Prosím kontrolu logu

[Nuny]

ComboFix 08-10-28.01 - Jan_2 2008-10-29 11:07:34.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.650 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jan_2\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\FOUND.014
C:\FOUND.015
C:\FOUND.016
C:\WINDOWS.0\system32\oYGiPqru.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\oYGiPqru.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-29 )))))))))))))))))))))))))))))))
.

2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-29 10:43 . 2008-10-29 10:43 234,132 --a------ C:\Documents and Settings\Iulia AD-1725.Civ4SavedGame
2008-10-29 03:00 . 2008-10-29 03:02 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2008-10-28 21:30 . 2008-10-28 21:30 <DIR> d-------- C:\WINDOWS.0\system32\CatRoot_bak
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 19:08 . 2008-10-28 19:08 <DIR> d--hs---- C:\FOUND.016
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 14:27 . 2008-10-28 14:27 <DIR> d--hs---- C:\FOUND.015
2008-10-28 12:24 . 2008-10-28 12:24 <DIR> d--hs---- C:\FOUND.014
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-10-15 17:00 332,800 ------w C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-03 17:26 6,066,176 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
2008-09-15 15:40 1,846,016 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-15 15:40 1,846,016 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\dllcache\srv.sys
2008-08-27 09:27 3,593,216 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-08-26 08:26 63,488 ------w C:\WINDOWS.0\system32\dllcache\icardie.dll
2008-08-26 08:26 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2008-08-26 08:26 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2008-08-26 08:26 383,488 ------w C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2008-08-26 08:26 347,136 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2008-08-26 08:26 267,776 ------w C:\WINDOWS.0\system32\dllcache\iertutil.dll
2008-08-26 08:26 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2008-08-26 08:26 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2008-08-26 08:26 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2008-08-26 08:26 133,120 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2008-08-26 08:26 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-08-25 08:36 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2008-08-14 13:46 2,182,528 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:46 2,182,528 ------w C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-08-14 13:46 2,138,112 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:46 2,059,904 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-08-14 13:46 2,059,904 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:46 2,017,792 ------w C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS.0\system32\dllcache\afd.sys
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-28_21.23.53.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 17:04:52 2,138,112 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:46:36 2,138,112 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 17:05:02 2,059,776 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:46:44 2,059,904 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 17:04:50 2,017,792 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:46:32 2,017,792 ------w C:\WINDOWS.0\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 17:05:00 2,182,528 ------w C:\WINDOWS.0\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:46:42 2,182,528 ------w C:\WINDOWS.0\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 17:42:04 124,928 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 17:42:04 347,136 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 17:42:04 214,528 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 17:42:04 133,120 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 17:42:04 63,488 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 10:19:04 70,656 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 17:42:04 153,088 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 17:42:04 230,400 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 06:23:54 161,792 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 17:42:04 383,488 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 17:42:04 384,512 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 17:42:06 6,066,176 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 17:42:06 44,544 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 17:42:08 267,776 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 10:20:26 13,824 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 10:19:22 625,664 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 17:42:08 27,648 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 17:42:08 459,264 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 17:42:08 52,224 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 09:42:10 3,592,192 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 17:42:10 477,696 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 17:42:10 193,024 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 17:42:10 671,232 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 17:42:10 102,912 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 17:42:10 44,544 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:07:42 215,776 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:08:50 379,616 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 17:42:10 105,984 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 17:42:12 1,159,680 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 17:42:12 233,472 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 17:42:12 826,368 ------w C:\WINDOWS.0\ie7updates\KB956390-IE7\wininet.dll
- 2008-10-24 18:47:52 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-28 20:28:18 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2008-06-23 17:42:04 124,928 ----a-w C:\WINDOWS.0\system32\advpack.dll
+ 2008-08-26 08:26:56 124,928 ----a-w C:\WINDOWS.0\system32\advpack.dll
- 2008-06-23 17:42:08 27,648 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:27:00 27,648 ------w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
- 2008-06-23 17:42:08 459,264 ------w C:\WINDOWS.0\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:27:00 459,264 ------w C:\WINDOWS.0\system32\dllcache\msfeeds.dll
- 2008-06-23 17:42:08 52,224 ------w C:\WINDOWS.0\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:27:00 52,224 ------w C:\WINDOWS.0\system32\dllcache\msfeedsbs.dll
- 2008-06-23 17:42:10 477,696 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:27:02 477,696 ------w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
- 2008-06-23 17:42:10 193,024 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
+ 2008-08-26 08:27:02 193,024 ------w C:\WINDOWS.0\system32\dllcache\msrating.dll
- 2008-06-23 17:42:10 671,232 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
+ 2008-08-26 08:27:02 671,232 ------w C:\WINDOWS.0\system32\dllcache\mstime.dll
- 2008-06-23 17:42:10 102,912 ------w C:\WINDOWS.0\system32\dllcache\occache.dll
+ 2008-08-26 08:27:02 102,912 ------w C:\WINDOWS.0\system32\dllcache\occache.dll
- 2008-06-23 17:42:10 44,544 ------w C:\WINDOWS.0\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:27:02 44,544 ------w C:\WINDOWS.0\system32\dllcache\pngfilt.dll
- 2008-06-23 17:42:10 105,984 ------w C:\WINDOWS.0\system32\dllcache\url.dll
+ 2008-08-26 08:27:02 105,984 ------w C:\WINDOWS.0\system32\dllcache\url.dll
- 2008-06-23 17:42:12 1,159,680 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
+ 2008-08-26 08:27:02 1,159,680 ------w C:\WINDOWS.0\system32\dllcache\urlmon.dll
- 2008-06-23 17:42:12 233,472 ------w C:\WINDOWS.0\system32\dllcache\webcheck.dll
+ 2008-08-26 08:27:02 233,472 ------w C:\WINDOWS.0\system32\dllcache\webcheck.dll
- 2008-06-23 17:42:12 826,368 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
+ 2008-08-26 08:27:02 826,368 ------w C:\WINDOWS.0\system32\dllcache\wininet.dll
- 2008-06-20 11:44:38 138,368 ------w C:\WINDOWS.0\system32\drivers\afd.sys
+ 2008-08-14 09:51:44 138,368 ------w C:\WINDOWS.0\system32\drivers\afd.sys
- 2008-06-23 17:42:04 347,136 ------w C:\WINDOWS.0\system32\dxtmsft.dll
+ 2008-08-26 08:26:56 347,136 ------w C:\WINDOWS.0\system32\dxtmsft.dll
- 2008-06-23 17:42:04 214,528 ------w C:\WINDOWS.0\system32\dxtrans.dll
+ 2008-08-26 08:26:56 214,528 ------w C:\WINDOWS.0\system32\dxtrans.dll
- 2008-06-23 17:42:04 133,120 ------w C:\WINDOWS.0\system32\extmgr.dll
+ 2008-08-26 08:26:56 133,120 ------w C:\WINDOWS.0\system32\extmgr.dll
- 2008-10-26 04:19:06 181,040 ----a-w C:\WINDOWS.0\system32\FNTCACHE.DAT
+ 2008-10-29 04:25:50 181,040 ----a-w C:\WINDOWS.0\system32\FNTCACHE.DAT
- 2008-06-23 17:42:04 63,488 ----a-w C:\WINDOWS.0\system32\icardie.dll
+ 2008-08-26 08:26:56 63,488 ----a-w C:\WINDOWS.0\system32\icardie.dll
- 2008-06-23 10:19:04 70,656 ------w C:\WINDOWS.0\system32\ie4uinit.exe
+ 2008-08-25 08:36:30 70,656 ------w C:\WINDOWS.0\system32\ie4uinit.exe
- 2008-06-23 17:42:04 153,088 ------w C:\WINDOWS.0\system32\ieakeng.dll
+ 2008-08-26 08:26:56 153,088 ------w C:\WINDOWS.0\system32\ieakeng.dll
- 2008-06-23 17:42:04 230,400 ------w C:\WINDOWS.0\system32\ieaksie.dll
+ 2008-08-26 08:26:56 230,400 ------w C:\WINDOWS.0\system32\ieaksie.dll
- 2008-06-21 06:23:54 161,792 ------w C:\WINDOWS.0\system32\ieakui.dll
+ 2008-08-23 05:54:52 161,792 ------w C:\WINDOWS.0\system32\ieakui.dll
- 2008-06-23 17:42:04 383,488 ----a-w C:\WINDOWS.0\system32\ieapfltr.dll
+ 2008-08-26 08:26:56 383,488 ----a-w C:\WINDOWS.0\system32\ieapfltr.dll
- 2008-06-23 17:42:04 384,512 ------w C:\WINDOWS.0\system32\iedkcs32.dll
+ 2008-08-26 08:26:58 384,512 ------w C:\WINDOWS.0\system32\iedkcs32.dll
- 2008-06-23 17:42:06 6,066,176 ----a-w C:\WINDOWS.0\system32\ieframe.dll
+ 2008-10-03 17:26:30 6,066,176 ----a-w C:\WINDOWS.0\system32\ieframe.dll
- 2008-06-23 17:42:06 44,544 ------w C:\WINDOWS.0\system32\iernonce.dll
+ 2008-08-26 08:26:58 44,544 ------w C:\WINDOWS.0\system32\iernonce.dll
- 2008-06-23 17:42:08 267,776 ----a-w C:\WINDOWS.0\system32\iertutil.dll
+ 2008-08-26 08:26:58 267,776 ----a-w C:\WINDOWS.0\system32\iertutil.dll
- 2008-06-23 10:20:26 13,824 ----a-w C:\WINDOWS.0\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS.0\system32\ieudinit.exe
- 2008-06-23 17:42:08 27,648 ------w C:\WINDOWS.0\system32\jsproxy.dll
+ 2008-08-26 08:27:00 27,648 ------w C:\WINDOWS.0\system32\jsproxy.dll
- 2008-06-23 17:42:08 459,264 ----a-w C:\WINDOWS.0\system32\msfeeds.dll
+ 2008-08-26 08:27:00 459,264 ----a-w C:\WINDOWS.0\system32\msfeeds.dll
- 2008-06-23 17:42:08 52,224 ----a-w C:\WINDOWS.0\system32\msfeedsbs.dll
+ 2008-08-26 08:27:00 52,224 ----a-w C:\WINDOWS.0\system32\msfeedsbs.dll
- 2008-06-24 09:42:10 3,592,192 ----a-w C:\WINDOWS.0\system32\mshtml.dll
+ 2008-08-27 09:27:02 3,593,216 ----a-w C:\WINDOWS.0\system32\mshtml.dll
- 2008-06-23 17:42:10 477,696 ------w C:\WINDOWS.0\system32\mshtmled.dll
+ 2008-08-26 08:27:02 477,696 ------w C:\WINDOWS.0\system32\mshtmled.dll
- 2008-06-23 17:42:10 193,024 ----a-w C:\WINDOWS.0\system32\msrating.dll
+ 2008-08-26 08:27:02 193,024 ----a-w C:\WINDOWS.0\system32\msrating.dll
- 2008-06-23 17:42:10 671,232 ------w C:\WINDOWS.0\system32\mstime.dll
+ 2008-08-26 08:27:02 671,232 ------w C:\WINDOWS.0\system32\mstime.dll
- 2006-08-17 12:29:58 332,288 ----a-w C:\WINDOWS.0\system32\netapi32.dll
+ 2008-10-15 17:00:48 332,800 ----a-w C:\WINDOWS.0\system32\netapi32.dll
- 2008-06-23 17:42:10 102,912 ------w C:\WINDOWS.0\system32\occache.dll
+ 2008-08-26 08:27:02 102,912 ------w C:\WINDOWS.0\system32\occache.dll
- 2008-08-11 03:15:42 88,198 ----a-w C:\WINDOWS.0\system32\perfc005.dat
+ 2008-10-28 20:24:54 88,198 ----a-w C:\WINDOWS.0\system32\perfc005.dat
- 2008-08-11 03:15:42 77,558 ----a-w C:\WINDOWS.0\system32\perfc009.dat
+ 2008-10-28 20:24:54 77,558 ----a-w C:\WINDOWS.0\system32\perfc009.dat
- 2008-08-11 03:15:42 441,770 ----a-w C:\WINDOWS.0\system32\perfh005.dat
+ 2008-10-28 20:24:54 441,770 ----a-w C:\WINDOWS.0\system32\perfh005.dat
- 2008-08-11 03:15:42 444,404 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-10-28 20:24:54 444,404 ----a-w C:\WINDOWS.0\system32\perfh009.dat
- 2008-06-23 17:42:10 44,544 ------w C:\WINDOWS.0\system32\pngfilt.dll
+ 2008-08-26 08:27:02 44,544 ------w C:\WINDOWS.0\system32\pngfilt.dll
- 2007-11-30 13:39:10 18,296 ------w C:\WINDOWS.0\system32\spmsg.dll
+ 2007-11-30 11:18:26 18,296 ------w C:\WINDOWS.0\system32\spmsg.dll
- 2008-06-23 17:42:10 105,984 ----a-w C:\WINDOWS.0\system32\url.dll
+ 2008-08-26 08:27:02 105,984 ----a-w C:\WINDOWS.0\system32\url.dll
- 2008-06-23 17:42:12 1,159,680 ----a-w C:\WINDOWS.0\system32\urlmon.dll
+ 2008-08-26 08:27:02 1,159,680 ----a-w C:\WINDOWS.0\system32\urlmon.dll
- 2008-06-23 17:42:12 233,472 ----a-w C:\WINDOWS.0\system32\webcheck.dll
+ 2008-08-26 08:27:02 233,472 ----a-w C:\WINDOWS.0\system32\webcheck.dll
- 2008-06-23 17:42:12 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
+ 2008-08-26 08:27:02 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
- 2006-10-18 20:47:20 295,936 ------w C:\WINDOWS.0\system32\wmpeffects.dll
+ 2008-06-24 17:12:58 295,936 ------w C:\WINDOWS.0\system32\wmpeffects.dll
+ 2008-10-29 05:59:32 16,384 ----a-w C:\WINDOWS.0\Temp\Perflib_Perfdata_594.dat
+ 2008-04-15 17:59:56 1,724,416 ----a-w C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]

C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]

C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-29 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []

2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 11:13:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\sccfg.sys 32768 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2008-10-29 11:16:57
ComboFix-quarantined-files.txt 2008-10-29 10:16:52
ComboFix2.txt 2008-10-28 20:25:50

Před spuštěním: 6 236 274 688
Po spuštění: 6,250,659,840

356 --- E O F --- 2008-10-29 02:02:21

[Reklama]

[Nuny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:43, on 29.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\msiexec.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8592 bytes

[jaro3]

Zkus ještě najít ten soubor Idle64upload.exe
Tady :C:\Documents and Settings\Jméno\Data aplikací
Máš mít povoleno zobrazovat skryté a systémové složky v možnostech složky.
Stahni jsi Avanger
A do něj zadej :

Kód: Vybrat vše

Files to delete:
C:\FOUND.014
C:\FOUND.015
C:\FOUND.016


klikni na done, pak na ikonu semaforu, nakonec na OK a PC se restartuje
Vlož nový log z CF+log z HJT.

[Nuny]

Idle64upload.exe - neni tam
avanger napsal tohle
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "C:\FOUND.014" is a folder, not a file!
Deletion of file "C:\FOUND.014" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\FOUND.015" is a folder, not a file!
Deletion of file "C:\FOUND.015" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: "C:\FOUND.016" is a folder, not a file!
Deletion of file "C:\FOUND.016" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Completed script processing.

*******************

Finished! Terminate.

[Nuny]

ComboFix 08-10-28.01 - Jan_2 2008-10-29 14:20:32.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.669 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-29 )))))))))))))))))))))))))))))))
.

2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-29 10:43 . 2008-10-29 10:43 234,132 --a------ C:\Documents and Settings\Iulia AD-1725.Civ4SavedGame
2008-10-29 03:00 . 2008-10-29 03:02 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2008-10-28 21:30 . 2008-10-28 21:30 <DIR> d-------- C:\WINDOWS.0\system32\CatRoot_bak
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 19:08 . 2008-10-28 19:08 <DIR> d--hs---- C:\FOUND.016
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 14:27 . 2008-10-28 14:27 <DIR> d--hs---- C:\FOUND.015
2008-10-28 12:24 . 2008-10-28 12:24 <DIR> d--hs---- C:\FOUND.014
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-10-15 17:00 332,800 ------w C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-03 17:26 6,066,176 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
2008-09-15 15:40 1,846,016 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-15 15:40 1,846,016 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\dllcache\srv.sys
2008-08-27 09:27 3,593,216 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-08-26 08:26 63,488 ------w C:\WINDOWS.0\system32\dllcache\icardie.dll
2008-08-26 08:26 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2008-08-26 08:26 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2008-08-26 08:26 383,488 ------w C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2008-08-26 08:26 347,136 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2008-08-26 08:26 267,776 ------w C:\WINDOWS.0\system32\dllcache\iertutil.dll
2008-08-26 08:26 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2008-08-26 08:26 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2008-08-26 08:26 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2008-08-26 08:26 133,120 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2008-08-26 08:26 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-08-25 08:36 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2008-08-14 13:46 2,182,528 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:46 2,182,528 ------w C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-08-14 13:46 2,138,112 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:46 2,059,904 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-08-14 13:46 2,059,904 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:46 2,017,792 ------w C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS.0\system32\dllcache\afd.sys
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.

((((((((((((((((((((((((((((( snapshot_2008-10-29_11.15.37,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 20:28:18 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-29 10:19:16 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-29 13:14:08 16,384 ----a-w C:\WINDOWS.0\Temp\Perflib_Perfdata_598.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]

C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]

C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-29 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []

2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Jan_2\Data aplikací\Mozilla\Firefox\Profiles\4sg77h6a.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 14:26:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\sccfg.sys 32768 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2008-10-29 14:30:08
ComboFix-quarantined-files.txt 2008-10-29 13:29:56
ComboFix3.txt 2008-10-28 20:25:50
ComboFix2.txt 2008-10-29 10:17:02

Před spuštěním: 6 244 106 240
Po spuštění: 6,226,903,040

211 --- E O F --- 2008-10-29 02:02:21

[Nuny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:03, on 29.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8587 bytes

[jaro3]

Zase to není smazáno. Vyzkoušíme toto:
stáhni si killbox
Spusť ho, zatrhni delete on reboot, , zkopíruj do políčka tento skript.Vyber All Files.Klikni na červené políčko s bílým křížkem. PC půjde do restartu.. Vlož sem poté nový log z CF a HJT.

Kód: Vybrat vše

C:\FOUND.014
C:\FOUND.015
C:\FOUND.016

Omlouvám se za chybičku, killbox nemusíš používat. jen nový script v CF:

Kód: Vybrat vše

Folder::
C:\FOUND.016
C:\FOUND.015
C:\FOUND.014

Pak nový log z CF a HJT.

[Nuny]

ComboFix 08-10-28.01 - Jan_2 2008-10-29 19:15:08.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.653 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-29 )))))))))))))))))))))))))))))))
.

2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-29 19:07 . 2008-10-29 19:07 <DIR> d-------- C:\!KillBox
2008-10-29 10:43 . 2008-10-29 10:43 234,132 --a------ C:\Documents and Settings\Iulia AD-1725.Civ4SavedGame
2008-10-29 03:00 . 2008-10-29 03:02 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2008-10-28 21:30 . 2008-10-28 21:30 <DIR> d-------- C:\WINDOWS.0\system32\CatRoot_bak
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 19:08 . 2008-10-28 19:08 <DIR> d-------- C:\FOUND.016
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 14:27 . 2008-10-28 14:27 <DIR> d-------- C:\FOUND.015
2008-10-28 12:24 . 2008-10-28 12:24 <DIR> d-------- C:\FOUND.014
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-10-15 17:00 332,800 ------w C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-03 17:26 6,066,176 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
2008-09-15 15:40 1,846,016 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-15 15:40 1,846,016 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\dllcache\srv.sys
2008-08-27 09:27 3,593,216 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-08-26 08:26 63,488 ------w C:\WINDOWS.0\system32\dllcache\icardie.dll
2008-08-26 08:26 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2008-08-26 08:26 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2008-08-26 08:26 383,488 ------w C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2008-08-26 08:26 347,136 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2008-08-26 08:26 267,776 ------w C:\WINDOWS.0\system32\dllcache\iertutil.dll
2008-08-26 08:26 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2008-08-26 08:26 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2008-08-26 08:26 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2008-08-26 08:26 133,120 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2008-08-26 08:26 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-08-25 08:36 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2008-08-14 13:46 2,182,528 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:46 2,182,528 ------w C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-08-14 13:46 2,138,112 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:46 2,059,904 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-08-14 13:46 2,059,904 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:46 2,017,792 ------w C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS.0\system32\dllcache\afd.sys
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.

((((((((((((((((((((((((((((( snapshot_2008-10-29_11.15.37,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 20:28:18 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-29 13:33:42 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-29 18:12:40 16,384 ----a-w C:\WINDOWS.0\Temp\Perflib_Perfdata_590.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]

C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]

C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-29 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []

2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Jan_2\Data aplikací\Mozilla\Firefox\Profiles\4sg77h6a.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:21:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\sccfg.sys 32768 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2008-10-29 19:24:38
ComboFix-quarantined-files.txt 2008-10-29 18:24:30
ComboFix4.txt 2008-10-28 20:25:50
ComboFix3.txt 2008-10-29 10:17:02
ComboFix2.txt 2008-10-29 13:30:12

Před spuštěním: 6 167 494 656
Po spuštění: 6,158,548,992

213 --- E O F --- 2008-10-29 02:02:21

[Nuny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:34, on 29.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\msiexec.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8502 bytes

[jaro3]

Právě jsem upravoval minulý příspěvek..omlouvám se ..

[Nuny]

v pořádku sám bych s tím nehnul...

ComboFix 08-10-28.01 - Jan_2 2008-10-30 15:05:51.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.606 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jan_2\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.014
C:\FOUND.014\FILE0000.CHK
C:\FOUND.014\FILE0001.CHK
C:\FOUND.014\FILE0002.CHK
C:\FOUND.014\FILE0003.CHK
C:\FOUND.014\FILE0004.CHK
C:\FOUND.014\FILE0005.CHK
C:\FOUND.014\FILE0006.CHK
C:\FOUND.014\FILE0007.CHK
C:\FOUND.014\FILE0008.CHK
C:\FOUND.014\FILE0009.CHK
C:\FOUND.014\FILE0010.CHK
C:\FOUND.014\FILE0011.CHK
C:\FOUND.014\FILE0012.CHK
C:\FOUND.015
C:\FOUND.015\FILE0000.CHK
C:\FOUND.015\FILE0001.CHK
C:\FOUND.015\FILE0002.CHK
C:\FOUND.015\FILE0003.CHK
C:\FOUND.015\FILE0004.CHK
C:\FOUND.015\FILE0005.CHK
C:\FOUND.015\FILE0006.CHK
C:\FOUND.015\FILE0007.CHK
C:\FOUND.016
C:\FOUND.016\FILE0000.CHK
C:\FOUND.016\FILE0001.CHK
C:\FOUND.016\FILE0002.CHK

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-30 )))))))))))))))))))))))))))))))
.

2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-30 14:56 . 2008-10-30 14:56 <DIR> d--hs---- C:\FOUND.017
2008-10-29 19:07 . 2008-10-29 19:07 <DIR> d-------- C:\!KillBox
2008-10-29 10:43 . 2008-10-29 10:43 234,132 --a------ C:\Documents and Settings\Iulia AD-1725.Civ4SavedGame
2008-10-29 03:00 . 2008-10-29 03:02 1,393 --a------ C:\WINDOWS.0\imsins.BAK
2008-10-28 21:30 . 2008-10-28 21:30 <DIR> d-------- C:\WINDOWS.0\system32\CatRoot_bak
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame
2008-09-20 09:30 . 2008-09-20 09:30 267,143 --a------ C:\Documents and Settings\Sarka AD-1904.Civ4SavedGame
2008-09-20 07:12 . 2008-09-20 07:12 <DIR> d--hs---- C:\FOUND.013
2008-09-19 19:28 . 2008-09-19 19:28 222,547 --a------ C:\Documents and Settings\Sarka AD-1685.Civ4SavedGame
2008-09-18 19:28 . 2008-09-18 19:28 205,463 --a------ C:\Documents and Settings\Sarka AD-1560.Civ4SavedGame
2008-09-15 16:50 . 2008-09-15 16:50 361,212 --a------ C:\Documents and Settings\Sarka AD-1938.Civ4SavedGame
2008-09-15 15:37 . 2008-09-15 15:37 319,989 --a------ C:\Documents and Settings\Sarka AD-1820.Civ4SavedGame
2008-09-14 19:16 . 2008-09-14 19:16 306,015 --a------ C:\Documents and Settings\Sarka AD-1710.Civ4SavedGame
2008-09-14 18:39 . 2008-09-14 18:39 283,929 --a------ C:\Documents and Settings\Sarka AD-1535.Civ4SavedGame
2008-09-14 10:14 . 2008-09-14 10:14 282,837 --a------ C:\Documents and Settings\Sarka AD-1520.Civ4SavedGame
2008-09-13 19:25 . 2008-09-13 19:25 216,480 --a------ C:\Documents and Settings\Sarka AD-0200.Civ4SavedGame
2008-09-13 10:36 . 2008-09-13 10:36 <DIR> d-------- C:\WINDOWS.0\Logs
2008-09-13 09:58 . 2008-09-13 09:58 283,998 --a------ C:\Documents and Settings\Sarka AD-2086.Civ4SavedGame
2008-09-12 19:27 . 2008-09-12 19:27 270,027 --a------ C:\Documents and Settings\Sarka AD-2040.Civ4SavedGame
2008-09-12 06:55 . 2008-09-12 06:55 211,607 --a------ C:\Documents and Settings\Sarka AD-1933.Civ4SavedGame
2008-09-11 19:21 . 2008-09-11 19:21 182,573 --a------ C:\Documents and Settings\Sarka AD-1780m.Civ4SavedGame
2008-09-10 19:26 . 2008-09-10 19:26 100,541 --a------ C:\Documents and Settings\Sarka BC-0050.Civ4SavedGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-10-15 17:00 332,800 ------w C:\WINDOWS.0\system32\dllcache\netapi32.dll
2008-10-03 17:26 6,066,176 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
2008-09-15 15:40 1,846,016 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-09-15 15:40 1,846,016 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS.0\system32\dllcache\srv.sys
2008-08-27 09:27 3,593,216 ------w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-08-26 08:26 63,488 ------w C:\WINDOWS.0\system32\dllcache\icardie.dll
2008-08-26 08:26 44,544 ------w C:\WINDOWS.0\system32\dllcache\iernonce.dll
2008-08-26 08:26 384,512 ------w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
2008-08-26 08:26 383,488 ------w C:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2008-08-26 08:26 347,136 ------w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
2008-08-26 08:26 267,776 ------w C:\WINDOWS.0\system32\dllcache\iertutil.dll
2008-08-26 08:26 230,400 ------w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
2008-08-26 08:26 214,528 ------w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
2008-08-26 08:26 153,088 ------w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
2008-08-26 08:26 133,120 ------w C:\WINDOWS.0\system32\dllcache\extmgr.dll
2008-08-26 08:26 124,928 ------w C:\WINDOWS.0\system32\dllcache\advpack.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-08-25 08:36 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2008-08-14 13:46 2,182,528 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
2008-08-14 13:46 2,182,528 ------w C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
2008-08-14 13:46 2,138,112 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:46 2,059,904 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
2008-08-14 13:46 2,059,904 ------w C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:46 2,017,792 ------w C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS.0\system32\dllcache\afd.sys
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2008-07-18 19:39 586,752 ----a-w C:\WINDOWS.0\WLXPGSS.SCR
2008-07-13 08:18 348,160 ----a-w C:\WINDOWS.0\system32\msvcr71.dll
2008-07-12 07:18 467,984 ----a-w C:\WINDOWS.0\system32\d3dx10_39.dll
2008-07-12 07:18 3,851,784 ----a-w C:\WINDOWS.0\system32\D3DX9_39.dll
2008-07-12 07:18 1,493,528 ----a-w C:\WINDOWS.0\system32\D3DCompiler_39.dll
2008-07-07 21:32 253,952 ----a-w C:\WINDOWS.0\system32\es.dll
2008-07-07 21:32 253,952 ------w C:\WINDOWS.0\system32\dllcache\es.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.

((((((((((((((((((((((((((((( snapshot_2008-10-29_11.15.37,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 20:28:18 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-29 18:25:00 5,120 ----a-r C:\WINDOWS.0\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2008-10-30 13:56:32 16,384 ----a-w C:\WINDOWS.0\Temp\Perflib_Perfdata_5b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]

C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]

C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-30 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []

2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 15:12:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\sccfg.sys 32768 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2008-10-30 15:15:25
ComboFix-quarantined-files.txt 2008-10-30 14:15:18
ComboFix4.txt 2008-10-29 10:17:02
ComboFix3.txt 2008-10-29 13:30:12
ComboFix5.txt 2008-10-30 14:03:40
ComboFix2.txt 2008-10-29 18:24:46

Před spuštěním: 6 045 499 392
Po spuštění: 6,026,985,472

262 --- E O F --- 2008-10-29 02:02:21

[Nuny]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:33, on 30.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\explorer.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8393 bytes