Prosím o preventivní kontrolu logu

sccotty · Příspěvekod **sccotty** » 16 črc 2011 14:20

Prosím o preventivní kontrolu logu.Občas se mi stává že při spuštění hry Trainz simulátor a jeho součásti TrainzObjectz mi počítač samovolně skočí do modré obrazovky a restartuje se(a to náhodně několikrát po sobě),ale při jiných hrách a jiném používání to nedělá.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:08, on 16.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1454471165-220523388-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: O&deslat do zařízení bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat do bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11666 bytes

Reklama

Příspěvekod **Žbeky** » 16 črc 2011 14:36

Fixni:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

sccotty · Příspěvekod **sccotty** » 16 črc 2011 14:59

Používám antivir Aviru,ale nechce mě pustit na stažení ATF-Cleaner

Warning
In order not to compromise your security, this page will not be accessed

The requested URL was identified as a potentially harmful website.
For more information why this page has been blocked, please click here. A description of how you can unlock for this page you can find here.
Requested URL: http://www.atribune.org/public-beta/ATF-Cleaner.exe
Category/categories:
Malware

sccotty · Příspěvekod **sccotty** » 16 črc 2011 15:22

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.7.2011 15:20:03
mbam-log-2011-07-16 (15-20-03).txt

Typ: Rychlá kontrola
Kontrolované objekty: 212489
Uplynulý čas: 1 minut, 11 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **Žbeky** » 16 črc 2011 16:10

Ničeho se neboj, malware tam není

sccotty · Příspěvekod **sccotty** » 16 črc 2011 17:32

podařilo se mi stáhnout ATF-Cleaner a provedl jsem vše jak jste mi radil.
výsledek z Malwarebytes' Anti-Malware je uveden výše.

Příspěvekod **Žbeky** » 16 črc 2011 18:33

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

sccotty · Příspěvekod **sccotty** » 16 črc 2011 22:04

ComboFix 11-07-15.03 - home-pc 16.07.2011 21:35:05.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2583 [GMT 2:00]
Spuštěný z: c:\documents and settings\home-pc\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\home-pc\LOCALS~1\Temp\salexten.dll
c:\documents and settings\home-pc\Local Settings\temp\salexten.dll
c:\documents and settings\home-pc\WINDOWS
c:\windows\system32\drivers\fenyijnnotik.sys
c:\windows\system32\mckwave.dll
c:\windows\system32\winm32.dll
c:\windows\system32\winvsx.sys
.
Nakažená kopie c:\windows\system32\dwwin.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\dwwin.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_fenyijnnotik
-------\Service_fenyijnnotik
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 19:45 . 2011-07-16 19:45 0 ----a-w- c:\windows\system32\msdom2.dll
2011-07-16 19:45 . 2011-07-16 19:45 0 ----a-w- c:\windows\system32\lgn1216a.dll
2011-07-16 19:45 . 2011-07-16 19:45 0 ----a-w- c:\windows\system32\atixdbxx.sys
2011-07-16 14:25 . 2011-07-16 14:25 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Avira
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Malwarebytes
2011-07-16 12:42 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-16 12:42 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-16 12:03 . 2011-07-16 12:03 388096 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 11:43 . 2011-07-16 16:25 82952 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-07-16 11:43 . 2011-07-16 16:25 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-16 11:43 . 2011-07-16 16:25 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-16 11:43 . 2011-07-16 16:25 106904 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-07-16 11:43 . 2010-06-17 12:23 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-16 11:43 . 2010-06-17 12:23 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-16 11:43 . 2011-07-16 11:43 -------- d-----w- c:\program files\Avira
2011-07-15 06:37 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{21F5CDB5-8D3C-4782-94DF-996824F7938A}\mpengine.dll
2011-07-10 17:12 . 2011-07-10 17:12 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Artogon
2011-07-10 17:00 . 2011-07-10 17:00 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Ladia Group
2011-07-10 16:58 . 2011-07-10 16:59 -------- d-----w- c:\program files\Anticky Rim
2011-07-10 16:57 . 2011-07-10 18:00 -------- d-----w- c:\program files\Ztracené Eldorádo
2011-07-10 16:55 . 2011-07-10 16:55 -------- d-----w- c:\program files\Cesta za dobrodruzstvim - Na stope duchum
2011-07-10 16:44 . 2011-07-10 16:51 -------- d-----w- c:\program files\Emilka Holubová - Montezumův poklad
2011-07-07 17:12 . 2006-03-02 12:00 670720 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2011-07-07 17:12 . 2006-03-02 12:00 670720 ----a-w- c:\windows\system32\getuname.dll
2011-07-07 17:12 . 2006-03-02 12:00 80896 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2011-07-07 17:12 . 2006-03-02 12:00 80896 ----a-w- c:\windows\system32\charmap.exe
2011-07-07 17:12 . 2006-03-02 12:00 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2011-07-07 17:12 . 2006-03-02 12:00 114688 ----a-w- c:\windows\system32\calc.exe
2011-07-03 06:29 . 2011-07-03 06:29 -------- d-----w- C:\found.003
2011-07-01 18:01 . 2011-07-04 04:51 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\vlc
2011-06-28 18:37 . 2011-06-28 18:37 3584 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-06-28 18:37 . 2011-06-28 18:37 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-06-28 18:36 . 2011-06-28 18:36 -------- d-----w- c:\program files\MSECACHE
2011-06-25 17:28 . 2011-07-16 19:30 -------- d-----w- c:\program files\TrainzObjectz
2011-06-25 11:31 . 2011-06-25 11:31 -------- d-----w- C:\Users
2011-06-23 19:41 . 2011-06-23 19:41 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-23 19:40 . 2011-06-23 19:40 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-06-22 17:21 . 2011-06-22 17:19 237568 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-06-22 17:21 . 2011-06-22 17:19 93736 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-06-22 17:21 . 2011-06-22 17:19 59688 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-06-22 17:21 . 2011-06-22 17:19 556200 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-06-22 17:21 . 2011-06-22 17:19 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-06-22 17:21 . 2011-06-22 17:19 118440 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-06-22 17:21 . 2010-12-09 17:01 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2011-06-22 16:14 . 2011-06-22 16:14 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-06-21 19:44 . 2011-06-21 19:44 -------- d-----w- c:\program files\BullGuard Ltd
2011-06-21 19:36 . 2011-06-21 19:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 19:36 . 2011-06-21 19:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 14:26 . 2011-06-19 14:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-06-18 19:26 . 2011-07-02 10:01 -------- d-----w- c:\program files\ICQ7.5
2011-06-18 07:42 . 2011-06-18 07:42 -------- d-----w- C:\found.002
2011-06-18 06:31 . 2011-06-18 06:31 -------- d-----w- c:\program files\Intel
2011-06-18 06:31 . 2011-04-15 14:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-18 06:29 . 2011-06-18 06:29 -------- d-----w- C:\Intel
2011-06-18 06:27 . 2011-06-18 06:27 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-18 06:27 . 2011-06-18 06:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-06-18 06:27 . 2011-05-25 07:26 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-18 06:27 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-18 06:27 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-18 01:08 . 2011-04-25 16:06 602112 ----a-w- c:\windows\system32\SETFF.tmp
2011-06-18 01:08 . 2011-05-30 22:12 5964800 ----a-w- c:\windows\system32\SETFD.tmp
2011-06-18 01:08 . 2011-04-25 16:06 55296 ----a-w- c:\windows\system32\SETFE.tmp
2011-06-18 01:08 . 2011-04-25 16:06 916480 ----a-w- c:\windows\system32\SETF8.tmp
2011-06-18 01:08 . 2011-04-25 16:06 1991680 ----a-w- c:\windows\system32\SET103.tmp
2011-06-18 01:08 . 2011-04-25 16:06 1211904 ----a-w- c:\windows\system32\SETF9.tmp
2011-06-17 21:22 . 2011-07-02 05:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 21:13 . 2011-06-21 19:36 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-17 21:13 . 2011-06-21 19:36 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-17 21:13 . 2011-06-21 19:36 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-17 21:13 . 2011-06-21 19:36 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-17 21:13 . 2011-06-21 19:36 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-17 21:13 . 2011-06-21 19:36 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-17 20:02 . 2010-12-09 15:15 713216 ----a-w- c:\windows\system32\ntdll.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 19:39 . 2007-08-17 14:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-23 19:39 . 2007-08-17 14:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-22 17:19 . 2004-11-29 17:33 933416 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-06-22 17:19 . 2004-11-29 17:31 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-06-22 17:19 . 2004-11-29 17:30 51752 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-06-22 17:19 . 2010-12-09 16:27 1060864 ----a-w- c:\windows\system32\btrez.dll
2011-06-07 15:55 . 2010-06-03 19:10 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 07:26 . 2010-10-16 10:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-10-16 10:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-10-16 10:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-10-16 10:05 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-10-16 10:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-10-16 10:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-10-16 10:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-10-16 10:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-10-16 10:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-10-16 10:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-10-16 10:05 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2010-10-16 10:05 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2010-10-16 10:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:25 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2007-06-28 22:43 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2010-04-03 20:55 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-04-03 20:55 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-04-03 20:55 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2007-12-05 00:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2007-06-28 22:43 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2007-06-28 22:43 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2007-06-28 22:43 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-24 17:14 . 2010-06-03 19:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-19 16:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-09-23 05:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2007-08-17 13:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 08:06 . 2011-04-26 08:06 11081728 ----a-w- c:\windows\system32\SET105.tmp
2011-04-25 16:06 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-10-22 02:31 . 2007-10-22 02:31 76808 ----a-w- c:\program files\DSETUP.dll
2007-10-22 02:31 . 2007-10-22 02:31 502792 ----a-w- c:\program files\DXSETUP.exe
2007-10-22 02:31 . 2007-10-22 02:31 1673224 ----a-w- c:\program files\dsetup32.dll
2011-06-21 19:36 . 2011-06-17 21:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 122880]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\home-pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2010-10-30 731136]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-9 636256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochec
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^home-pc^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\home-pc\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe"
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" /IMGSTART
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [16.7.2011 13:43 106904]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [16.7.2011 13:43 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [16.7.2011 13:43 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.7.2011 13:43 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [16.7.2011 13:43 428200]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2.12.2010 22:12 20328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [18.6.2011 8:27 2214504]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [16.7.2011 13:43 82952]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.4.2011 20:31 44032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.4.2011 20:24 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
2011-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
2011-07-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-220523388-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-220523388-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: O&deslat do zařízení bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Odeslat do bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.111.1 77.48.254.254
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TaskTray - (no file)
AddRemove-{C9BED750-1211-4480-B1A5-718A3BE15525} - c:\program files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
.
[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA467750-ED4F-4AF8-ECE9-90170B6746F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,49,61,48,38,5e,6f,7d,42,c6,51,e4,3e,75,8e,69,af,19,8f,01,0d,83,95,
2f,5b,e4,54,e7,0c,2c,7f,97,c7,0c,13,cc,00,48,71,98,17,1d,1a,b5,64,21,1d,74,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1560)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 21:59:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 19:59
.
Před spuštěním: Volných bajtů: 160 462 282 752
Po spuštění: Volných bajtů: 160 289 681 408
.
- - End Of File - - 119CB39B83EDF2D554BC0B8D7932DBB9

Příspěvekod **Žbeky** » 17 črc 2011 09:09

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\SETFF.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SET105.tmp
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-220523388-725345543-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-220523388-725345543-1004.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Firefox::
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\dwwin.exe
c:\windows\system32\msdom2.dll
c:\windows\system32\lgn1216a.dll
c:\windows\system32\atixdbxx.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

sccotty · Příspěvekod **sccotty** » 17 črc 2011 10:35

ComboFix 11-07-17.01 - home-pc 17.07.2011 10:12:59.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2610 [GMT 2:00]
Spuštěný z: c:\documents and settings\home-pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\home-pc\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\SET103.tmp"
"c:\windows\system32\SET105.tmp"
"c:\windows\system32\SETF8.tmp"
"c:\windows\system32\SETF9.tmp"
"c:\windows\system32\SETFD.tmp"
"c:\windows\system32\SETFE.tmp"
"c:\windows\system32\SETFF.tmp"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-220523388-725345543-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-220523388-725345543-1004.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\atixdbxx.sys
c:\windows\system32\drivers\ati4irxx.sys
c:\windows\system32\irptp.sys
c:\windows\system32\kirdam.dll
c:\windows\system32\lgn1216a.dll
c:\windows\system32\msdom2.dll
c:\windows\system32\powerxt.dll
c:\windows\system32\SET103.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\yvbb01.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-220523388-725345543-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-220523388-725345543-1004.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 08:10 . 2011-07-17 08:27 -------- d-----w- C:\ComboFix
2011-07-16 19:33 . 2011-06-26 06:45 256000 ----a-w- c:\windows\PEV.exe
2011-07-16 19:33 . 2009-04-20 04:56 60416 ----a-w- c:\windows\NIRCMD.exe
2011-07-16 19:32 . 2011-07-17 08:26 -------- d-----w- C:\Qoobox
2011-07-16 14:25 . 2011-07-16 14:25 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Avira
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Malwarebytes
2011-07-16 12:42 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-16 12:42 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:42 . 2011-07-16 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-16 12:03 . 2011-07-16 12:03 388096 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 11:43 . 2011-07-16 16:25 82952 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-07-16 11:43 . 2011-07-16 16:25 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-16 11:43 . 2011-07-16 16:25 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-16 11:43 . 2011-07-16 16:25 106904 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-07-16 11:43 . 2010-06-17 12:23 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-16 11:43 . 2010-06-17 12:23 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-16 11:43 . 2011-07-16 11:43 -------- d-----w- c:\program files\Avira
2011-07-15 06:37 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{21F5CDB5-8D3C-4782-94DF-996824F7938A}\mpengine.dll
2011-07-10 17:12 . 2011-07-10 17:12 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Artogon
2011-07-10 17:00 . 2011-07-10 17:00 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\Ladia Group
2011-07-10 16:58 . 2011-07-10 16:59 -------- d-----w- c:\program files\Anticky Rim
2011-07-10 16:57 . 2011-07-10 18:00 -------- d-----w- c:\program files\Ztracené Eldorádo
2011-07-10 16:55 . 2011-07-10 16:55 -------- d-----w- c:\program files\Cesta za dobrodruzstvim - Na stope duchum
2011-07-10 16:44 . 2011-07-10 16:51 -------- d-----w- c:\program files\Emilka Holubová - Montezumův poklad
2011-07-07 17:12 . 2006-03-02 12:00 670720 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2011-07-07 17:12 . 2006-03-02 12:00 670720 ----a-w- c:\windows\system32\getuname.dll
2011-07-07 17:12 . 2006-03-02 12:00 80896 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2011-07-07 17:12 . 2006-03-02 12:00 80896 ----a-w- c:\windows\system32\charmap.exe
2011-07-07 17:12 . 2006-03-02 12:00 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2011-07-07 17:12 . 2006-03-02 12:00 114688 ----a-w- c:\windows\system32\calc.exe
2011-07-03 06:29 . 2011-07-03 06:29 -------- d-----w- C:\found.003
2011-07-01 18:01 . 2011-07-04 04:51 -------- d-----w- c:\documents and settings\home-pc\Data aplikací\vlc
2011-06-28 18:37 . 2011-06-28 18:37 3584 ----a-r- c:\documents and settings\home-pc\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-06-28 18:37 . 2011-06-28 18:37 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-06-28 18:36 . 2011-06-28 18:36 -------- d-----w- c:\program files\MSECACHE
2011-06-25 17:28 . 2011-07-17 08:02 -------- d-----w- c:\program files\TrainzObjectz
2011-06-25 11:31 . 2011-06-25 11:31 -------- d-----w- C:\Users
2011-06-23 19:41 . 2011-06-23 19:41 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-23 19:40 . 2011-06-23 19:40 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-06-22 17:21 . 2011-06-22 17:19 237568 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-06-22 17:21 . 2011-06-22 17:19 93736 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-06-22 17:21 . 2011-06-22 17:19 59688 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-06-22 17:21 . 2011-06-22 17:19 556200 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-06-22 17:21 . 2011-06-22 17:19 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-06-22 17:21 . 2011-06-22 17:19 118440 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-06-22 17:21 . 2010-12-09 17:01 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2011-06-22 16:14 . 2011-06-22 16:14 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-06-21 19:44 . 2011-06-21 19:44 -------- d-----w- c:\program files\BullGuard Ltd
2011-06-21 19:36 . 2011-06-21 19:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 19:36 . 2011-06-21 19:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 14:26 . 2011-06-19 14:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-06-18 19:26 . 2011-07-02 10:01 -------- d-----w- c:\program files\ICQ7.5
2011-06-18 07:42 . 2011-06-18 07:42 -------- d-----w- C:\found.002
2011-06-18 06:31 . 2011-06-18 06:31 -------- d-----w- c:\program files\Intel
2011-06-18 06:31 . 2011-04-15 14:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-18 06:29 . 2011-06-18 06:29 -------- d-----w- C:\Intel
2011-06-18 06:27 . 2011-06-18 06:27 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-18 06:27 . 2011-06-18 06:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-06-18 06:27 . 2011-05-25 07:26 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-18 06:27 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-18 06:27 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-17 21:22 . 2011-07-02 05:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 21:13 . 2011-06-21 19:36 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-17 21:13 . 2011-06-21 19:36 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-17 21:13 . 2011-06-21 19:36 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-17 21:13 . 2011-06-21 19:36 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-17 21:13 . 2011-06-21 19:36 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-17 21:13 . 2011-06-21 19:36 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-17 20:02 . 2010-12-09 15:15 713216 ----a-w- c:\windows\system32\ntdll.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 19:39 . 2007-08-17 14:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-23 19:39 . 2007-08-17 14:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-22 17:19 . 2004-11-29 17:33 933416 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-06-22 17:19 . 2004-11-29 17:31 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-06-22 17:19 . 2004-11-29 17:30 51752 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-06-22 17:19 . 2010-12-09 16:27 1060864 ----a-w- c:\windows\system32\btrez.dll
2011-06-07 15:55 . 2010-06-03 19:10 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 07:26 . 2010-10-16 10:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2010-10-16 10:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2010-10-16 10:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2010-10-16 10:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2010-10-16 10:05 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2010-10-16 10:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2010-10-16 10:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2010-10-16 10:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2010-10-16 10:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2010-10-16 10:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2010-10-16 10:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2010-10-16 10:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2010-10-16 10:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2010-10-16 10:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2010-10-16 10:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2010-10-16 10:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2010-10-16 10:05 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2010-10-16 10:05 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2010-10-16 10:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:25 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2007-06-28 22:43 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2010-04-03 20:55 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-04-03 20:55 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-04-03 20:55 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2007-12-05 00:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2007-06-28 22:43 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 07:25 . 2007-06-28 22:43 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2007-06-28 22:43 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-24 17:14 . 2010-06-03 19:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-19 16:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-09-23 05:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2007-08-17 13:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 08:06 . 2006-11-07 19:03 11081728 ----a-w- c:\windows\system32\ieframe.dll
2011-04-25 16:06 . 2006-11-07 19:03 602112 ----a-w- c:\windows\system32\msfeeds.dll
2011-04-25 16:06 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 12:00 206848 ----a-w- c:\windows\system32\occache.dll
2011-04-25 16:06 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-10-22 02:31 . 2007-10-22 02:31 76808 ----a-w- c:\program files\DSETUP.dll
2007-10-22 02:31 . 2007-10-22 02:31 502792 ----a-w- c:\program files\DXSETUP.exe
2007-10-22 02:31 . 2007-10-22 02:31 1673224 ----a-w- c:\program files\dsetup32.dll
2011-06-21 19:36 . 2011-06-17 21:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_19.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-17 08:26 . 2011-07-17 08:26 16384 c:\windows\Temp\Perflib_Perfdata_300.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-09-27 122880]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\home-pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2010-10-30 731136]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-9 636256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autochec
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^home-pc^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\documents and settings\home-pc\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnkStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe"
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" /IMGSTART
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Iomega Drive Icons"=c:\program files\Iomega\DriveIcons\ImgIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [16.7.2011 13:43 106904]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [16.7.2011 13:43 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [16.7.2011 13:43 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.7.2011 13:43 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [16.7.2011 13:43 428200]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2.12.2010 22:12 20328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [18.6.2011 8:27 2214504]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [16.7.2011 13:43 82952]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.4.2011 20:31 44032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.4.2011 20:24 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: O&deslat do zařízení bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Odeslat do bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.111.1 77.48.254.254
FF - ProfilePath - c:\documents and settings\home-pc\Data aplikací\Mozilla\Firefox\Profiles\3t3liwvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 10:28
Windows 5.1.2600 Service Pack 3scan completed successfully
hidden files: 0
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,b7,61,06,7f,79,a6,4b,97,d7,83,\
.
[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA467750-ED4F-4AF8-ECE9-90170B6746F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-220523388-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,49,61,48,38,5e,6f,7d,42,c6,51,e4,3e,75,8e,69,af,19,8f,01,0d,83,95,
2f,5b,e4,54,e7,0c,2c,7f,97,c7,0c,13,cc,00,48,71,98,17,1d,1a,b5,64,21,1d,74,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3588)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Celkový čas: 2011-07-17 10:33:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-17 08:33
ComboFix2.txt 2011-07-16 19:59
.
Před spuštěním: Volných bajtů: 160 050 192 384
Po spuštění: Volných bajtů: 160 021 053 440
.
- - End Of File - - AF20C6A8CE4C70786586C3A2997AA545

ztěch souborů co jsem měl zkontrolovat na virustotal jsem našel jen ten první tyto nemohu v system32 najít

c:\windows\system32\msdom2.dll
c:\windows\system32\lgn1216a.dll
c:\windows\system32\atixdbxx.sys

zde je odkaz na tu první kontrolu

http://www.virustotal.com/file-scan/rep ... 1310891857

a zde je ten poslední požadovaný log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00SBA0 rev.12.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Příspěvekod **Žbeky** » 17 črc 2011 11:03

Ty ostatní CF napodruhé vyhodnotil jako hnusáky a radši je sám smazal. I podle netu to nebyli moc príma soubory...

Ještě poprosím ten MBR log

sccotty · Příspěvekod **sccotty** » 17 črc 2011 11:50

a zde je ten poslední požadovaný log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00SBA0 rev.12.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Prosím o preventivní kontrolu logu

Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Re: Prosím o preventivní kontrolu logu

Kdo je online