Prosím o kontrolu logu. Vyřešeno

[Alan-K]

Ahoy, prosím o kontrolu LOGu. Antivir mi našel nějakého šmejdíka, netuším, jak moc je nebezpečný, ale je smazán. Tak asi jen jako preventivku. PC jede celkem normálně, ale občas se některé stránky načítají neskutečně dlouho, nebo se nenačtou, současne zkoušeno s notebookem, kde tento problém nevzniká, takže nebyl problém na serverech ale asi je v mém PC??? Předem děkuji za Váš čas. Alan.

Toto mi našel NOD32:

14.2.2011 14:34:50 Rezidentní ochrana soubor C:\System Volume Information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP28\A0005165.dll pravděpodobně varianta infiltrace Win32/Packed.Themida potenciálně nechtěná aplikace smazán - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\system32\svchost.exe.

Toto našel MWAV:

Entry "HKCR\SafeITWordAddin.Connect" refers to invalid object "{DFF42C38-F940-4037-9AA8-E0BD1DB67F0B}". Action Taken: No Action Taken.
Entry "HKCR\SafeITWordAddin.WordAddin" refers to invalid object "{93A6A2E7-A6B6-422A-B1B8-976C9035A25B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{15FEDA5F-141C-4127-8D7E-B962D1742728}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1029-7B44-AA0000000001}". Action Taken: No Action Taken.


Tady ja log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:25, on 17.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alan\Plocha\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4164121836
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4164185271
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 12176 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Alan-K]

Atf cleaner používám často, takže jsem provedl. Stejně tak Malwarebytes, log přikládám dole a jdu na ten Dr WEB, zatím moc děkuji.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5783

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.2.2011 13:41:52
mbam-log-2011-02-17 (13-41-52).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 256974
Uplynulý čas: 1 hodin, 20 minut, 59 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Kašli na Weba a dej sem

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Alan-K]

Dr. WEB bez viru....


ComboFix 11-02-17.01 - Alan 18.02.2011 0:25.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2053 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alan\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alan\Data aplikací\EurekaLog
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

----- Souboroví replikátoři -----

c:\windows\Installer\{00099DCF-8DC8-4EA2-A80A-3C2DA67864B2}\ARPPRODUCTICON.exe
c:\windows\Installer\{006DA48B-84C2-B075-3A6B-DB6090A61306}\ARPPRODUCTICON.exe
c:\windows\Installer\{01587D48-FA82-0CB5-B1ED-CF60359EBF11}\ARPPRODUCTICON.exe
c:\windows\Installer\{0286311C-4AF8-FA22-DB38-14950C825B02}\ARPPRODUCTICON.exe
c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
c:\windows\Installer\{13858DBF-E649-B602-4922-F2C6F424DF81}\ARPPRODUCTICON.exe
c:\windows\Installer\{17ECF8FA-398B-402D-EA22-E302D8251CCE}\ARPPRODUCTICON.exe
c:\windows\Installer\{2788871D-2925-F602-830C-A4DD4CA54CB4}\ARPPRODUCTICON.exe
c:\windows\Installer\{2AFBA4FA-F13F-CFB7-A010-B4ABD7918787}\ARPPRODUCTICON.exe
c:\windows\Installer\{2EFD19B2-4535-250C-C7CC-A761F13B86E6}\ARPPRODUCTICON.exe
c:\windows\Installer\{38FC8A78-B58E-FA87-240A-1F97E6F2A0BD}\ARPPRODUCTICON.exe
c:\windows\Installer\{3D9881E9-CC49-9AF4-3FFC-07CDD051EFBC}\ARPPRODUCTICON.exe
c:\windows\Installer\{423E8FEF-4132-A70A-61B3-0726D033060B}\ARPPRODUCTICON.exe
c:\windows\Installer\{430ACB56-530C-E6DE-E352-C49AEDC18395}\ARPPRODUCTICON.exe
c:\windows\Installer\{4515B871-9B69-8B72-FCF7-ED6E95766656}\ARPPRODUCTICON.exe
c:\windows\Installer\{47692600-4FA4-17C5-B021-5563245B4703}\ARPPRODUCTICON.exe
c:\windows\Installer\{47E6B961-AC49-B8E7-A6A9-BEC54D4AA6B6}\ARPPRODUCTICON.exe
c:\windows\Installer\{491A759F-F3B3-D1E1-D647-082B7EBA8325}\ARPPRODUCTICON.exe
c:\windows\Installer\{513BB9B0-510F-802D-88FA-ADBBBD11B5B0}\ARPPRODUCTICON.exe
c:\windows\Installer\{5605BCF1-3E90-4468-BAED-A48AC059DF73}\ARPPRODUCTICON.exe
c:\windows\Installer\{635F45CE-157B-2904-F14B-14CB254EC9AB}\ARPPRODUCTICON.exe
c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
c:\windows\Installer\{672DD057-CF5C-9696-67F7-5E288F0153F4}\ARPPRODUCTICON.exe
c:\windows\Installer\{6AB57823-3580-4CE0-9CF0-072E2A39460C}\ARPPRODUCTICON.exe
c:\windows\Installer\{6E86DAB2-6F06-1037-DCB5-D5C06F7CAD96}\ARPPRODUCTICON.exe
c:\windows\Installer\{745CA57E-997D-F483-545D-FE58169C38A4}\ARPPRODUCTICON.exe
c:\windows\Installer\{86C972F5-1C36-957C-14B8-A13C5657764E}\ARPPRODUCTICON.exe
c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{93074F43-A643-5A8F-88A0-A7A43A80D666}\ARPPRODUCTICON.exe
c:\windows\Installer\{95591B59-20D3-2678-E976-7CC0A4DAA62F}\ARPPRODUCTICON.exe
c:\windows\Installer\{A49710D9-0665-E022-C35C-A27064724F41}\ARPPRODUCTICON.exe
c:\windows\Installer\{A5423CF8-2D49-E766-1A52-FAF14AC3B4DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{AF4DA9D0-41E7-3785-9607-D2E4A0944137}\ARPPRODUCTICON.exe
c:\windows\Installer\{B51F0417-4A38-7D39-A06F-9548662055D9}\ARPPRODUCTICON.exe
c:\windows\Installer\{BBC50689-84B3-A276-E667-185E162621AC}\ARPPRODUCTICON.exe
c:\windows\Installer\{C32D7A1E-AF7A-1E53-3574-D70F8DBAE9C0}\ARPPRODUCTICON.exe
c:\windows\Installer\{C5B4CB33-F375-F6BC-682F-DF322424ABF3}\ARPPRODUCTICON.exe
c:\windows\Installer\{CCBB9F4D-32D1-7896-AE8B-58F983A3972C}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE3A00AE-73CA-EECC-32AA-F76750734AF7}\ARPPRODUCTICON.exe
c:\windows\Installer\{D099F296-A6DC-C6A9-73D2-C9B2D7DA7ADA}\ARPPRODUCTICON.exe
c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
c:\windows\Installer\{D3B1C799-CB73-42DE-BA0F-2344793A095C}\ARPPRODUCTICON.exe
c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
c:\windows\Installer\{DB53C134-1135-E6E1-6338-534249E4F6FD}\ARPPRODUCTICON.exe
c:\windows\Installer\{EEEFE73A-1900-AC1A-EBA8-132E4A8CBC0C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-17 do 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\Alan\DoctorWeb
2011-02-17 19:21 . 2011-02-17 19:21 -------- d---a-w- c:\windows\rundll16.exe
2011-02-17 19:21 . 2011-02-17 19:21 -------- d---a-w- c:\windows\logo1_.exe
2011-02-17 19:08 . 2011-02-17 19:08 -------- d-----w- c:\windows\Sun
2011-02-17 18:12 . 2011-02-17 18:12 -------- d---a-w- c:\windows\VDLL.DLL
2011-02-17 18:12 . 2011-02-17 18:12 -------- d---a-w- c:\windows\system32\runouce.exe
2011-02-17 18:12 . 2011-02-17 18:12 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-02-17 18:12 . 2011-02-17 18:12 -------- d---a-w- c:\windows\logo_1.exe
2011-02-17 18:07 . 2011-02-17 18:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-02-17 18:07 . 2011-02-17 18:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-02-17 18:07 . 2011-02-17 18:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-02-17 18:07 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-02-17 18:07 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-02-14 11:36 . 2011-02-14 11:36 -------- d-----w- c:\documents and settings\Alan\dwhelper
2011-02-13 18:11 . 2011-02-13 18:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2011-02-13 17:47 . 2011-02-13 17:47 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-10 22:07 . 2011-02-15 16:21 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\iRinger
2011-02-10 14:19 . 2011-02-10 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VOWSoft
2011-02-10 12:45 . 2011-02-10 12:47 -------- d-----w- C:\totalcmd
2011-02-10 12:45 . 2011-02-10 12:45 -------- d-----w- c:\documents and settings\Alan\Data aplikací\GHISLER
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-02-10 10:54 . 2011-02-10 10:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-04 15:42 . 2011-02-04 15:42 -------- d-----w- c:\program files\iPod
2011-02-04 14:46 . 2011-02-04 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2011-01-31 14:03 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-31 14:03 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-31 14:03 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-31 14:03 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-31 14:03 . 2011-01-31 14:03 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-31 14:03 . 2011-01-31 14:03 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-31 14:03 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-25 00:47 . 2011-01-25 00:47 -------- d-----w- c:\program files\Common Files\NetDragon
2011-01-25 00:47 . 2011-01-25 00:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\NetDragon
2011-01-24 14:04 . 2011-01-24 14:04 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-01-24 14:03 . 2011-01-24 21:44 -------- d-----w- c:\documents and settings\Alan\Data aplikací\Apple Computer
2011-01-24 14:03 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-24 14:03 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-24 14:02 . 2011-02-04 15:44 -------- d-----w- c:\program files\iTunes
2011-01-24 14:02 . 2011-01-24 14:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-24 14:00 . 2011-01-24 14:00 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\Apple
2011-01-24 14:00 . 2011-01-24 14:00 -------- d-----w- c:\program files\Apple Software Update
2011-01-24 14:00 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-01-24 14:00 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-24 13:59 . 2011-01-24 13:59 -------- d-----w- c:\program files\Bonjour
2011-01-24 13:59 . 2011-02-04 15:42 -------- d-----w- c:\program files\Common Files\Apple
2011-01-24 13:59 . 2011-01-24 14:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-24 13:58 . 2011-02-04 15:30 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\Apple Computer
2011-01-24 09:06 . 2011-01-24 09:06 -------- d-----w- c:\documents and settings\Alan\Data aplikací\SafeIT Security
2011-01-24 09:03 . 2011-01-24 09:03 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{A59E6D5C-0338-4373-92BF-8C484D4E82A6}
2011-01-24 09:03 . 2011-01-24 09:03 -------- d-----w- c:\program files\SafeIT Security
2011-01-24 09:03 . 2011-01-24 09:03 -------- d-----w- c:\program files\Common Files\SafeIT Security
2011-01-24 09:02 . 2011-01-24 09:02 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\PackageAware
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 18:26 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-01-21 14:44 . 2003-04-16 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 10:54 . 2011-01-20 10:52 9749357 ----a-w- c:\windows\REGBK00.ZIP
2011-01-10 22:13 . 2011-01-10 22:13 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-01-10 22:12 . 2011-01-10 22:12 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-01-10 22:08 . 2011-01-10 22:08 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-01-07 14:09 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 14:09 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd(2).dll
2011-01-04 23:59 . 2011-01-05 00:00 73728 ------w- c:\windows\system32\javacpl.cpl
2011-01-04 23:59 . 2011-01-05 00:00 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-04 22:33 . 2011-01-04 22:33 445016 ------w- c:\windows\system32\wrap_oal.dll
2010-12-31 14:04 . 2003-04-16 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 08:00 . 2011-01-09 13:57 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-22 12:34 . 2003-04-16 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-16 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-16 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-16 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2003-04-16 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2011-01-05 11:40 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-05 11:40 20952 ------w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-17 22:44 385024 ------w- c:\windows\system32\html.iec
2010-12-16 22:57 . 2010-12-16 22:57 31088 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-09 15:15 . 2003-04-16 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2002-09-20 17:12 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2003-04-16 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2003-04-16 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-07 18:40 . 2011-01-09 13:57 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22 . 2011-01-09 13:57 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-01 19:06 . 2010-12-01 19:06 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 04:17 . 2004-08-17 22:43 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2009-05-16 02:55 16748544 ------w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2009-05-16 02:26 471040 ------w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2011-01-04 20:23 311296 ------w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2009-05-16 01:35 57344 ------w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2009-05-16 01:34 53248 ------w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2009-05-16 01:33 4489216 ------w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2011-01-04 20:23 462848 ------w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2004-08-17 22:49 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2004-08-17 22:49 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2009-05-16 02:30 53248 ------w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2009-05-16 03:18 212992 ------w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2009-05-16 03:17 155648 ------w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2009-05-16 03:17 26112 ------w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2009-05-16 03:17 43520 ------w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2009-05-16 03:17 159744 ------w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2009-05-16 03:15 614400 ------w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2004-08-17 22:49 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2009-05-16 03:14 53248 ------w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2011-01-04 22:06 143360 ------w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2009-05-16 02:33 651264 ------w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2009-05-16 02:31 196608 ------w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2009-05-16 02:31 17408 ------w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2004-08-17 22:49 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2009-05-16 02:38 64512 ------w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2009-05-16 02:38 64512 ------w- c:\windows\system32\amdpcom32.dll
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 135168]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-05-29 131072]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-02-13 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2008-4-14 596584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-11-18 09:44 9221024 ------w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2010-11-18 09:44 9221024 ------w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29.8.2007 3:04 116264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.1.2011 12:40 363344]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.11.2010 11:40 237568]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.11.2010 11:43 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.11.2010 11:43 484352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4.1.2011 23:06 101904]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.1.2011 12:40 20952]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [5.1.2011 12:07 72704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [5.1.2011 16:07 45736]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4.1.2011 23:34 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [5.1.2011 16:15 6016]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10.1.2011 13:15 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6.1.2011 14:23 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
FF - ProfilePath - c:\documents and settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Harley Davidson: {2c088200-b973-11db-8314-0800200c9a66} - %profile%\extensions\{2c088200-b973-11db-8314-0800200c9a66}
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 00:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?J??52e&XJ??\???8???????XJ??8???`J??B\RO????8???????????????????????????h?????6~`J???????????b@?????????????????@$?|?????$?|??7~??@???:~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-02-18 00:36:50
ComboFix-quarantined-files.txt 2011-02-17 23:36

Před spuštěním: Volných bajtů: 38 929 719 296
Po spuštění: Volných bajtů: 39 020 716 032

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E9970A9F09E3768305A9537F85438476

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\RUNDL132.EXE

File::
c:\windows\REGBK00.ZIP

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-

DDS::
uInternet Settings,ProxyOverride = *.local
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Alan-K]

ComboFix 11-02-17.02 - Alan 18.02.2011 11:23:29.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2052 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Alan\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\REGBK00.ZIP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\logo1_.exe
c:\windows\REGBK00.ZIP
c:\windows\RUNDL132.EXE
c:\windows\rundll16.exe
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL

----- Souboroví replikátoři -----

c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007912.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007913.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007914.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007915.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007916.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007917.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007918.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007919.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007920.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007921.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007922.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007923.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007924.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007925.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007926.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007927.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007928.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007929.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007930.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007931.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007932.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007933.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007934.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007935.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007936.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007937.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007938.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007939.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007940.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007941.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007942.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007943.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007944.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007945.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007946.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007947.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007948.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007949.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007950.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007951.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007952.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007953.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007954.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007955.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007956.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007957.exe
c:\system volume information\_restore{06A78DEF-E6DE-4A8C-8E3F-700478C03766}\RP31\A0007958.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-18 do 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\Alan\DoctorWeb
2011-02-17 19:08 . 2011-02-17 19:08 -------- d-----w- c:\windows\Sun
2011-02-17 18:12 . 2011-02-17 18:12 -------- d---a-w- c:\windows\logo_1.exe
2011-02-17 18:07 . 2011-02-17 18:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-02-17 18:07 . 2011-02-17 18:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-02-17 18:07 . 2011-02-17 18:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-02-17 18:07 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-02-17 18:07 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-02-14 11:36 . 2011-02-14 11:36 -------- d-----w- c:\documents and settings\Alan\dwhelper
2011-02-13 18:11 . 2011-02-13 18:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2011-02-13 17:47 . 2011-02-13 17:47 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-10 22:07 . 2011-02-15 16:21 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\iRinger
2011-02-10 14:19 . 2011-02-10 14:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VOWSoft
2011-02-10 12:45 . 2011-02-10 12:47 -------- d-----w- C:\totalcmd
2011-02-10 12:45 . 2011-02-10 12:45 -------- d-----w- c:\documents and settings\Alan\Data aplikací\GHISLER
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-10 12:45 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-02-10 10:54 . 2011-02-10 10:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-04 15:42 . 2011-02-04 15:42 -------- d-----w- c:\program files\iPod
2011-02-04 14:46 . 2011-02-04 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2011-01-31 14:03 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-31 14:03 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-31 14:03 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-31 14:03 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-31 14:03 . 2011-01-31 14:03 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-31 14:03 . 2011-01-31 14:03 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-31 14:03 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-25 00:47 . 2011-01-25 00:47 -------- d-----w- c:\program files\Common Files\NetDragon
2011-01-25 00:47 . 2011-01-25 00:47 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\NetDragon
2011-01-24 14:04 . 2011-01-24 14:04 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-01-24 14:03 . 2011-01-24 21:44 -------- d-----w- c:\documents and settings\Alan\Data aplikací\Apple Computer
2011-01-24 14:03 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-24 14:03 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-24 14:02 . 2011-02-04 15:44 -------- d-----w- c:\program files\iTunes
2011-01-24 14:02 . 2011-01-24 14:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-24 14:00 . 2011-01-24 14:00 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\Apple
2011-01-24 14:00 . 2011-01-24 14:00 -------- d-----w- c:\program files\Apple Software Update
2011-01-24 14:00 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-01-24 14:00 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-24 13:59 . 2011-01-24 13:59 -------- d-----w- c:\program files\Bonjour
2011-01-24 13:59 . 2011-02-04 15:42 -------- d-----w- c:\program files\Common Files\Apple
2011-01-24 13:59 . 2011-01-24 14:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-24 13:58 . 2011-02-04 15:30 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\Apple Computer
2011-01-24 09:06 . 2011-01-24 09:06 -------- d-----w- c:\documents and settings\Alan\Data aplikací\SafeIT Security
2011-01-24 09:03 . 2011-01-24 09:03 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{A59E6D5C-0338-4373-92BF-8C484D4E82A6}
2011-01-24 09:03 . 2011-01-24 09:03 -------- d-----w- c:\program files\SafeIT Security
2011-01-24 09:03 . 2011-01-24 09:03 -------- d-----w- c:\program files\Common Files\SafeIT Security
2011-01-24 09:02 . 2011-01-24 09:02 -------- d-----w- c:\documents and settings\Alan\Local Settings\Data aplikací\PackageAware
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 18:26 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-01-21 14:44 . 2003-04-16 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 22:13 . 2011-01-10 22:13 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-01-10 22:12 . 2011-01-10 22:12 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-01-10 22:08 . 2011-01-10 22:08 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-01-07 14:09 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 14:09 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd(2).dll
2011-01-04 23:59 . 2011-01-05 00:00 73728 ------w- c:\windows\system32\javacpl.cpl
2011-01-04 23:59 . 2011-01-05 00:00 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-04 22:33 . 2011-01-04 22:33 445016 ------w- c:\windows\system32\wrap_oal.dll
2010-12-31 14:04 . 2003-04-16 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 08:00 . 2011-01-09 13:57 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-22 12:34 . 2003-04-16 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-16 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-16 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-16 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2003-04-16 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2011-01-05 11:40 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-05 11:40 20952 ------w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-17 22:44 385024 ------w- c:\windows\system32\html.iec
2010-12-16 22:57 . 2010-12-16 22:57 31088 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-09 15:15 . 2003-04-16 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2002-09-20 17:12 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2003-04-16 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2003-04-16 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-07 18:40 . 2011-01-09 13:57 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22 . 2011-01-09 13:57 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-01 19:06 . 2010-12-01 19:06 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 04:17 . 2004-08-17 22:43 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2009-05-16 02:55 16748544 ------w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2009-05-16 02:26 471040 ------w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2011-01-04 20:23 311296 ------w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2009-05-16 01:35 57344 ------w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2009-05-16 01:34 53248 ------w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2009-05-16 01:33 4489216 ------w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2011-01-04 20:23 462848 ------w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2004-08-17 22:49 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2004-08-17 22:49 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2009-05-16 02:30 53248 ------w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2009-05-16 03:18 212992 ------w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2009-05-16 03:17 155648 ------w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2009-05-16 03:17 26112 ------w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2009-05-16 03:17 43520 ------w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2009-05-16 03:17 159744 ------w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2009-05-16 03:15 614400 ------w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2004-08-17 22:49 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2009-05-16 03:14 53248 ------w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2011-01-04 22:06 143360 ------w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2009-05-16 02:33 651264 ------w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2009-05-16 02:31 196608 ------w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2009-05-16 02:31 17408 ------w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2004-08-17 22:49 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2009-05-16 02:38 64512 ------w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2009-05-16 02:38 64512 ------w- c:\windows\system32\amdpcom32.dll
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 135168]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-05-29 131072]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-02-13 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2008-4-14 596584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-11-18 09:44 9221024 ------w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2010-11-18 09:44 9221024 ------w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29.8.2007 3:04 116264]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.1.2011 12:40 363344]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.11.2010 11:40 237568]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.11.2010 11:43 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.11.2010 11:43 484352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4.1.2011 23:06 101904]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.1.2011 12:40 20952]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [5.1.2011 12:07 72704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [5.1.2011 16:07 45736]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4.1.2011 23:34 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [5.1.2011 16:15 6016]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10.1.2011 13:15 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6.1.2011 14:23 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\jepw67px.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Harley Davidson: {2c088200-b973-11db-8314-0800200c9a66} - %profile%\extensions\{2c088200-b973-11db-8314-0800200c9a66}
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 11:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?J??52e&XJ??\???8???????XJ??8???`J??B\RO????8???????????????????????????h?????6~`J???????????b@?????????????????@$?|?????$?|??7~??@???:~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(708)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2011-02-18 11:43:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-18 10:43
ComboFix2.txt 2011-02-17 23:36

Před spuštěním: Volných bajtů: 39 024 914 432
Po spuštění: Volných bajtů: 39 011 332 096

- - End Of File - - D0643C7812DD1EC01800D0425605829F

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT

Jak se chová PC?

[Alan-K]

...já myslím, že PC je v pohodě, ale to jsem si myslel i předtím......rozhodně se zlepšilo načítání webu, takže super, rozhodně děkuji MOC.
Tady ještě log....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:32, on 18.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Alan\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4164121836
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4164185271
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 11889 bytes

[memphisto]

fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4164121836
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4164185271
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab

jinak vše, můžeš dát zelenou fajku pokud se neobjevil další problém

[Alan-K]

Děkuji moc memphisto, vše je bez problémů. V HJT jsem fixl vše podle návodu. Děkuji ještě jednou!!!!

[memphisto]

Není zač, pokud je to vše, můžeš dát zelenou fajku vpravo nahoře