Prosim o kontrolu HJT

Koja · Příspěvekod **Koja** » 02 pro 2009 12:05

Zdravim panove,

nevim jak, ale dostal se mi do komplu nejakej bordel, mohl byste se mi na to nekdo podiva, prosim vas?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:09, on 2.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E45BD47E-D3E3-401D-A145-043917F84565}: NameServer = 212.96.160.50,212.96.164.158
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10863 bytes

Reklama

pitimir · Příspěvekod **pitimir** » 02 pro 2009 20:49

Nazdar.

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

Koja · Příspěvekod **Koja** » 02 pro 2009 20:59

Wow, novinka:D

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Koja at 20:56:27,20 on st 02.12.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1316 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\OETRN.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Koja\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://seznam.cz/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OEXPRESS] c:\windows\OETRN.EXE
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\multif~1.lnk - c:\program files\asus\asus multiframe\MultiFrame.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {E45BD47E-D3E3-401D-A145-043917F84565} = 212.96.160.50,212.96.164.158
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 66.98.148.65 auto.search.msn.com
Hosts: 66.98.148.65 auto.search.msn.es
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\koja\dataap~1\mozilla\firefox\profiles\0387su8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\documents and settings\koja\data aplikacă\mozilla\firefox\profiles\0387su8o.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-24 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-4-29 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-4-29 41424]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-15 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-15 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-24 352920]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2007-9-10 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-9-10 7808]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-4-27 87696]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [2007-9-10 7888]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2007-9-10 34944]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-5-17 79888]

=============== Created Last 30 ================

2009-12-02 16:25:51 1394 ----a-w- c:\windows\system32\QuickTimeFavorites.qtr
2009-12-02 16:25:46 86016 ----a-w- c:\windows\unvise32qt.exe
2009-12-02 16:25:33 10314 ----a-w- c:\windows\system32\QuickTime.qtp
2009-12-02 11:02:36 0 d-----w- c:\program files\Trend Micro
2009-11-30 10:33:00 0 d-----w- c:\docume~1\koja\dataap~1\Xilinx
2009-11-29 22:19:55 1 ----a-w- c:\documents and settings\koja\oashdihasidhasuidhiasdhiashdiuasdhasd
2009-11-29 21:17:12 4 ----a-w- c:\docume~1\koja\dataap~1\avdrn.dat
2009-11-24 08:38:45 0 d---a-w- C:\xampplite
2009-11-20 11:53:39 5716 ----a-w- c:\windows\ENGLMENU.INI
2009-11-17 10:29:42 0 d-----w- c:\program files\PHP
2009-11-04 14:20:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-04 14:17:39 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2009-11-07 10:54:38 98340 -c--a-w- c:\windows\system32\perfc005.dat
2009-11-07 10:54:38 480764 -c--a-w- c:\windows\system32\perfh005.dat
2009-09-26 09:25:09 491520 ----a-w- c:\windows\WebIE.dll
2009-09-26 09:25:09 356352 -c--a-w- c:\windows\TrnOutl.dll
2009-09-26 09:25:09 294912 -c--a-w- c:\windows\TrnWord.dll
2009-09-26 09:25:08 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-09-26 09:25:08 26624 ----a-w- c:\windows\OETRN.EXE
2009-09-26 09:25:08 200704 ----a-w- c:\windows\TRNOET.DLL
2009-09-26 09:24:34 516096 -c--a-w- c:\windows\UN32.EXE
2009-09-11 14:19:35 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-03-30 07:35:53 952 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:57:04,54 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10.9.2007 17:48:31
System Uptime: 12.2.2009 11:57:35 (7041 hours ago)

Motherboard: ASUSTeK Computer Inc. | | F3JR
Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | Socket 478 | 1997/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 16 GiB total, 0,579 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 1,813 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp

==== System Restore Points ===================

RP392: 30.11.2009 20:25:19 - Kontrolní bod systému
RP393: 2.12.2009 7:42:55 - Kontrolní bod systému

==== Installed Programs ======================

Acronis Disk Director Suite
Acronis True Image Home
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 6.0.1 CE
Adobe Reader 9.2
Advanced WindowsCare 2.55 Personal
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB936782)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB923789)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950759)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB953838)
Aktualizace zabezpečení systému Windows XP (KB953839)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956390)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958215)
Aktualizace zabezpečení systému Windows XP (KB958469)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960714)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
ASUS InstantFun
ASUS Live Update
Asus MultiFrame
ASUS Splendid Video Enhancement Technology
ASUS Wireless Router WL-520GC Utilities
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATK Media
ATK0100 ACPI UTILITY
avast! Antivirus
Bluetooth Stack for Windows
CCleaner (remove only)
CDex extraction audio
CMake 2.6 a cross-platform, open-source build system
Codec Pack - All In 1 6.0.2.0
Crystal Reports Basic for Visual Studio 2008
Dev-C++ 5 beta 9 release (4.9.9.2)
Dia (remove only)
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
EasyPHP 1.8
ESET Smart Security
EVEREST Home Edition v2.20
FLV Player 1.3.3
Free RAW Viewer 1.00
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.6
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows XP (KB954550-v5)
HP Memories Disc
hp psc 1200 series
IrfanView (remove only)
Java(TM) 6 Update 7
Klient předchozích verzí
LifeFrame2
Maple 11
MATLAB Family of Products Release 14
mCore
mDriver
mDrWiFi
mHelp
MicroMachines V4
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft ASP.NET Web Matrix
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft Software Update for Web Folders (Czech) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 Tools
mIWA
mLogView
mMHouse
ModelSim XE III 6.3c
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.5.5)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
mspgcc - The GNU tools for the MSP430
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Enterprise Edition
Net4Switch
NHL 2004
OpenOffice.org 3.0
Opera 9.64
Oprava Hotfix systému Windows XP (KB942288-v3)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
Připojení ke vzdálené ploše
PC Translator
PConPoint v4.1
PHP 5.2.11
Power4 Gear
PowerISO
Psi (remove only)
QDevKit
QIP Infium 2.0.9030 RC4
Realtek High Definition Audio Driver
REALTEK PCIE NIC Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype™ 4.1
Software Intel(R) PROSet/Wireless
Sun xVM VirtualBox
Synaptics Pointing Device Driver
TortoiseSVN 1.6.5.16974 (32 bit)
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update Manager
Usage Monitor v1.9
USB2.0 1.3M WebCam
VBA (2627.01)
Visual Studio Tools for the Office system 3.0 Runtime
Vuze
Vuze Toolbar
WebFldrs XP
Winamp
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinFlash
WinRAR
Wireless Console 2
Xilinx ISE 11
Xilinx ISE Design Suite 11
XML Paper Specification Shared Components Pack 1.0
Zpracování fotografií a obrázků HP 2.0 - All-in-One
Zpracování fotografií a obrázků HP 2.0 - All-in-One ovladač
Zpracování fotografií a obrázku HP 2.0 - PSC 1200 Series
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

2.12.2009 12:03:08, Informace: Windows File Protection [64002] - Došlo k pokusu o nahrazení chráněného systémového souboru atapi.sys. Z důvodu zachování stability systému byl soubor obnoven na původní verzi. Verze systémového souboru je 5.1.2600.5512.

==== End Of File ===========================

pitimir · Příspěvekod **pitimir** » 03 pro 2009 14:17

Aka novinka? Myslis DDS? Len mi poda lepsi prehlad o systeme nez HJT...skratka lepsia verzia primarneho scannera :)
Obavam sa ale o tvoje drivery...pouzivas Alcohol/Daemon?

1) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

Sections
IAT/EAT
Registry
nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

Koja · Příspěvekod **Koja** » 03 pro 2009 22:02

Alcohol ani Deamon nepouzivam.. akorat obcas PowerISO na virtualni mechaniku, ale hodne zridka. ComboFix me stal asi 6-7 probliknuti BSOD a restarty hned po zacatku, kdy chtel odpojit virt. mechaniky po restartu..

ComboFix

ComboFix 09-12-02.07 - Koja 03.12.2009 14:42.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1444 [GMT 1:00]
Spuštěný z: c:\documents and settings\Koja\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091203-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Koja\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll
c:\windows\regedit.com
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-03 do 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 16:25 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-12-02 16:25 . 2009-12-02 16:43 -------- d-----w- c:\program files\QuickTime
2009-12-02 11:02 . 2009-12-02 11:02 -------- d-----w- c:\program files\Trend Micro
2009-11-24 08:38 . 2009-08-05 23:00 -------- d---a-w- C:\xampplite
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\program files\PHP
2009-11-04 14:20 . 2009-11-04 14:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\program files\Common Files\Skype
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 12:36 . 2009-04-24 17:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-24 23:54 . 2009-04-24 14:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-24 14:31 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-24 14:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-04-24 14:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-24 14:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-24 14:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-24 14:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-24 14:31 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-24 14:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-07 10:54 . 2001-10-25 14:00 98340 -c--a-w- c:\windows\system32\perfc005.dat
2009-11-07 10:54 . 2001-10-25 14:00 480764 -c--a-w- c:\windows\system32\perfh005.dat
2009-11-06 13:02 . 2007-10-21 19:28 476 -c--a-w- c:\windows\eReg.dat
2009-10-20 11:06 . 2008-01-07 12:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 10:02 . 2007-09-10 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 10:22 . 2009-10-12 10:22 -------- d-----w- c:\program files\CMake 2.6
2009-10-10 19:09 . 2007-09-10 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:14 . 2009-10-10 18:14 -------- d-----w- c:\program files\FITkit
2009-10-10 18:13 . 2009-10-10 18:13 -------- d-----w- c:\program files\DIFX
2009-10-07 17:44 . 2009-09-20 15:26 -------- d-----w- c:\program files\Microsoft Works
2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\program files\TortoiseSVN
2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-10-06 16:03 . 2009-10-06 16:02 -------- d-----w- c:\program files\Maple 11
2009-10-06 16:03 . 2009-10-06 16:02 -------- d--h--w- c:\program files\Zero G Registry
2009-10-06 16:03 . 2009-10-06 16:03 36864 ----a-w- c:\windows\system32\maplec.dll
2009-10-06 16:03 . 2009-10-06 16:03 147456 ----a-w- c:\windows\system32\WMIMPLEX.dll
2009-10-05 11:22 . 2009-10-03 10:02 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-09-26 09:25 . 2009-09-26 09:25 491520 ----a-w- c:\windows\WebIE.dll
2009-09-26 09:25 . 2009-09-26 09:25 356352 -c--a-w- c:\windows\TrnOutl.dll
2009-09-26 09:25 . 2007-11-15 07:44 294912 -c--a-w- c:\windows\TrnWord.dll
2009-09-26 09:25 . 2009-09-26 09:25 26624 ----a-w- c:\windows\OETRN.EXE
2009-09-26 09:25 . 2009-09-26 09:25 200704 ----a-w- c:\windows\TRNOET.DLL
2009-09-26 09:25 . 2009-09-26 09:19 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-09-26 09:24 . 2007-11-15 07:43 516096 -c--a-w- c:\windows\UN32.EXE
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-03-30 07:35 . 2007-09-29 08:08 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-26 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-2 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-9-10 491520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\E:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Petr\\FTP Server\\FTPServer.exe"=
"c:\\Program Files\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft ASP.NET Web Matrix\\v0.6.812\\WebServer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\School_OA\\DHCP zkušební\\bin\\DHCP server.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2008 9:04 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.4.2009 15:31 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [29.4.2008 7:19 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [29.4.2008 7:19 41424]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [15.9.2009 12:12 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [15.9.2009 12:12 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.4.2009 15:31 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [10.9.2007 17:09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [10.9.2007 17:09 7808]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27.4.2009 19:39 87696]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [10.9.2007 21:29 7888]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [10.9.2007 17:22 34944]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.5.2009 16:31 79888]
.
Obsah adresáře 'Naplánované úlohy'

2008-02-03 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21193653514.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {E45BD47E-D3E3-401D-A145-043917F84565} = 212.96.160.50,212.96.164.158
FF - ProfilePath - c:\documents and settings\Koja\Data aplikací\Mozilla\Firefox\Profiles\0387su8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 14:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spme.sys >>UNKNOWN [0x8A9AB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> atapi.sys @ 0xba5fcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xba505bb0
PacketIndicateHandler -> NDIS.sys @ 0xba4f4a0d
SendHandler -> NDIS.sys @ 0xba508b40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1214440339-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{217164C5-CD2B-CEFE-4AAB-2A74890635A1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaomllabbc"=hex:66,61,69,70,69,6c,66,65,67,61,64,61,00,31
"dabnkkof"=hex:64,62,63,70,63,6a,6e,64,6f,65,6a,63,6d,67,64,63,6d,69,69,61,70,
6b,6f,6e,6b,63,6f,6a,6d,6f,6a,63,6d,65,6e,69,63,66,6d,64,00,00
"iagoeiakphmiiconlo"=hex:6a,61,6c,68,6c,6b,6e,66,61,62,70,64,6a,6e,6f,69,6d,61,
68,66,00,00
"haapciapbiikjpak"=hex:6a,61,6c,68,6c,6b,6e,66,61,62,70,64,6a,6e,6f,69,6d,61,
68,66,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1500)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1908)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\matlab701\bin\win32\matlab.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2009-12-03 15:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-03 14:00

Před spuštěním: 414 015 488
Po spuštění: 403 984 384

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - F6909CEE4DB3BF969C02C31989B3BE1F

GMER
Jelikoz nic nevyskocilo, tak...

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-03 22:00:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Koja\LOCALS~1\Temp\kxroqfoc.sys

---- System - GMER 1.0.15 ----

SSDT spme.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spme.sys ZwEnumerateValueKey [0xBA6C7030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A9F91F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Tohle je ten prvni log.. kdyz sem to podle navodu nechal testoval podruhy, se vsim zaskrtlym, protoze nic nevyskocilo, tak to trvalo dlouho pres 30 minut i jelikoz sem notas prevazel, tak sem to uz 2x musel vypnout.. je to normalni takhle dlouho?

pitimir · Příspěvekod **pitimir** » 05 pro 2009 15:18

Takze poporadi:

1) Odinstaluj PowerISO (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.

2) Ake pouzivas bezpecnostne softy? Mas tam v nich taky bordel, ze to az pekne nie je...
Stiahni SecurityCheck. Spust ho a postupuj podla instrukcii. Nakoniec vyhodi log, ktory skopiruj sem.

3) Ano, pri GMERe je mozne aj scanovanie cez pol hodinu.

Koja · Příspěvekod **Koja** » 05 pro 2009 16:34

Pouzivam Avast, ale koukam, ze tam sou furt nejaky zbytky po NODu..

LOG:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
ESET Smart Security
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Advanced WindowsCare 2.55 Personal
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

pitimir · Příspěvekod **pitimir** » 06 pro 2009 17:28

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
{E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FileLook::
c:\windows\unvise32qt.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::
sptd
ASKService
ASKUpgrade
ipswuio

Rootkit::
c:\windows\system32\drivers\ipswuio.sys

Folder::
c:\program files\AskBarDis

RegNull::
[HKEY_USERS\S-1-5-21-1214440339-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{217164C5-CD2B-CEFE-4AAB-2A74890635A1}*]

MBR::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

+ten log z GMERu.

Koja · Příspěvekod **Koja** » 06 pro 2009 19:11

ComboFix

ComboFix 09-12-02.07 - Koja 06.12.2009 18:54.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1526 [GMT 1:00]
Spuštěný z: c:\documents and settings\Koja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Koja\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091206-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\000E5A12.bin
c:\program files\AskBarDis\bar\Cache\000E5D1F.bin
c:\program files\AskBarDis\bar\Cache\000E5E96.bin
c:\program files\AskBarDis\bar\Cache\000E602D.bin
c:\program files\AskBarDis\bar\Cache\000E61B3.bin
c:\program files\AskBarDis\bar\Cache\000E6359.bin
c:\program files\AskBarDis\bar\Cache\000E6647.bin
c:\program files\AskBarDis\bar\Cache\0015653B
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Legacy_IPSWUIO
-------\Legacy_SPTD
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_ipswuio
-------\Service_sptd

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-06 do 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-02 16:25 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-12-02 16:25 . 2009-12-02 16:43 -------- d-----w- c:\program files\QuickTime
2009-12-02 11:02 . 2009-12-02 11:02 -------- d-----w- c:\program files\Trend Micro
2009-11-24 08:38 . 2009-08-05 23:00 -------- d---a-w- C:\xampplite
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\program files\PHP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 17:19 . 2009-04-24 17:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-06 12:06 . 2007-09-10 18:06 -------- d-----w- c:\program files\Common Files\Acronis
2009-12-06 12:06 . 2007-09-10 18:06 -------- d-----w- c:\program files\Acronis
2009-11-24 23:54 . 2009-04-24 14:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-24 14:31 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-24 14:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-04-24 14:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-24 14:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-24 14:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-24 14:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-24 14:31 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-24 14:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-07 10:54 . 2001-10-25 14:00 98340 -c--a-w- c:\windows\system32\perfc005.dat
2009-11-07 10:54 . 2001-10-25 14:00 480764 -c--a-w- c:\windows\system32\perfh005.dat
2009-11-06 13:02 . 2007-10-21 19:28 476 -c--a-w- c:\windows\eReg.dat
2009-11-04 14:20 . 2009-11-04 14:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\program files\Common Files\Skype
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----r- c:\program files\Skype
2009-10-20 11:06 . 2008-01-07 12:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 10:02 . 2007-09-10 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 10:22 . 2009-10-12 10:22 -------- d-----w- c:\program files\CMake 2.6
2009-10-10 19:09 . 2007-09-10 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:14 . 2009-10-10 18:14 -------- d-----w- c:\program files\FITkit
2009-10-10 18:13 . 2009-10-10 18:13 -------- d-----w- c:\program files\DIFX
2009-10-06 16:03 . 2009-10-06 16:03 36864 -c--a-w- c:\windows\system32\maplec.dll
2009-10-06 16:03 . 2009-10-06 16:03 147456 -c--a-w- c:\windows\system32\WMIMPLEX.dll
2009-09-26 09:25 . 2009-09-26 09:25 491520 ----a-w- c:\windows\WebIE.dll
2009-09-26 09:25 . 2009-09-26 09:25 356352 -c--a-w- c:\windows\TrnOutl.dll
2009-09-26 09:25 . 2007-11-15 07:44 294912 -c--a-w- c:\windows\TrnWord.dll
2009-09-26 09:25 . 2009-09-26 09:25 26624 ----a-w- c:\windows\OETRN.EXE
2009-09-26 09:25 . 2009-09-26 09:25 200704 ----a-w- c:\windows\TRNOET.DLL
2009-09-26 09:25 . 2009-09-26 09:19 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-09-26 09:24 . 2007-11-15 07:43 516096 -c--a-w- c:\windows\UN32.EXE
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-03-30 07:35 . 2007-09-29 08:08 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\unvise32qt.exe ---
Company: MindVision
File Description: Installer VISE uninstall application file
File Version: 2.8.3
Product Name: Installer VISE 2.8.3
Copyright: Copyright © MindVision Software 1995-99
Original Filename: UNVISE32QT.EXE
File size: 86016
Created time: 2009-12-02 16:25
Modified time: 1999-11-10 11:05
MD5: 23A458E8EB269A71A29ADA0CB3E22E65
SHA1: ED89DAC3CC37F2D47F2DF0824965A1BAC8F4638F

((((((((((((((((((((((((((((( SnapShot@2009-12-03_13.52.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 18:01 . 2009-12-06 18:01 16384 c:\windows\Temp\Perflib_Perfdata_470.dat
+ 2009-10-10 12:46 . 2008-04-14 02:29 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2009-10-10 12:46 . 2008-04-14 03:21 21504 c:\windows\system32\dllcache\hidserv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-26 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-2 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-9-10 491520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\E:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Petr\\FTP Server\\FTPServer.exe"=
"c:\\Program Files\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft ASP.NET Web Matrix\\v0.6.812\\WebServer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\School_OA\\DHCP zkušební\\bin\\DHCP server.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.4.2009 15:31 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [29.4.2008 7:19 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [29.4.2008 7:19 41424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.4.2009 15:31 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [10.9.2007 17:09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [10.9.2007 17:09 7808]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27.4.2009 19:39 87696]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [10.9.2007 21:29 7888]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.5.2009 16:31 79888]
.
Obsah adresáře 'Naplánované úlohy'

2008-02-03 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21193653514.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {E45BD47E-D3E3-401D-A145-043917F84565} = 212.96.160.50,212.96.164.158
FF - ProfilePath - c:\documents and settings\Koja\Data aplikací\Mozilla\Firefox\Profiles\0387su8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 19:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2944)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\matlab701\bin\win32\matlab.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2009-12-06 19:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-06 18:09
ComboFix2.txt 2009-12-03 14:00

Před spuštěním: 2 440 077 312
Po spuštění: 2 419 466 240

Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - AC871A92980438ED97B0C133610DF86C

... GMER dodam hned, jak se dodela :)

Koja · Příspěvekod **Koja** » 06 pro 2009 23:07

Trvalo to asi 4 hodiny, ale dockal sem se...

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-06 23:00:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Koja\LOCALS~1\Temp\kxroqfoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAF85D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAF85D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAF85DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAF85D14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAF85D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAF85D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAF85D0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAF85D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAF85D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAF85D8AE]

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys Systém nemùže nalézt uvedený soubor. !
? C:\ComboFix\catchme.sys Systém nemùže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemùže nalézt uvedený soubor. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1424] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1424] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x50 0x86 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0xB1 0xBA 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8B 0x8A 0xF2 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x50 0x86 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0xB1 0xBA 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8B 0x8A 0xF2 0xEF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA8 0x3F 0xEF 0x0F ...

---- Files - GMER 1.0.15 ----

File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000fg320.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000fg456.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000fg676.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000ft256.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000lfg320.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000lfg456.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1000lft256.txt 616 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s100ecp132.txt 617 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s100etq144.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s100evq100.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1200efg320.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1200efg400.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1200eft256.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1400afg484.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1400afg676.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1400aft256.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\ip\xilinx\other\com\xilinx\ip\mig_v2_2\data\sp3_module\lib\ddr1\par\xmil05\top\xc3s1400anfgg676.txt 0 bytes
File D:\Xilinx\11.1\ISE\coregen\iprepo\BaseIP 0 bytes

---- EOF - GMER 1.0.15 ----

pitimir · Příspěvekod **pitimir** » 07 pro 2009 10:18

Super, este jeden CFScript...tentokrat v tomto zneni:

Kód: Vybrat vše

KillAll::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

FixCSet::

Koja · Příspěvekod **Koja** » 09 pro 2009 18:24

ComboFix 09-12-08.07 - Koja 09.12.2009 18:07:56.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1272 [GMT 1:00]
Spuštěný z: c:\documents and settings\Koja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Koja\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091209-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-09 do 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-02 16:25 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-12-02 16:25 . 2009-12-02 16:43 -------- d-----w- c:\program files\QuickTime
2009-12-02 11:02 . 2009-12-02 11:02 -------- d-----w- c:\program files\Trend Micro
2009-11-24 08:38 . 2009-08-05 23:00 -------- d---a-w- C:\xampplite
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\program files\PHP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 16:04 . 2009-04-24 17:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-06 12:06 . 2007-09-10 18:06 -------- d-----w- c:\program files\Common Files\Acronis
2009-12-06 12:06 . 2007-09-10 18:06 -------- d-----w- c:\program files\Acronis
2009-11-24 23:54 . 2009-04-24 14:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-24 14:31 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-24 14:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-04-24 14:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-24 14:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-24 14:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-24 14:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-24 14:31 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-24 14:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-07 10:54 . 2001-10-25 14:00 98340 -c--a-w- c:\windows\system32\perfc005.dat
2009-11-07 10:54 . 2001-10-25 14:00 480764 -c--a-w- c:\windows\system32\perfh005.dat
2009-11-06 13:02 . 2007-10-21 19:28 476 -c--a-w- c:\windows\eReg.dat
2009-11-04 14:20 . 2009-11-04 14:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\program files\Common Files\Skype
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----r- c:\program files\Skype
2009-10-20 11:06 . 2008-01-07 12:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 10:02 . 2007-09-10 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 10:22 . 2009-10-12 10:22 -------- d-----w- c:\program files\CMake 2.6
2009-10-10 19:09 . 2007-09-10 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:14 . 2009-10-10 18:14 -------- d-----w- c:\program files\FITkit
2009-10-10 18:13 . 2009-10-10 18:13 -------- d-----w- c:\program files\DIFX
2009-10-06 16:03 . 2009-10-06 16:03 36864 -c--a-w- c:\windows\system32\maplec.dll
2009-10-06 16:03 . 2009-10-06 16:03 147456 -c--a-w- c:\windows\system32\WMIMPLEX.dll
2009-09-26 09:25 . 2009-09-26 09:25 491520 ----a-w- c:\windows\WebIE.dll
2009-09-26 09:25 . 2009-09-26 09:25 356352 -c--a-w- c:\windows\TrnOutl.dll
2009-09-26 09:25 . 2007-11-15 07:44 294912 -c--a-w- c:\windows\TrnWord.dll
2009-09-26 09:25 . 2009-09-26 09:25 26624 ----a-w- c:\windows\OETRN.EXE
2009-09-26 09:25 . 2009-09-26 09:25 200704 ----a-w- c:\windows\TRNOET.DLL
2009-09-26 09:25 . 2009-09-26 09:19 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-09-26 09:24 . 2007-11-15 07:43 516096 -c--a-w- c:\windows\UN32.EXE
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-03-30 07:35 . 2007-09-29 08:08 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-26 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-2 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-9-10 491520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\E:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Petr\\FTP Server\\FTPServer.exe"=
"c:\\Program Files\\Renegade Paintball\\PaintballGame.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft ASP.NET Web Matrix\\v0.6.812\\WebServer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\School_OA\\DHCP zkušební\\bin\\DHCP server.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.4.2009 15:31 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [29.4.2008 7:19 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [29.4.2008 7:19 41424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.4.2009 15:31 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [10.9.2007 17:09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [10.9.2007 17:09 7808]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27.4.2009 19:39 87696]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [10.9.2007 21:29 7888]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.5.2009 16:31 79888]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {E45BD47E-D3E3-401D-A145-043917F84565} = 212.96.160.50,212.96.164.158
FF - ProfilePath - c:\documents and settings\Koja\Data aplikací\Mozilla\Firefox\Profiles\0387su8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Adobe Photoshop 6.0.1 CE - c:\windows\ISUN0405.EXE -fc:\program files\Adobe\Photoshop 6.0.1 CE\Uninst.isu -cc:\program files\Adobe\Photoshop 6.0.1 CE\Uninst.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 18:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(316)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\matlab701\webserver\bin\win32\matlabserver.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\matlab701\bin\win32\matlab.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2009-12-09 18:23:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-09 17:22
ComboFix2.txt 2009-12-06 18:09
ComboFix3.txt 2009-12-03 14:00

Před spuštěním: 2 629 935 104
Po spuštění: 2 578 001 920

Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - A68EE4A441CB7E2297872457891DE17B

Prosim o kontrolu HJT

Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Re: Prosim o kontrolu HJT

Kdo je online