Problém se zabezpečením Vyřešeno

[memphisto]

jakou máš nastavenou úroveň zabezpečení u IE? mrkni na možnosti IE - záložka zabezpečení - vlastní a úplně dole v tom seznamu bude Stahovat soubory a možnosti povolit a zakázat.překontroluj to

[Reklama]

[roman]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

--
End of file - 9599 bytes

[roman]

Co bude dále mám vyčkat nebo to nepude

[memphisto]

počkej na někoho z kontrolorů. tohle není zrovna typická sekce, kde by hledali logy z HJT. nenápadně je upozorním

[jaro3]

Fixni :

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O13 - Gopher Prefix:



Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[roman]

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1306
Windows 6.0.6001 Service Pack 1

23.11.2008 20:20:06
mbam-log-2008-11-23 (20-20-06).txt

Typ skenu: Rychlý sken
Objektu skenováno: 46048
Uplynulý cas: 4 minute(s), 22 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Pošli nový log z HJT, a napiš zda máš 32bit. verzi windows vista.

[roman]

Jo je to 32bit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

--
End of file - 9599 bytes

[jaro3]

Odinstaluj:
Logitech\Desktop Messenger

Nevím , co je toto:
[Windows NT Service] Patcher.exe
RunServices: [Windows NT Service] Patcher.exe

Toto otestuj na Virustotal
C:\Program Files\Software Informer\softinfo.exe
Vlož pak výsledek.
Vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[roman]

Přeju pěknej den už sem zde a logitech sem odinstaloval . Toto //Windows NT Service] Patcher.exe
RunServices: [Windows NT Service] Patcher.exe// taky nevím co je a ani to nikde nemůžu najít .A tady toto //C:\Program Files\Software Informer\softinfo.exe// mě ten virustotal nechce odeslat a píše //0 bytes size received / Se ha recibido un archivo vacio//
Mám jít na ten ComboFix nebo až pak . Zatím díky že se mě tak věnujete

[jaro3]

Jdi na ComboFix.

[roman]

ComboFix 08-11-23.02 - Roman 2008-11-24 18:29:26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.912 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://ghostofdeath.fileave.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-24 do 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 20:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-23 20:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-23 13:59 . 2008-11-23 13:59 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 08:17 . 2008-11-23 08:17 <DIR> d-------- c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 08:09 . 2008-11-23 08:09 <DIR> d-------- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-11-23 08:08 . 2008-11-23 08:08 <DIR> d-------- c:\programdata\Media Center Programs
2008-11-22 11:22 . 2008-11-22 11:22 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-21 17:11 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-11-18 07:02 . 2008-11-18 07:02 901,120 --a------ c:\windows\TMUninst.exe
2008-11-16 03:45 . 2008-11-16 03:45 682,280 --a------ c:\windows\System32\pbsvc.exe
2008-11-15 14:52 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 14:52 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 14:52 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 14:52 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 14:52 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 14:52 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 14:52 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 14:52 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 14:52 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 17:36 . 2008-11-16 13:14 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-11-14 17:36 . 2008-11-16 03:46 22,328 --a------ c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2008-11-14 17:35 . 2008-11-16 13:14 111,928 --a------ c:\windows\System32\PnkBstrB.exe
2008-11-14 17:35 . 2008-11-16 03:49 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-11-12 06:53 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 06:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 06:53 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-06 19:25 . 2008-11-06 19:25 <DIR> d-------- c:\programdata\NVIDIA Corporation
2008-11-06 19:24 . 2008-11-06 19:25 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-11-06 19:24 . 2006-03-29 08:50 671,744 --a------ c:\windows\System32\DolbyHph.dll
2008-11-06 19:24 . 2006-03-29 08:51 60,416 --a------ c:\windows\System32\DSETUP.dll
2008-11-06 19:24 . 2006-03-29 08:49 9,856 --a------ c:\windows\System32\drivers\pfc.sys
2008-11-06 19:24 . 2006-05-05 19:21 4,608 --a------ c:\windows\System32\drivers\nvport.sys
2008-11-06 17:49 . 2008-11-06 17:50 331,411,038 --a------ c:\windows\MEMORY.DMP
2008-11-05 07:05 . 1999-12-17 08:13 86,016 --a------ c:\windows\unvise32.exe
2008-11-01 08:49 . 2008-11-01 08:49 <DIR> dr-h----- c:\users\Roman\AppData\Roaming\SecuROM
2008-11-01 08:42 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2008-11-01 08:42 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2008-11-01 08:42 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2008-11-01 08:42 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll
2008-11-01 08:42 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2008-11-01 08:42 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2008-11-01 08:42 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll
2008-11-01 08:42 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll
2008-11-01 08:42 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2008-11-01 08:42 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2008-11-01 08:42 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll
2008-11-01 08:41 . 2008-11-01 08:41 <DIR> d-------- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2008-11-01 08:41 . 2008-11-01 08:41 <DIR> d-------- c:\program files\Ubisoft
2008-10-28 18:25 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 18:25 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 18:25 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 07:20 . 2008-10-28 07:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ahead
2008-10-24 18:35 . 2008-11-06 17:51 90,632 --a------ c:\windows\System32\drivers\avgtdix.sys
2008-10-24 16:56 . 2008-10-24 16:56 <DIR> d-------- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 16:45 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-23 07:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-23 07:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 17:11 --------- d-----w c:\program files\Microsoft Games
2008-11-17 17:36 --------- d-----w c:\program files\Electronic Arts
2008-11-06 19:06 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2008-11-02 20:15 --------- d-----w c:\users\Roman\AppData\Roaming\ICQ
2008-11-01 07:49 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-29 18:33 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-29 05:39 --------- d-----w c:\users\Roman\AppData\Roaming\Creative
2008-10-22 13:53 --------- d-----w c:\programdata\CustomPortal
2008-10-21 15:20 --------- d-----w c:\programdata\Azureus
2008-10-21 15:15 --------- d-----w c:\program files\Java
2008-10-21 15:03 --------- d-----w c:\program files\Common Files\Java
2008-10-20 17:03 --------- d-----w c:\users\Roman\AppData\Roaming\Mikrotik
2008-10-20 16:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 16:21 --------- d-----w c:\programdata\LogiShrd
2008-10-20 15:39 --------- d-----w c:\program files\Common Files\Logitech
2008-10-20 15:39 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-16 18:20 --------- d-----w c:\program files\Windows Mail
2008-10-15 18:46 --------- d-----w c:\users\Roman\AppData\Roaming\AVGTOOLBAR
2008-10-10 17:10 --------- d-----w c:\program files\Common Files\EasyInfo
2008-10-10 14:47 --------- d-----w c:\programdata\NVIDIA
2008-10-09 17:31 --------- d-----w c:\program files\AGEIA Technologies
2008-10-06 16:39 --------- dc-h--w c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-05 18:42 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-03 17:28 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 15:56 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-01 15:56 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 06:51 --------- d-----w c:\programdata\HP
2008-09-28 05:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 09:44 --------- d-----w c:\users\Roman\AppData\Roaming\HP
2008-09-27 09:44 --------- d-----w c:\programdata\WEBREG
2008-09-27 09:40 --------- d-----w c:\programdata\Hewlett-Packard
2008-09-25 13:14 --------- d-----w c:\programdata\HPSSUPPLY
2008-09-25 13:14 --------- d-----w c:\program files\HP
2008-09-25 13:13 --------- d-----w c:\program files\Common Files\HP
2008-09-25 13:10 --------- d-----w c:\program files\Hewlett-Packard
2008-09-25 13:10 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-09-24 18:01 --------- d-----w c:\program files\ZA office
2008-09-24 18:01 --------- d-----w c:\program files\Borland
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
2008-09-20 17:14 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-09-20 17:14 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-09-20 17:07 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-20 17:07 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-19 15:49 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-19 14:54 127,034 ------w c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-09-19 14:27 269,312 ----a-w c:\windows\System32\es.dll
2008-09-19 14:25 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-19 14:25 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-19 14:25 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-19 14:25 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-19 14:25 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-19 14:25 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-19 14:25 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-19 14:25 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-19 14:25 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-19 14:25 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-18 12:56 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-17 12:33 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-17 12:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-09-17 12:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-09-17 12:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-17 12:33 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-17 12:33 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-17 12:33 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-09-17 12:33 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-17 12:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-17 12:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-09-17 12:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-17 12:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-17 12:27 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-17 12:26 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-17 12:19 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-09-17 12:18 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-17 12:16 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-17 12:16 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-17 12:16 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-09-17 09:28 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-09-17 09:28 315,392 ----a-w c:\windows\HideWin.exe
2008-09-16 19:27 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-09-04 07:31 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
2008-08-29 06:57 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files 2\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1235736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2007-10-25 c:\windows\System32\CTXFIREG.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5BE01679-9095-4144-844E-0AA3CCB25517}c:\\program files 2\\azureus\\azureus.exe"= UDP:c:\program files 2\azureus\azureus.exe:Azureus
"UDP Query User{9E2D707C-4726-4411-8397-958A6FDA8756}c:\\program files 2\\azureus\\azureus.exe"= TCP:c:\program files 2\azureus\azureus.exe:Azureus
"TCP Query User{DD70A684-A6E6-4E72-86C5-380C9E83F7BB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FB5DA61D-23AE-4533-90B0-71263346C49D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-09-19 12936]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\system32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\system32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-19 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-24 90632]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-09-21 72192]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2008-09-19 9856]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-09-17 1163800]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc []
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-09-17 79360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-BitComet - c:\program files 2\BitComet\BitComet.exe
HKCU-Run-fsm - (no file)
HKLM-Run-Windows NT Service - Patcher.exe
HKLM-RunServices-Windows NT Service - Patcher.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 18:31:45
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...


c:\windows\TEMP\TMP000002B941A6450D25A53F70 524288 bytes
c:\windows\TEMP\TMP000002BBBB090FA2A132BEE7 524288 bytes

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\avgrsstx.dll
.
Celkový čas: 2008-11-24 18:32:48
ComboFix-quarantined-files.txt 2008-11-24 17:32:20

Před spuštěním: Volných bajtů: 154 323 845 120
Po spuštění: Volných bajtů: 156,297,998,336

279 --- E O F --- 2008-11-21 17:11:58