zamrzávání PC

sccotty · Příspěvekod **sccotty** » 30 lis 2010 17:00

Prosím o radu.Začal mi zamrzávat počítač.Stává se to jak při spuštění ,tak třeba i když spustím kontrolu antivirákem atd.Připadá mi jako kdyby se v počítači spustilo něco jako "když se roztáčí vrtulka" pak počítač zamrzne a když jej nechám tak po nějaké chvíli se rozběhne a běží dál.Nejsem v tomto profík tak se na Vás obracím s prosbou o radu či pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:46, on 30.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Free Download Manager\fdm.exe
C:\Downloads\Software\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: 1187356142 (.1187356142) - - (no file)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11876 bytes

Reklama

Příspěvekod **memphisto** » 30 lis 2010 18:11

Vítej na fóru PC-HELP.CZ

Odinstaluj:
Ask Toolbar
vypni rezidentní štít Windows Defendera - máš AVIRU

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O20 - AppInit_DLLs:

Dej start - spustit- services.msc - najdi a ukonči/zakaž tuto službu:
O23 - Service: 1187356142 (.1187356142) - - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

sccotty · Příspěvekod **sccotty** » 30 lis 2010 18:58

Děkuji za uvítání a radu.
Nemohu fixnout toto:
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

v logu to nemám uvedeno-provedl jsem odinstalování ask toolbar
mám tam jen tyto dvě položky
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Příspěvekod **memphisto** » 30 lis 2010 19:30

Udělej ten zbytek, dočistíme potom.K fixu toho toobaru potřebuješ zavřít prohlížeč. Ty ICQ po odinstalaci zmizí, ale někdy zůstávají

sccotty · Příspěvekod **sccotty** » 30 lis 2010 20:40

provedl jsem tedy vše co jste mi radil a zde je onen log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5220

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.11.2010 20:37:54
mbam-log-2010-11-30 (20-37-46).txt

Typ kontroly: Rychlý test
Testované objekty: 172652
Uplynulý čas: 10 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\uninstall ask toolbar.dll (Adware.AskSBAR) -> No action taken.
c:\WINDOWS\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> No action taken.

Příspěvekod **memphisto** » 30 lis 2010 20:43

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

sccotty · Příspěvekod **sccotty** » 30 lis 2010 21:06

zde je první log
Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Verze databáze: 5220

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.11.2010 20:59:58
mbam-log-2010-11-30 (20-59-58).txt

Typ kontroly: Rychlý test
Testované objekty: 172644
Uplynulý čas: 6 minut, 56 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\uninstall ask toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
c:\WINDOWS\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

a zde je druhý:

ComboFix 10-11-30.01 - home-pc 30.11.2010 21:23:16.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.307 [GMT 1:00]
Spuštěný z: c:\documents and settings\home-pc\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\regedit.com
c:\windows\system32\drivers\vuxwretn.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.

2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Malwarebytes
2010-11-30 19:23 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-30 19:23 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 18:51 . 2010-11-30 18:51 -------- d-----w- c:\documents and settings\home-pc\DoctorWeb
2010-11-30 16:57 . 2010-11-30 20:01 -------- d---a-w- c:\windows\logo1_.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\VDLL.DLL
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\system32\runouce.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\rundll16.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\logo_1.exe
2010-11-30 16:47 . 2010-11-30 16:47 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-11-30 16:47 . 2010-11-30 16:47 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-11-30 16:47 . 2010-11-30 16:47 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-11-30 16:47 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-11-30 16:47 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-11-30 16:47 . 2010-11-30 16:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-11-30 16:47 . 2010-11-30 16:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2010-11-30 16:36 . 2010-11-30 16:36 388096 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 16:36 . 2010-11-30 16:36 -------- d-----w- c:\program files\Trend Micro
2010-11-30 13:19 . 2010-11-30 13:19 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-11-30 09:58 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{6E17E710-216D-44DD-B3EC-152BDE0E055E}\mpengine.dll
2010-11-30 09:41 . 2010-11-30 09:41 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Avira
2010-11-30 09:38 . 2010-11-30 13:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-30 09:38 . 2010-11-30 13:18 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-30 09:38 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-30 09:38 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-30 09:38 . 2010-11-30 09:38 -------- d-----w- c:\program files\Avira
2010-11-29 21:21 . 2010-11-29 21:21 -------- d-----w- C:\found.001
2010-11-28 18:25 . 2010-11-28 18:27 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\YoWindow
2010-11-28 18:25 . 2010-11-28 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoWindow
2010-11-28 18:25 . 2010-11-28 18:25 -------- d-----w- c:\program files\YoWindow
2010-11-26 16:58 . 2010-11-26 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Avanquest_App'-Anwendungsleiste
2010-11-24 15:35 . 2010-11-24 15:35 -------- d-----w- c:\program files\ESET
2010-11-24 14:20 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-11-24 14:20 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-24 13:57 . 2010-11-24 13:57 -------- d-----w- c:\program files\Driver-Soft
2010-11-24 13:40 . 2010-11-24 13:40 -------- d-----w- c:\program files\DriverFinder
2010-11-24 13:39 . 2010-11-24 13:42 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\DriverFinder
2010-11-24 13:18 . 2010-11-24 13:35 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Ticno
2010-11-24 13:18 . 2010-11-24 13:18 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Breakpad
2010-11-24 13:18 . 2010-11-24 13:35 -------- d-----w- c:\program files\Ticno
2010-11-24 13:18 . 2010-11-24 13:18 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Installer
2010-11-24 13:01 . 2010-11-24 13:33 -------- d-----w- c:\program files\KYE
2010-11-24 13:01 . 2003-07-03 13:21 294912 ----a-w- c:\windows\PIC.dll
2010-11-24 12:33 . 2010-11-24 12:33 -------- d-----w- C:\found.000
2010-11-24 11:39 . 2001-10-24 11:25 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2010-11-24 11:39 . 2001-10-24 11:25 138752 ----a-w- c:\windows\system32\sndvol32.exe
2010-11-22 20:41 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2010-11-22 20:41 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys
2010-11-22 20:41 . 2008-09-30 06:21 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll
2010-11-22 20:41 . 2008-09-30 06:21 57344 ------w- c:\windows\system32\uexfat.dll
2010-11-22 18:41 . 2008-05-02 13:30 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-11-22 18:41 . 2008-05-02 13:30 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-11-22 18:41 . 2008-05-02 13:30 317440 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-11-22 18:41 . 2008-05-02 13:30 317440 ------w- c:\windows\system32\imapi2.dll
2010-11-22 18:40 . 2009-06-25 12:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-11-22 14:55 . 2010-11-22 14:56 -------- d-----w- C:\afb740093febb1936aef591f8df80a6a
2010-11-21 09:27 . 2010-11-21 09:27 -------- d-----w- c:\windows\system32\URTTEMP
2010-11-14 09:13 . 2010-11-14 09:13 -------- d-----w- c:\program files\Lighthouse
2010-11-12 21:28 . 2010-11-12 21:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rumbic Studio
2010-11-12 21:17 . 2010-11-12 21:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2010-11-08 18:14 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Merscom
2010-11-08 18:14 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Merscom
2010-11-08 18:12 . 2010-11-12 19:57 -------- d-----w- c:\program files\MyPlayCity.com
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-05 21:33 . 2010-11-05 21:33 -------- d-----w- C:\$AVG
2010-11-05 21:03 . 2010-11-05 21:03 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\AVG10
2010-11-05 21:01 . 2010-11-05 21:01 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-11-05 21:00 . 2010-11-29 21:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-11-05 20:59 . 2010-11-30 20:17 -------- d-----w- c:\program files\AVG
2010-11-05 20:47 . 2010-11-24 11:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-05 11:17 . 2010-11-05 11:17 679936 ----a-w- c:\windows\system32\divx_xx07.dll
2010-11-05 11:17 . 2010-11-05 11:17 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-11-05 10:16 . 2010-11-22 07:44 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\vlc
2010-11-04 10:39 . 2010-11-04 10:47 -------- d-----w- c:\program files\Windows Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 21:37 . 2010-10-23 21:37 7180 ----a-w- c:\windows\system32\drivers\a2ptbtn.sys
2010-10-23 07:39 . 2010-05-19 16:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 07:39 . 2007-09-23 05:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-22 06:23 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2007-06-28 22:43 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-04-03 20:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2010-04-03 20:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2007-12-05 00:41 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-03 20:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2007-06-28 22:43 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2007-06-28 22:43 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2007-06-28 22:43 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-19 09:41 . 2010-06-03 19:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-07 23:21 . 2010-06-03 19:10 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ---ha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:13 . 2007-08-17 13:42 234728 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2007-10-22 02:31 . 2007-10-22 02:31 76808 ----a-w- c:\program files\DSETUP.dll
2007-10-22 02:31 . 2007-10-22 02:31 502792 ----a-w- c:\program files\DXSETUP.exe
2007-10-22 02:31 . 2007-10-22 02:31 1673224 ----a-w- c:\program files\dsetup32.dll
2007-08-28 12:06 . 2007-08-28 12:06 15171752 ----a-w- c:\program files\06.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 122880]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\home-pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2010-10-30 731136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe"
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" /IMGSTART
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [30.11.2010 10:38 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.11.2010 10:38 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [30.11.2010 10:38 403624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 esihdrv;esihdrv;\??\c:\docume~1\home-pc\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\home-pc\LOCALS~1\Temp\esihdrv.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 .1187356142;1187356142; [x]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - DWPROT
*Deregistered* - Dwsh00000637

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2010-11-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 21:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\home-pc\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\

[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA467750-ED4F-4AF8-ECE9-90170B6746F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,49,61,48,38,5e,6f,7d,42,c6,51,e4,3e,75,8e,69,af,19,8f,01,0d,83,95,
2f,5b,e4,54,e7,0c,2c,7f,97,c7,0c,13,cc,00,48,71,98,17,1d,1a,b5,64,21,1d,74,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-11-30 21:37:19
ComboFix-quarantined-files.txt 2010-11-30 20:37

Před spuštěním: Volných bajtů: 244 933 660 672
Po spuštění: Volných bajtů: 245 806 206 976

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /FASTDETECT /TUTag=4BZ5C1-BAK
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /FASTDETECT /TUTag=VRHYY9-BAK
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /FASTDETECT /TUTag=YP4GOB-BAK

- - End Of File - - 73D113B682D1479DBE07B65B17A3812B

a při sestavování u tohoto logu se mi objevila tato hláška :

soubor nebo adresář/combofix/SvcFull je poškozen a je nečitelný.spusťe pomůcku Chkdsk

Příspěvekod **memphisto** » 30 lis 2010 22:17

Máš tam zmatky v antivirech? Který používáš a chceš nechat? AVIRU? Od Comoda používáš doufám jen firewall?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\found.001
c:\windows\RUNDL132.EXE
c:\windows\VDLL.DLL
C:\found.000

DirLook::
C:\afb740093febb1936aef591f8df80a6a
c:\windows\system32\URTTEMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
"NoFileAssociate"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]

Driver::
BTCOM
BTCOMBUS
esihdrv
.1187356142

File::
c:\windows\system32\DRIVERS\btcomport.sys
c:\windows\system32\Drivers\btcombus.sys
c:\docume~1\home-pc\LOCALS~1\Temp\esihdrv.sys

Firefox::
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\nvdispco32.dll
c:\windows\system32\nvgenco32.dll
c:\windows\PIC.dll
c:\windows\system32\drivers\a2ptbtn.sys
c:\program files\06.exe
c:\program files\Iomega\DriveIcons\deskup.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

sccotty · Příspěvekod **sccotty** » 01 pro 2010 18:31

K těm antivirům,zkoušel jsem který by byl nejlepší.Chtěl bych zůstat u Aviry,ale mám ji prozatím jen na zkoušku,musím si koupit licenci.O to firewalu od COMODA nic nevím nestahoval jsem ho a ani neinstaloval.Nevím jak se mi tam dostal.
Zde je první log:

ComboFix 10-11-30.09 - home-pc 01.12.2010 18:11:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.494 [GMT 1:00]
Spuštěný z: c:\documents and settings\home-pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\home-pc\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\docume~1\home-pc\LOCALS~1\Temp\esihdrv.sys"
"c:\windows\system32\Drivers\btcombus.sys"
"c:\windows\system32\DRIVERS\btcomport.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\file0000.chk
C:\found.001
c:\found.001\file0000.chk
c:\windows\RUNDL132.EXE
c:\windows\VDLL.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_.1187356142
-------\Service_BTCOM
-------\Service_BTCOMBUS
-------\Service_esihdrv

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-01 do 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-12-01 09:10 . 2010-12-01 09:10 -------- d-----w- C:\found.002
2010-11-30 23:17 . 2010-11-30 23:19 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\vlc
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Malwarebytes
2010-11-30 19:23 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-30 19:23 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 18:51 . 2010-11-30 18:51 -------- d-----w- c:\documents and settings\home-pc\DoctorWeb
2010-11-30 16:57 . 2010-11-30 20:01 -------- d---a-w- c:\windows\logo1_.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\system32\runouce.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\rundll16.exe
2010-11-30 16:57 . 2010-11-30 16:57 -------- d---a-w- c:\windows\logo_1.exe
2010-11-30 16:47 . 2010-11-30 16:47 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-11-30 16:47 . 2010-11-30 16:47 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-11-30 16:47 . 2010-11-30 16:47 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-11-30 16:47 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-11-30 16:47 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-11-30 16:47 . 2010-11-30 16:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-11-30 16:47 . 2010-11-30 16:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2010-11-30 16:36 . 2010-11-30 16:36 388096 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 16:36 . 2010-11-30 16:36 -------- d-----w- c:\program files\Trend Micro
2010-11-30 13:19 . 2010-11-30 13:19 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-11-30 09:58 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{6E17E710-216D-44DD-B3EC-152BDE0E055E}\mpengine.dll
2010-11-30 09:41 . 2010-11-30 09:41 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Avira
2010-11-30 09:38 . 2010-11-30 13:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-30 09:38 . 2010-11-30 13:18 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-30 09:38 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-30 09:38 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-30 09:38 . 2010-11-30 09:38 -------- d-----w- c:\program files\Avira
2010-11-28 18:25 . 2010-11-28 18:27 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\YoWindow
2010-11-28 18:25 . 2010-11-28 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoWindow
2010-11-28 18:25 . 2010-11-28 18:25 -------- d-----w- c:\program files\YoWindow
2010-11-26 16:58 . 2010-11-26 16:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Avanquest_App'-Anwendungsleiste
2010-11-24 15:35 . 2010-11-24 15:35 -------- d-----w- c:\program files\ESET
2010-11-24 14:20 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-11-24 14:20 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-24 13:57 . 2010-11-24 13:57 -------- d-----w- c:\program files\Driver-Soft
2010-11-24 13:40 . 2010-11-24 13:40 -------- d-----w- c:\program files\DriverFinder
2010-11-24 13:39 . 2010-11-24 13:42 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\DriverFinder
2010-11-24 13:18 . 2010-11-24 13:35 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Ticno
2010-11-24 13:18 . 2010-11-24 13:18 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Breakpad
2010-11-24 13:18 . 2010-11-24 13:35 -------- d-----w- c:\program files\Ticno
2010-11-24 13:18 . 2010-11-24 13:18 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Installer
2010-11-24 13:01 . 2010-11-24 13:33 -------- d-----w- c:\program files\KYE
2010-11-24 13:01 . 2003-07-03 13:21 294912 ----a-w- c:\windows\PIC.dll
2010-11-24 11:39 . 2001-10-24 11:25 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2010-11-24 11:39 . 2001-10-24 11:25 138752 ----a-w- c:\windows\system32\sndvol32.exe
2010-11-22 20:41 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2010-11-22 20:41 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys
2010-11-22 20:41 . 2008-09-30 06:21 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll
2010-11-22 20:41 . 2008-09-30 06:21 57344 ------w- c:\windows\system32\uexfat.dll
2010-11-22 18:41 . 2008-05-02 13:30 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-11-22 18:41 . 2008-05-02 13:30 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-11-22 18:41 . 2008-05-02 13:30 317440 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-11-22 18:41 . 2008-05-02 13:30 317440 ------w- c:\windows\system32\imapi2.dll
2010-11-22 18:40 . 2009-06-25 12:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-11-22 14:55 . 2010-11-22 14:56 -------- d-----w- C:\afb740093febb1936aef591f8df80a6a
2010-11-21 09:27 . 2010-11-21 09:27 -------- d-----w- c:\windows\system32\URTTEMP
2010-11-14 09:13 . 2010-11-14 09:13 -------- d-----w- c:\program files\Lighthouse
2010-11-12 21:28 . 2010-11-12 21:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rumbic Studio
2010-11-12 21:17 . 2010-11-12 21:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2010-11-08 18:14 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Merscom
2010-11-08 18:14 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Merscom
2010-11-08 18:12 . 2010-11-12 19:57 -------- d-----w- c:\program files\MyPlayCity.com
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-05 21:33 . 2010-11-05 21:33 -------- d-----w- C:\$AVG
2010-11-05 21:03 . 2010-11-05 21:03 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\AVG10
2010-11-05 21:01 . 2010-11-05 21:01 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-11-05 21:00 . 2010-11-29 21:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-11-05 20:59 . 2010-11-30 20:17 -------- d-----w- c:\program files\AVG
2010-11-05 20:47 . 2010-11-24 11:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-05 11:17 . 2010-11-05 11:17 679936 ----a-w- c:\windows\system32\divx_xx07.dll
2010-11-05 11:17 . 2010-11-05 11:17 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-11-04 10:39 . 2010-11-04 10:47 -------- d-----w- c:\program files\Windows Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 21:37 . 2010-10-23 21:37 7180 ----a-w- c:\windows\system32\drivers\a2ptbtn.sys
2010-10-23 07:39 . 2010-05-19 16:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 07:39 . 2007-09-23 05:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-22 06:23 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2007-06-28 22:43 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-04-03 20:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2010-04-03 20:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2007-12-05 00:41 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-04-03 20:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2007-06-28 22:43 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2007-06-28 22:43 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-22 06:23 . 2007-06-28 22:43 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-19 09:41 . 2010-06-03 19:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-07 23:21 . 2010-06-03 19:10 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ---ha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:13 . 2007-08-17 13:42 234728 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2007-10-22 02:31 . 2007-10-22 02:31 76808 ----a-w- c:\program files\DSETUP.dll
2007-10-22 02:31 . 2007-10-22 02:31 502792 ----a-w- c:\program files\DXSETUP.exe
2007-10-22 02:31 . 2007-10-22 02:31 1673224 ----a-w- c:\program files\dsetup32.dll
2007-08-28 12:06 . 2007-08-28 12:06 15171752 ----a-w- c:\program files\06.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\afb740093febb1936aef591f8df80a6a ----

2010-03-19 00:51 . 2010-03-19 00:51 74214 ------w- c:\afb740093febb1936aef591f8df80a6a\1025\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 60816 ------w- c:\afb740093febb1936aef591f8df80a6a\1028\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 80970 ------w- c:\afb740093febb1936aef591f8df80a6a\1029\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 77748 ------w- c:\afb740093febb1936aef591f8df80a6a\1030\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 82346 ------w- c:\afb740093febb1936aef591f8df80a6a\1031\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 86284 ------w- c:\afb740093febb1936aef591f8df80a6a\1032\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 77022 ------w- c:\afb740093febb1936aef591f8df80a6a\1035\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 82962 ------w- c:\afb740093febb1936aef591f8df80a6a\1036\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 72076 ------w- c:\afb740093febb1936aef591f8df80a6a\1037\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 86442 ------w- c:\afb740093febb1936aef591f8df80a6a\1038\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 80060 ------w- c:\afb740093febb1936aef591f8df80a6a\1040\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 68226 ------w- c:\afb740093febb1936aef591f8df80a6a\1041\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 65238 ------w- c:\afb740093febb1936aef591f8df80a6a\1042\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 79634 ------w- c:\afb740093febb1936aef591f8df80a6a\1043\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 79296 ------w- c:\afb740093febb1936aef591f8df80a6a\1044\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 82374 ------w- c:\afb740093febb1936aef591f8df80a6a\1045\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 80738 ------w- c:\afb740093febb1936aef591f8df80a6a\1046\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 81482 ------w- c:\afb740093febb1936aef591f8df80a6a\1049\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 77680 ------w- c:\afb740093febb1936aef591f8df80a6a\1053\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 76818 ------w- c:\afb740093febb1936aef591f8df80a6a\1055\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 60684 ------w- c:\afb740093febb1936aef591f8df80a6a\2052\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 80254 ------w- c:\afb740093febb1936aef591f8df80a6a\2070\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 60816 ------w- c:\afb740093febb1936aef591f8df80a6a\3076\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 79996 ------w- c:\afb740093febb1936aef591f8df80a6a\3082\LocalizedData.xml
2010-03-19 00:51 . 2010-03-19 00:51 272046 ------w- c:\afb740093febb1936aef591f8df80a6a\ParameterInfo.xml
2010-03-19 00:51 . 2010-03-19 00:51 77232 ------w- c:\afb740093febb1936aef591f8df80a6a\1033\LocalizedData.xml
2010-03-18 23:55 . 2010-03-18 23:55 495616 ------w- c:\afb740093febb1936aef591f8df80a6a\netfx_Extended_x86.msi
2010-03-18 23:52 . 2010-03-18 23:52 34734478 ------w- c:\afb740093febb1936aef591f8df80a6a\netfx_Extended.mzz
2010-03-18 23:10 . 2010-03-18 23:10 93314 ------w- c:\afb740093febb1936aef591f8df80a6a\Extended\Parameterinfo.xml
2010-03-18 20:26 . 2010-03-18 20:26 1163264 ------w- c:\afb740093febb1936aef591f8df80a6a\netfx_Core_x86.msi
2010-03-18 20:24 . 2010-03-18 20:24 115880689 ------w- c:\afb740093febb1936aef591f8df80a6a\netfx_Core.mzz
2010-03-18 20:16 . 2010-03-18 20:16 78152 ------w- c:\afb740093febb1936aef591f8df80a6a\Setup.exe
2010-03-18 20:16 . 2010-03-18 20:16 807256 ------w- c:\afb740093febb1936aef591f8df80a6a\SetupEngine.dll
2010-03-18 20:16 . 2010-03-18 20:16 295248 ------w- c:\afb740093febb1936aef591f8df80a6a\SetupUi.dll
2010-03-18 20:16 . 2010-03-18 20:16 17240 ------w- c:\afb740093febb1936aef591f8df80a6a\1025\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\afb740093febb1936aef591f8df80a6a\1028\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1029\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1030\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\afb740093febb1936aef591f8df80a6a\1031\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 19288 ------w- c:\afb740093febb1936aef591f8df80a6a\1032\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17240 ------w- c:\afb740093febb1936aef591f8df80a6a\1033\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1035\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\afb740093febb1936aef591f8df80a6a\1036\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 16728 ------w- c:\afb740093febb1936aef591f8df80a6a\1037\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\afb740093febb1936aef591f8df80a6a\1038\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1040\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 15704 ------w- c:\afb740093febb1936aef591f8df80a6a\1041\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 15192 ------w- c:\afb740093febb1936aef591f8df80a6a\1042\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 19288 ------w- c:\afb740093febb1936aef591f8df80a6a\1043\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\afb740093febb1936aef591f8df80a6a\1044\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1045\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1046\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\afb740093febb1936aef591f8df80a6a\1049\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\afb740093febb1936aef591f8df80a6a\1053\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\afb740093febb1936aef591f8df80a6a\1055\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\afb740093febb1936aef591f8df80a6a\2052\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\afb740093febb1936aef591f8df80a6a\2070\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\afb740093febb1936aef591f8df80a6a\3076\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\afb740093febb1936aef591f8df80a6a\3082\SetupResources.dll
2010-03-18 19:58 . 2010-03-18 19:58 96088 ------w- c:\afb740093febb1936aef591f8df80a6a\SetupUtility.exe
2010-03-18 19:56 . 2010-03-18 19:56 201796 ------w- c:\afb740093febb1936aef591f8df80a6a\Client\Parameterinfo.xml
2010-03-18 19:11 . 2010-03-18 19:11 2141433 ------w- c:\afb740093febb1936aef591f8df80a6a\Windows6.1-KB958488-v6001-x86.msu
2010-03-18 17:19 . 2010-03-18 17:19 2192672 ------w- c:\afb740093febb1936aef591f8df80a6a\Windows6.0-KB956250-v6001-x86.msu
2010-03-11 04:29 . 2010-03-11 04:29 7567 ------w- c:\afb740093febb1936aef591f8df80a6a\1025\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6309 ------w- c:\afb740093febb1936aef591f8df80a6a\1028\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3726 ------w- c:\afb740093febb1936aef591f8df80a6a\1029\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3314 ------w- c:\afb740093febb1936aef591f8df80a6a\1030\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3419 ------w- c:\afb740093febb1936aef591f8df80a6a\1031\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 8876 ------w- c:\afb740093febb1936aef591f8df80a6a\1032\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3702 ------w- c:\afb740093febb1936aef591f8df80a6a\1035\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3526 ------w- c:\afb740093febb1936aef591f8df80a6a\1036\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6851 ------w- c:\afb740093febb1936aef591f8df80a6a\1037\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4254 ------w- c:\afb740093febb1936aef591f8df80a6a\1038\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3643 ------w- c:\afb740093febb1936aef591f8df80a6a\1040\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 10125 ------w- c:\afb740093febb1936aef591f8df80a6a\1041\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 12687 ------w- c:\afb740093febb1936aef591f8df80a6a\1042\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3546 ------w- c:\afb740093febb1936aef591f8df80a6a\1043\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3046 ------w- c:\afb740093febb1936aef591f8df80a6a\1044\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4040 ------w- c:\afb740093febb1936aef591f8df80a6a\1045\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3683 ------w- c:\afb740093febb1936aef591f8df80a6a\1046\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 54456 ------w- c:\afb740093febb1936aef591f8df80a6a\1049\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3865 ------w- c:\afb740093febb1936aef591f8df80a6a\1053\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3859 ------w- c:\afb740093febb1936aef591f8df80a6a\1055\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 5827 ------w- c:\afb740093febb1936aef591f8df80a6a\2052\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4015 ------w- c:\afb740093febb1936aef591f8df80a6a\2070\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6309 ------w- c:\afb740093febb1936aef591f8df80a6a\3076\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3069 ------w- c:\afb740093febb1936aef591f8df80a6a\3082\eula.rtf
2010-03-04 03:07 . 2010-03-04 03:07 3188 ------w- c:\afb740093febb1936aef591f8df80a6a\1033\eula.rtf
2010-01-11 05:10 . 2010-01-11 05:10 10134 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\stop.ico
2009-11-05 06:41 . 2009-11-05 06:41 38898 ------w- c:\afb740093febb1936aef591f8df80a6a\UiInfo.xml
2009-11-05 06:41 . 2009-11-05 06:41 39042 ------w- c:\afb740093febb1936aef591f8df80a6a\Client\UiInfo.xml
2009-11-05 06:41 . 2009-11-05 06:41 39050 ------w- c:\afb740093febb1936aef591f8df80a6a\Extended\UiInfo.xml
2009-11-05 06:41 . 2009-11-05 06:41 30120 ------w- c:\afb740093febb1936aef591f8df80a6a\SetupUi.xsd
2009-08-31 10:50 . 2009-08-31 10:50 88533 ------w- c:\afb740093febb1936aef591f8df80a6a\DisplayIcon.ico
2009-08-31 10:50 . 2009-08-31 10:50 41080 ------w- c:\afb740093febb1936aef591f8df80a6a\SplashScreen.bmp
2009-08-31 10:50 . 2009-08-31 10:50 14084 ------w- c:\afb740093febb1936aef591f8df80a6a\Strings.xml
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Print.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate1.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate2.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate3.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate4.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate5.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate6.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate7.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Rotate8.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Save.ico
2009-08-31 10:49 . 2009-08-31 10:49 36710 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\Setup.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\SysReqMet.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\SysReqNotMet.ico
2009-08-31 10:49 . 2009-08-31 10:49 10134 ------w- c:\afb740093febb1936aef591f8df80a6a\Graphics\warn.ico
2009-08-31 10:49 . 2009-08-31 10:49 16118 ------w- c:\afb740093febb1936aef591f8df80a6a\DHtmlHeader.html
2009-08-31 10:44 . 2009-08-31 10:44 144416 ------w- c:\afb740093febb1936aef591f8df80a6a\sqmapi.dll
2009-08-31 10:41 . 2009-08-31 10:41 3628 ------w- c:\afb740093febb1936aef591f8df80a6a\header.bmp
2009-08-31 10:41 . 2009-08-31 10:41 104072 ------w- c:\afb740093febb1936aef591f8df80a6a\watermark.bmp
2009-08-31 09:11 . 2009-08-31 09:11 94720 ------w- c:\afb740093febb1936aef591f8df80a6a\RGB9Rast_x86.msi

---- Directory of c:\windows\system32\URTTEMP ----

2003-02-21 04:16 . 2003-02-21 04:16 49152 ----a-w- c:\windows\system32\URTTEMP\regtlib.exe

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 122880]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\home-pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2010-10-30 731136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe"
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" /IMGSTART
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [30.11.2010 10:38 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.11.2010 10:38 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [30.11.2010 10:38 403624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 17:19 13592]
S0 mure;mure;c:\windows\system32\drivers\vuxwretn.sys --> c:\windows\system32\drivers\vuxwretn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2010-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 18:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\

[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA467750-ED4F-4AF8-ECE9-90170B6746F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,49,61,48,38,5e,6f,7d,42,c6,51,e4,3e,75,8e,69,af,19,8f,01,0d,83,95,
2f,5b,e4,54,e7,0c,2c,7f,97,c7,0c,13,cc,00,48,71,98,17,1d,1a,b5,64,21,1d,74,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(844)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Avira\AntiVir Desktop\checkt.exe
.
**************************************************************************
.
Celkový čas: 2010-12-01 18:26:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-01 17:26
ComboFix2.txt 2010-11-30 20:37

Před spuštěním: Volných bajtů: 245 803 106 304
Po spuštění: Volných bajtů: 245 787 455 488

- - End Of File - - A9DB1C51B4B7049F74AAD5D92E463D05

a zde jsou odkazy na stránky s kontrolou těch souborů.

http://www.virustotal.com/file-scan/rep ... 1291225512
http://www.virustotal.com/file-scan/rep ... 1291225731
http://www.virustotal.com/file-scan/rep ... 1291225853
http://www.virustotal.com/file-scan/rep ... 1291226107
http://www.virustotal.com/file-scan/rep ... 1291226510
http://www.virustotal.com/file-scan/rep ... 1291226687

Příspěvekod **memphisto** » 01 pro 2010 18:52

Ještě jsem nahoď ty soubory z Virustotal. Ty antiviry pořešíme. Odstraníme tedy všechny a ponecháme jen AVIRU.

sccotty · Příspěvekod **sccotty** » 01 pro 2010 19:09

odkazy jsem přiložil do předchozí odpovědi..Omlouvám se.

Příspěvekod **memphisto** » 01 pro 2010 21:14

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

SecCenter::
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Folder::
C:\found.002
c:\windows\system32\runouce.exe
c:\program files\ESET
C:\$AVG
c:\documents and settings\home-pc\Data aplikací\AVG10
c:\documents and settings\All Users\Data aplikací\AVG10
c:\program files\AVG

Driver::
mure

File::
c:\windows\system32\drivers\vuxwretn.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

zamrzávání PC Vyřešeno

zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Re: zamrzávání PC

Kdo je online