59 49152 c:\windows\Temp\CompiledAdapter.dll
+ 2009-06-04 21:05 . 2009-06-04 21:05 49152 c:\windows\Temp\CompiledAdapter.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 45056 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla51.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla39.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla38.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla37.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla36.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla35.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla33.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla27.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla26.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla25.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla24.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla23.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla22.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla21.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla18.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 29480 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 26421 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCall.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 125719 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla50.exe
+ 2009-06-04 19:46 . 2009-06-04 19:46 110799 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla49.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 116956 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla48.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110936 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla47.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110797 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla46.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 110500 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla44.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111260 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla43.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111269 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla42.dll
+ 2009-06-04 19:46 . 2009-06-04 19:46 111476 c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP\WiseCustomCalla41.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2006-10-22 86016]

c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - c:\program files\TurboLaunch\TurboLaunch.exe [2006-3-20 1588736]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\usmt\\migwiz.exe"=
"c:\\Windows\\system32\\mshta.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\GeusISKN\\GeusISKN.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [14.8.2004 15:11 9344]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [14.8.2004 15:11 390400]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [1.1.1980 24000]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [1.1.1980 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [24.11.2007 13:39 16269]
S4 Rdgosk;Rdgosk;c:\windows\system32\drivers\wmilib.sys [1.1.1980 4352]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
c:\windows\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}
.
Obsah adresáře 'Naplánované úlohy'

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-= - (no file)


.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\292t6lfa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 23:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c4,23,28,6e,0a,
21,e4,fc,e2,63,26,f1,3f,c8,ff,68,0c,06,54,21,1f,72,30,d1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ec,19,b8,20,e5,
c8,75,7b,6a,9c,d6,61,af,45,84,18,8b,31,da,5a,d1,6c,5f,e4,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7c,41,d5,ca,ec,
c2,ac,b7,ff,7c,85,e0,43,d4,0e,fe,d0,bf,d8,96,37,7f,ef,30,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,02,af,7e,2b,0d,
57,dc,32,86,8c,21,01,be,91,eb,e7,e2,ec,15,a3,16,e9,12,47,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,b0,85,49,df,
f8,c6,aa,f5,1d,4d,73,a8,13,5c,05,db,8c,cb,e6,39,45,20,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,30,e9,9b,7e,56,
c9,12,01,df,20,58,62,78,6b,cf,c8,65,41,17,dd,fa,37,14,59,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,2c,dc,78,22,
4c,98,54,fb,a7,78,e6,12,2f,9a,ea,c5,e1,7c,8f,6d,83,fe,8a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,b8,0b,62,0a,0e,
5e,af,b4,01,3a,48,fc,e8,04,4a,f1,25,3f,07,d5,68,e9,14,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,2e,53,3a,35,
9c,a5,73,f6,0f,4e,58,98,5b,89,c9,c3,7f,7c,cb,83,22,fa,cf,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b6,74,61,47,8d,
e9,8a,66,3d,ce,ea,26,2d,45,aa,78,1a,32,36,42,5e,cf,8e,94,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,fd,26,5b,6c,
a6,fd,15,2a,b7,cc,b5,b9,7f,41,e7,7b,02,49,5d,70,e0,6f,ac,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,35,85,bf,5e,dd,
7e,72,ba,6c,43,2d,1e,aa,22,2f,9c,d8,34,c3,7a,35,75,d4,78,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSSLSRV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSRVC.EXE
c:\windows\SYSTEM32\DVDRAMSV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\PINNACLE\MEDIASERVER\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\BINN\SQLSERVR.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\OODAG.EXE
c:\program files\PINNACLE\SHARED FILES\PROGRAMS\MEDIASERVER\PMSHOST.EXE
.
**************************************************************************
.
Celkový čas: 2009-06-04 23:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-04 21:08
ComboFix2.txt 2009-06-04 19:02

Před spuštěním: Volných bajtů: 24 502 009 856
Po spuštění: Volných bajtů: 24 484 511 744

315 --- E O F --- 2009-05-31 08:10


Díky fakt moc...

Ach jo, internet furt nefunguje:-( A počítač pořád když dám vypnout, tak se s nápisem vypínání zasekne a nic se neděje, čili nezbývá než vypnout natvrdo. Moc tě prosím pomož mi, vůbec nevím co s tím... Děkujuuu

Můžu se jenom zeptat, jestli by to nezachránil bod obnovy? Díky