Prosim o preventivni kontrolu logu Dekuju

jezisekx · Příspěvekod **jezisekx** » 21 pro 2008 21:05

Zdravim celkem se mi spomalil pocitac a casto vypada pripojeni na internet nevim jestli je to tim nebo mnou

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:03, on 21.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\regx32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 User Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8941 bytes

Reklama

Příspěvekod **jaro3** » 21 pro 2008 21:21

Je to zavšivený.+zbytka po AVG.
Takže nejprve:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

jezisekx · Příspěvekod **jezisekx** » 21 pro 2008 21:49

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1528
Windows 6.0.6001 Service Pack 1

21.12.2008 20:47:15
mbam-log-2008-12-21 (20-47-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 51571
Uplynulý cas: 1 minute(s), 55 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **jaro3** » 21 pro 2008 23:17

Vypni rez. ochranu u NOD32.
Pokud máš 32bit. verzi vista:
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

jezisekx · Příspěvekod **jezisekx** » 22 pro 2008 15:26

1 snazil jsem se vypnout nod ale nedarilo se mi asi tim ze je crack.a delal jsm to jako zpravce
2 pocitac mi pri spusteni pipal jak zbesili
3 informace se odeslali na Microsoft
4 po skonceni se mi obevila hlaska od sbybotu nejak zmena v defendru
5 kdyz kliknu na jakoukoliv slozku pravim tlacitkem tak se restartuje pruzkumnik a vlastne nemuzu nic otevrit
6 dost casto cca10 min mi vypadava internet pomuze az restart, ovladace jsem zkousel

Tak tady je log
ComboFix 08-12-21.04 - lukas 22.12.2008 14:09:03.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.1329 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-22 do 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 20:42 . 03.12.2008 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-21 20:42 . 03.12.2008 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-21 20:00 . 21.12.2008 20:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\users\All Users\Skype
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\programdata\Skype
2008-12-21 16:36 . 21.12.2008 16:36 <DIR> d-------- c:\program files\CCleaner
2008-12-21 15:29 . 21.12.2008 15:29 159,607 --a------ c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\users\All Users\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\programdata\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\program files\ESET
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\users\All Users\Avg8
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\programdata\Avg8
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\users\All Users\Intel
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\programdata\Intel
2008-12-20 15:42 . 20.12.2008 15:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-12-20 15:05 . 20.12.2008 15:05 <DIR> d-------- c:\users\lukas\AppData\Roaming\Intel
2008-12-17 15:44 . 17.12.2008 15:44 <DIR> d-------- c:\program files\Toshiba
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\programdata\TEMP
2008-12-14 15:22 . 14.12.2008 15:22 <DIR> d-------- c:\program files\Classic Menu for Office
2008-12-14 15:04 . 26.10.2006 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-14 15:02 . 14.12.2008 15:02 <DIR> d-------- c:\program files\Microsoft Works
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\windows\PCHEALTH
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-14 15:00 . 05.12.2001 20:00 26,112 --a------ c:\windows\LgUninst.exe
2008-12-14 14:57 . 14.12.2008 14:57 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\programdata\Microsoft Help
2008-12-14 14:54 . 14.12.2008 14:54 <DIR> d-------- c:\program files\Lingea
2008-12-14 14:53 . 14.12.2008 14:53 <DIR> dr-h----- C:\MSOCache
2008-12-14 14:30 . 14.12.2008 14:30 <DIR> d-------- c:\program files\PowerISO
2008-12-14 12:30 . 14.12.2008 12:30 <DIR> d-------- c:\users\inet\AppData\Roaming\Ahead
2008-12-13 21:48 . 13.12.2008 21:50 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-12-13 00:19 . 13.12.2008 10:38 <DIR> d-------- c:\program files\The KMPlayer
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\users\All Users\ICQ
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\programdata\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\users\lukas\AppData\Roaming\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\program files\ICQ6.5
2008-12-12 17:18 . 21.12.2008 19:53 <DIR> d-------- c:\users\inet\AppData\Roaming\Skype
2008-12-12 15:40 . 12.12.2008 15:43 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\users\lukas\AppData\Roaming\IrfanView
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\program files\IrfanView
2008-12-12 10:38 . 12.12.2008 10:38 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-12 10:37 . 12.12.2008 10:37 <DIR> d-------- c:\program files\Java
2008-12-11 23:12 . 11.12.2008 23:12 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-11 13:37 . 22.10.2008 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:17 . 08.11.2007 09:04 11,967,524 --a------ c:\windows\System32\korwbrkr.lex
2008-12-09 14:22 . 09.12.2008 14:22 <DIR> d-------- c:\program files\7-Zip
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\lukas\AppData\Roaming\Nokia
2008-12-09 10:04 . 12.12.2008 20:55 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\All Users\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\programdata\PC Suite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-09 10:02 . 09.12.2008 10:02 <DIR> d-------- c:\program files\DIFX
2008-12-09 10:02 . 17.09.2007 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-12-09 10:00 . 09.12.2008 10:02 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-12-09 10:00 . 09.12.2008 10:00 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-09 09:57 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Nokia
2008-12-09 09:57 . 07.05.2008 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\users\All Users\Installations
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\programdata\Installations
2008-12-08 22:32 . 17.12.2008 19:07 286,325,270 --a------ c:\windows\MEMORY.DMP
2008-12-08 22:27 . 09.12.2008 17:42 <DIR> d-------- c:\users\inet\AppData\Roaming\dvdcss
2008-12-08 15:42 . 11.12.2008 23:14 <DIR> d-------- c:\users\All Users\Adobe
2008-12-08 12:39 . 08.12.2008 12:39 <DIR> d-------- C:\PerfLogs
2008-12-08 00:07 . 19.01.2008 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-08 00:06 . 19.01.2008 07:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-08 00:05 . 19.01.2008 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-08 00:04 . 19.01.2008 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-08 00:04 . 19.01.2008 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-08 00:04 . 19.01.2008 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-08 00:04 . 19.01.2008 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-08 00:04 . 19.01.2008 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-08 00:03 . 19.01.2008 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-08 00:03 . 19.01.2008 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-08 00:03 . 19.01.2008 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-08 00:03 . 19.01.2008 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-07 23:36 . 07.12.2008 23:38 <DIR> d-------- c:\users\inet\AppData\Roaming\vlc
2008-12-07 23:35 . 07.12.2008 23:35 <DIR> d-------- c:\program files\VideoLAN
2008-12-07 22:25 . 07.12.2008 22:25 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:39 . 21.12.2008 16:37 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-07 21:39 . 21.12.2008 16:37 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-07 21:39 . 12.12.2008 10:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 21:25 . 07.12.2008 21:25 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-07 21:24 . 07.12.2008 21:24 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-07 21:24 . 07.12.2008 21:24 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-07 21:24 . 07.12.2008 21:24 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-07 21:24 . 07.12.2008 21:24 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-07 21:24 . 07.12.2008 21:24 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-07 21:24 . 07.12.2008 21:24 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-07 21:24 . 07.12.2008 21:24 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-07 21:21 . 07.12.2008 21:21 9,892,864 --a------ c:\windows\System32\NlsLexicons000a.dll
2008-12-07 20:48 . 07.12.2008 20:48 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-07 20:48 . 07.12.2008 20:48 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-07 20:48 . 07.12.2008 20:48 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-07 20:48 . 07.12.2008 20:48 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-07 20:48 . 07.12.2008 20:48 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-07 20:48 . 07.12.2008 20:48 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-07 20:48 . 07.12.2008 20:48 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-07 20:47 . 07.12.2008 20:47 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-07 20:42 . 07.12.2008 20:42 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-07 20:42 . 07.12.2008 20:42 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-07 20:42 . 07.12.2008 20:42 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-07 20:41 . 07.12.2008 20:41 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-07 20:41 . 07.12.2008 20:41 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-07 20:38 . 07.12.2008 20:38 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2008-12-07 20:37 . 07.12.2008 20:37 988,216 --a------ c:\windows\System32\winload.exe
2008-12-07 20:37 . 07.12.2008 20:37 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-07 20:37 . 07.12.2008 20:37 615,992 --a------ c:\windows\System32\ci.dll
2008-12-07 20:37 . 07.12.2008 20:37 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-07 20:37 . 07.12.2008 20:37 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-07 20:37 . 07.12.2008 20:37 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-07 20:37 . 07.12.2008 20:37 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-07 20:37 . 07.12.2008 20:37 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-07 20:37 . 07.12.2008 20:37 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-07 20:37 . 07.12.2008 20:37 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-07 20:36 . 07.12.2008 20:36 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-07 20:35 . 07.12.2008 20:35 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 15:02 --------- d-----w c:\program files\MSBuild
2008-12-11 13:44 --------- d-----w c:\program files\Windows Mail
2008-12-08 12:52 174 --sha-w c:\program files\desktop.ini
2008-12-08 12:44 --------- d-----w c:\program files\Windows Sidebar
2008-12-08 12:44 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-08 12:44 --------- d-----w c:\program files\Windows Journal
2008-12-08 12:44 --------- d-----w c:\program files\Windows Defender
2008-12-08 12:44 --------- d-----w c:\program files\Windows Collaboration
2008-12-08 12:44 --------- d-----w c:\program files\Windows Calendar
2008-12-08 12:12 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-08 12:12 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-07 21:21 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2008-12-07 20:47 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-07 18:32 --------- d-sh--w c:\programdata\Plocha
2008-12-07 18:32 --------- d-sh--w c:\programdata\Oblíbené položky
2008-12-07 18:32 --------- d-sh--w c:\programdata\Šablony
2008-12-07 18:32 --------- d-sh--w c:\programdata\Nabídka Start
2008-12-07 18:32 --------- d-sh--w c:\programdata\Dokumenty
2008-12-07 18:32 --------- d-sh--w c:\programdata\Data aplikací
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@po 22.12.2008_14.02.36,65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-22 13:47:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-22 14:06:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-22 13:47:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-22 14:06:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-22 14:02:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-22 14:07:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-22 14:07:37 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-22 14:02:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-22 14:06:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-22 14:06:56 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-22 13:49:10 6,606 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
+ 2008-12-22 14:07:59 6,646 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
- 2008-12-22 13:49:10 65,216 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-22 14:07:59 65,350 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-22 13:49:09 35,500 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-22 14:07:58 35,540 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [17.06.2008 16:00 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [02.10.2008 07:00 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [29.01.2007 10:22 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [22.11.2006 05:27 815104]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [04.04.2007 11:41 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04.04.2007 11:41 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [04.04.2007 11:41 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12.06.2008 02:38 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [12.12.2008 10:38 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [14.03.2008 23:50 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [10.06.2008 18:52 1447168]
"TrialReset"="c:\windows\regx32.exe" [03.07.2008 18:57 285327]
"RtHDVCpl"="RtHDVCpl.exe" [09.03.2007 09:50 4390912 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6449032-10D4-4DB1-8989-6C58EF363B1F}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C9623950-ED65-48BB-9C41-90D2EC331645}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{027DF980-4ACC-4B2E-9BA9-ABFF8CAD4A53}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D13CBD51-7709-4B1B-8DB6-7396587FFD31}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{61C829F6-CF0F-4DCE-992E-3ED5BBEBEF6D}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= UDP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"UDP Query User{E9D92B85-0CDE-489C-BB06-67673975E127}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= TCP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"TCP Query User{7E1786FC-0596-4E7F-B035-FEB66CC320A8}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{5F09652F-CBE3-495A-BF20-E5C3817CA79B}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{DBD8944E-50D4-4E43-8949-C2D4340121F3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{27D1C9A2-CAEC-45C7-B800-DDA75C03222E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{D81C36A9-1C05-47F6-89DD-157C5D3835E3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FE826A25-8E7C-4BBE-8EA3-5027E8B56E73}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{2C45785B-C861-4954-A25D-CE7EFCC68325}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{AFBA4FC4-E1C5-4D2A-ADA1-BB3986E669B2}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{B9010BA0-8C12-487E-B8DB-A60DC53A19C1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BBE1EB9C-F484-4D23-8F2E-FEB8792F91FA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{39A5C149-40E9-4BA8-BEA2-D676FD29A009}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{20D2A64C-9EE6-4097-A15C-4771C47AB91F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62BA09ED-4D2E-4700-B112-32252B0F5CA9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CE0F5247-7504-47D3-8CCD-BCD59EE9B563}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{FA64A606-2691-48D4-B134-A08FDDD54016}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-12-09 72192]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-12-07 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-12-07 1324544]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e28895ee-c483-11dd-a393-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\ASSETUP.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-12-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\inet\AppData\Local\Google\Update\GoogleUpdate.exe [11.12.2008 22:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 14:11:09
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 22.12.2008 14:12:21
ComboFix-quarantined-files.txt 2008-12-22 14:12:19
ComboFix2.txt 2008-12-22 14:03:28

Před spuštěním: Volných bajtů: 32 161 402 880
Po spuštění: Volných bajtů: 32,119,779,328

273 --- E O F --- 2008-12-19 09:10:24

Příspěvekod **jaro3** » 22 pro 2008 20:28

Tak ten cracklý NOD32 odinstaluj, máš tam nyní dva antiviry ( NOD+AVG).
Koukni se jestli tam máš ještě toto, v logu CF není:
C:\Windows\regx32.exe
Pokud ano , zastav v procesech a následně smaž.
Jinak je log z CF čistý.
Vlož sem ještě nový log z HJT.

jezisekx · Příspěvekod **jezisekx** » 22 pro 2008 22:32

uz asi 3 dny mam jenom nod32 Avg jsem odinstaloval

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:13, on 22.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\inet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\inet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\inet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [Google Update] "C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 User Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8550 bytes

Příspěvekod **jaro3** » 23 pro 2008 09:29

Ještě script v CF:

Kód: Vybrat vše

File::
C:\Windows\regx32.exe

Pak nový log z CF.
Poté:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)    
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

Vlož nový log z HJT
A vlož nový log

jezisekx · Příspěvekod **jezisekx** » 23 pro 2008 15:46

tady je log CF
AComboFix 08-12-21.04 - lukas 23.12.2008 14:38:57.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.1209 [GMT 0:00]
Spuštěný z: c:\users\inet\Documents\Downloads\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-23 do 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 22:22 . 22.12.2008 22:22 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-12-22 22:11 . 22.12.2008 22:12 <DIR> d-------- c:\program files\BeClean
2008-12-22 22:07 . 22.12.2008 22:11 <DIR> d-------- c:\program files\RegCleaner
2008-12-22 19:19 . 25.09.2008 06:37 3,666,432 --a------ c:\windows\System32\drivers\NETw5v32.sys
2008-12-22 19:19 . 20.06.2008 09:33 2,756,608 --a------ c:\windows\System32\NETw5r32.dll
2008-12-22 19:19 . 20.06.2008 09:32 663,552 --a------ c:\windows\System32\NETw5c32.dll
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 20:42 . 03.12.2008 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-21 20:42 . 03.12.2008 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-21 20:00 . 21.12.2008 20:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\users\All Users\Skype
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\programdata\Skype
2008-12-21 16:36 . 21.12.2008 16:36 <DIR> d-------- c:\program files\CCleaner
2008-12-21 15:29 . 21.12.2008 15:29 159,607 --a------ c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\users\All Users\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\programdata\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\program files\ESET
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\users\All Users\Avg8
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\programdata\Avg8
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\users\All Users\Intel
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\programdata\Intel
2008-12-20 15:42 . 20.12.2008 15:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-12-20 15:05 . 20.12.2008 15:05 <DIR> d-------- c:\users\lukas\AppData\Roaming\Intel
2008-12-17 15:44 . 17.12.2008 15:44 <DIR> d-------- c:\program files\Toshiba
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\programdata\TEMP
2008-12-14 15:22 . 14.12.2008 15:22 <DIR> d-------- c:\program files\Classic Menu for Office
2008-12-14 15:04 . 26.10.2006 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-14 15:02 . 14.12.2008 15:02 <DIR> d-------- c:\program files\Microsoft Works
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\windows\PCHEALTH
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-14 15:00 . 05.12.2001 20:00 26,112 --a------ c:\windows\LgUninst.exe
2008-12-14 14:57 . 14.12.2008 14:57 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\programdata\Microsoft Help
2008-12-14 14:54 . 14.12.2008 14:54 <DIR> d-------- c:\program files\Lingea
2008-12-14 14:53 . 14.12.2008 14:53 <DIR> dr-h----- C:\MSOCache
2008-12-14 14:30 . 14.12.2008 14:30 <DIR> d-------- c:\program files\PowerISO
2008-12-14 12:30 . 14.12.2008 12:30 <DIR> d-------- c:\users\inet\AppData\Roaming\Ahead
2008-12-13 21:48 . 13.12.2008 21:50 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-12-13 00:19 . 13.12.2008 10:38 <DIR> d-------- c:\program files\The KMPlayer
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\users\All Users\ICQ
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\programdata\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\users\lukas\AppData\Roaming\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\program files\ICQ6.5
2008-12-12 17:18 . 22.12.2008 21:21 <DIR> d-------- c:\users\inet\AppData\Roaming\Skype
2008-12-12 15:40 . 12.12.2008 15:43 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\users\lukas\AppData\Roaming\IrfanView
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\program files\IrfanView
2008-12-12 10:38 . 12.12.2008 10:38 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-12 10:37 . 12.12.2008 10:37 <DIR> d-------- c:\program files\Java
2008-12-11 23:12 . 11.12.2008 23:12 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-11 13:37 . 22.10.2008 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:17 . 08.11.2007 09:04 11,967,524 --a------ c:\windows\System32\korwbrkr.lex
2008-12-09 14:22 . 09.12.2008 14:22 <DIR> d-------- c:\program files\7-Zip
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\lukas\AppData\Roaming\Nokia
2008-12-09 10:04 . 12.12.2008 20:55 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\All Users\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\programdata\PC Suite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-09 10:02 . 22.12.2008 19:29 <DIR> d-------- c:\program files\DIFX
2008-12-09 10:02 . 17.09.2007 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-12-09 10:00 . 22.12.2008 19:29 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-12-09 10:00 . 09.12.2008 10:00 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-09 09:57 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Nokia
2008-12-09 09:57 . 07.05.2008 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\users\All Users\Installations
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\programdata\Installations
2008-12-08 22:32 . 17.12.2008 19:07 286,325,270 --a------ c:\windows\MEMORY.DMP
2008-12-08 22:27 . 09.12.2008 17:42 <DIR> d-------- c:\users\inet\AppData\Roaming\dvdcss
2008-12-08 15:42 . 11.12.2008 23:14 <DIR> d-------- c:\users\All Users\Adobe
2008-12-08 12:39 . 08.12.2008 12:39 <DIR> d-------- C:\PerfLogs
2008-12-08 00:07 . 19.01.2008 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-08 00:06 . 19.01.2008 07:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-08 00:05 . 19.01.2008 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-08 00:04 . 19.01.2008 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-08 00:04 . 19.01.2008 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-08 00:04 . 19.01.2008 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-08 00:04 . 19.01.2008 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-08 00:04 . 19.01.2008 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-08 00:03 . 19.01.2008 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-08 00:03 . 19.01.2008 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-08 00:03 . 19.01.2008 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-08 00:03 . 19.01.2008 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-07 23:36 . 07.12.2008 23:38 <DIR> d-------- c:\users\inet\AppData\Roaming\vlc
2008-12-07 23:35 . 07.12.2008 23:35 <DIR> d-------- c:\program files\VideoLAN
2008-12-07 22:25 . 07.12.2008 22:25 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:39 . 22.12.2008 14:43 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-07 21:39 . 22.12.2008 14:43 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-07 21:39 . 12.12.2008 10:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 21:25 . 07.12.2008 21:25 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-07 21:24 . 07.12.2008 21:24 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-07 21:24 . 07.12.2008 21:24 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-07 21:24 . 07.12.2008 21:24 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-07 21:24 . 07.12.2008 21:24 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-07 21:24 . 07.12.2008 21:24 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-07 21:24 . 07.12.2008 21:24 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-07 21:24 . 07.12.2008 21:24 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-07 21:21 . 07.12.2008 21:21 9,892,864 --a------ c:\windows\System32\NlsLexicons000a.dll
2008-12-07 20:48 . 07.12.2008 20:48 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-07 20:48 . 07.12.2008 20:48 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-07 20:48 . 07.12.2008 20:48 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-07 20:48 . 07.12.2008 20:48 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-07 20:48 . 07.12.2008 20:48 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-07 20:48 . 07.12.2008 20:48 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-07 20:48 . 07.12.2008 20:48 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-07 20:47 . 07.12.2008 20:47 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-07 20:42 . 07.12.2008 20:42 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-07 20:42 . 07.12.2008 20:42 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-07 20:42 . 07.12.2008 20:42 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-07 20:41 . 07.12.2008 20:41 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-07 20:41 . 07.12.2008 20:41 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-07 20:38 . 07.12.2008 20:38 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2008-12-07 20:37 . 07.12.2008 20:37 988,216 --a------ c:\windows\System32\winload.exe
2008-12-07 20:37 . 07.12.2008 20:37 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-07 20:37 . 07.12.2008 20:37 615,992 --a------ c:\windows\System32\ci.dll
2008-12-07 20:37 . 07.12.2008 20:37 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-07 20:37 . 07.12.2008 20:37 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-07 20:37 . 07.12.2008 20:37 46,592 --a------ c:\windows\System32\setbcdlocale.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 15:02 --------- d-----w c:\program files\MSBuild
2008-12-11 13:44 --------- d-----w c:\program files\Windows Mail
2008-12-08 12:52 174 --sha-w c:\program files\desktop.ini
2008-12-08 12:44 --------- d-----w c:\program files\Windows Sidebar
2008-12-08 12:44 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-08 12:44 --------- d-----w c:\program files\Windows Journal
2008-12-08 12:44 --------- d-----w c:\program files\Windows Defender
2008-12-08 12:44 --------- d-----w c:\program files\Windows Collaboration
2008-12-08 12:44 --------- d-----w c:\program files\Windows Calendar
2008-12-08 12:12 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-08 12:12 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-07 21:21 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2008-12-07 20:47 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-07 18:32 --------- d-sh--w c:\programdata\Plocha
2008-12-07 18:32 --------- d-sh--w c:\programdata\Oblíbené položky
2008-12-07 18:32 --------- d-sh--w c:\programdata\Šablony
2008-12-07 18:32 --------- d-sh--w c:\programdata\Nabídka Start
2008-12-07 18:32 --------- d-sh--w c:\programdata\Dokumenty
2008-12-07 18:32 --------- d-sh--w c:\programdata\Data aplikací
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@po 22.12.2008_14.02.36,65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-20 15:45:00 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-12-22 19:29:07 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-12-20 15:44:54 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2008-12-22 19:27:02 86,016 ----a-w c:\windows\inf\infstor.dat
- 2008-12-20 15:44:59 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-12-22 19:29:07 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-12-22 13:47:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-23 13:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-22 13:47:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-23 13:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-22 14:02:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-23 13:07:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-23 13:07:03 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-22 14:02:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-23 13:06:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-23 13:06:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-22 13:47:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-22 22:11:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-22 13:47:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-22 22:11:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-22 13:47:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-22 22:11:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 09:32:32 663,552 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_32b04dcb\NETw5c32.dll
+ 2008-06-20 09:33:34 2,756,608 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_32b04dcb\NETw5r32.dll
+ 2008-09-25 06:37:40 3,666,432 ----a-w c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_32b04dcb\NETw5v32.sys
+ 2008-06-20 09:32:32 663,552 -c--a-w c:\windows\System32\DRVSTORE\netw5v32_30D7FB5A2A66042782925ACE747806DF48574FE2\NETw5c32.dll
+ 2008-06-20 09:33:34 2,756,608 -c--a-w c:\windows\System32\DRVSTORE\netw5v32_30D7FB5A2A66042782925ACE747806DF48574FE2\NETw5r32.dll
+ 2008-09-25 06:37:40 3,666,432 -c--a-w c:\windows\System32\DRVSTORE\netw5v32_30D7FB5A2A66042782925ACE747806DF48574FE2\NETw5v32.sys
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2008-12-09 15:24:38 17,593,280 ----a-w c:\windows\System32\mrt.exe
- 2008-12-22 13:52:11 115,014 ----a-w c:\windows\System32\perfc005.dat
+ 2008-12-23 13:12:19 115,014 ----a-w c:\windows\System32\perfc005.dat
- 2008-12-22 13:52:11 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-23 13:12:19 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-22 13:52:11 598,838 ----a-w c:\windows\System32\perfh005.dat
+ 2008-12-23 13:12:19 598,838 ----a-w c:\windows\System32\perfh005.dat
- 2008-12-22 13:52:11 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-23 13:12:19 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-22 13:49:10 6,606 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
+ 2008-12-23 13:08:08 6,810 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
- 2008-12-22 13:49:10 65,216 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 13:08:08 65,540 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-22 13:49:09 35,500 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 13:08:07 36,134 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [17.06.2008 16:00 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [02.10.2008 07:00 1124352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [16.09.2008 12:16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [29.01.2007 10:22 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [22.11.2006 05:27 815104]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [04.04.2007 11:41 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04.04.2007 11:41 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [04.04.2007 11:41 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12.06.2008 02:38 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [12.12.2008 10:38 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [14.03.2008 23:50 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [10.06.2008 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [09.03.2007 09:50 4390912 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6449032-10D4-4DB1-8989-6C58EF363B1F}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C9623950-ED65-48BB-9C41-90D2EC331645}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{027DF980-4ACC-4B2E-9BA9-ABFF8CAD4A53}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D13CBD51-7709-4B1B-8DB6-7396587FFD31}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{61C829F6-CF0F-4DCE-992E-3ED5BBEBEF6D}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= UDP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"UDP Query User{E9D92B85-0CDE-489C-BB06-67673975E127}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= TCP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"TCP Query User{7E1786FC-0596-4E7F-B035-FEB66CC320A8}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{5F09652F-CBE3-495A-BF20-E5C3817CA79B}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{DBD8944E-50D4-4E43-8949-C2D4340121F3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{27D1C9A2-CAEC-45C7-B800-DDA75C03222E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{D81C36A9-1C05-47F6-89DD-157C5D3835E3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FE826A25-8E7C-4BBE-8EA3-5027E8B56E73}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{2C45785B-C861-4954-A25D-CE7EFCC68325}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{AFBA4FC4-E1C5-4D2A-ADA1-BB3986E669B2}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{B9010BA0-8C12-487E-B8DB-A60DC53A19C1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BBE1EB9C-F484-4D23-8F2E-FEB8792F91FA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{39A5C149-40E9-4BA8-BEA2-D676FD29A009}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{20D2A64C-9EE6-4097-A15C-4771C47AB91F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62BA09ED-4D2E-4700-B112-32252B0F5CA9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CE0F5247-7504-47D3-8CCD-BCD59EE9B563}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{FA64A606-2691-48D4-B134-A08FDDD54016}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-12-09 72192]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-12-07 24576]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-22 3666432]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-12-07 1324544]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e28895ee-c483-11dd-a393-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\ASSETUP.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\inet\AppData\Local\Google\Update\GoogleUpdate.exe [11.12.2008 22:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 14:40:40
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3684)
c:\users\lukas\AppData\Local\Temp\catchme.dll
.
Celkový čas: 23.12.2008 14:43:06
ComboFix-quarantined-files.txt 2008-12-23 14:41:48
ComboFix2.txt 2008-12-22 14:12:22
ComboFix3.txt 2008-12-22 14:03:28

Před spuštěním: Volných bajtů: 37 182 066 688
Po spuštění: Volných bajtů: 37,142,269,952

307 --- E O F --- 2008-12-23 13:10:55

jezisekx · Příspěvekod **jezisekx** » 23 pro 2008 15:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:52, on 23.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [Google Update] "C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 User Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7590 bytes

Příspěvekod **jaro3** » 23 pro 2008 16:27

Log O.K.
Takže odstraníme ten AVG.
Tedy ještě jeden script v CF.

Kód: Vybrat vše

Folder::
c:\users\All Users\Avg8
c:\programdata\Avg8

File::
c:\program files\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgnsx.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6449032-10D4-4DB1-8989-6C58EF363B1F}"= -
"{C9623950-ED65-48BB-9C41-90D2EC331645}"= -
"{027DF980-4ACC-4B2E-9BA9-ABFF8CAD4A53}"= -
"{D13CBD51-7709-4B1B-8DB6-7396587FFD31}"= -

Vlož potom log z CF a HJT.

jezisekx · Příspěvekod **jezisekx** » 23 pro 2008 17:33

ComboFix 08-12-21.04 - lukas 23.12.2008 16:25:10.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.1192 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-23 do 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-22 22:22 . 22.12.2008 22:22 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-12-22 22:11 . 22.12.2008 22:12 <DIR> d-------- c:\program files\BeClean
2008-12-22 22:07 . 22.12.2008 22:11 <DIR> d-------- c:\program files\RegCleaner
2008-12-22 19:19 . 25.09.2008 06:37 3,666,432 --a------ c:\windows\System32\drivers\NETw5v32.sys
2008-12-22 19:19 . 20.06.2008 09:33 2,756,608 --a------ c:\windows\System32\NETw5r32.dll
2008-12-22 19:19 . 20.06.2008 09:32 663,552 --a------ c:\windows\System32\NETw5c32.dll
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-21 20:42 . 21.12.2008 20:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 20:42 . 03.12.2008 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-21 20:42 . 03.12.2008 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-21 20:00 . 21.12.2008 20:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\users\All Users\Skype
2008-12-21 17:38 . 21.12.2008 17:38 <DIR> d-------- c:\programdata\Skype
2008-12-21 16:36 . 21.12.2008 16:36 <DIR> d-------- c:\program files\CCleaner
2008-12-21 15:29 . 21.12.2008 15:29 159,607 --a------ c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\users\All Users\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\programdata\ESET
2008-12-21 15:22 . 21.12.2008 15:22 <DIR> d-------- c:\program files\ESET
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\users\All Users\Avg8
2008-12-21 15:04 . 21.12.2008 15:04 <DIR> d-------- c:\programdata\Avg8
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\users\All Users\Intel
2008-12-20 15:46 . 20.12.2008 15:46 <DIR> d-------- c:\programdata\Intel
2008-12-20 15:42 . 20.12.2008 15:42 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-12-20 15:05 . 20.12.2008 15:05 <DIR> d-------- c:\users\lukas\AppData\Roaming\Intel
2008-12-17 15:44 . 17.12.2008 15:44 <DIR> d-------- c:\program files\Toshiba
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-14 15:22 . 14.12.2008 15:43 <DIR> d-a------ c:\programdata\TEMP
2008-12-14 15:22 . 14.12.2008 15:22 <DIR> d-------- c:\program files\Classic Menu for Office
2008-12-14 15:04 . 26.10.2006 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-14 15:02 . 14.12.2008 15:02 <DIR> d-------- c:\program files\Microsoft Works
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\windows\PCHEALTH
2008-12-14 15:00 . 14.12.2008 15:00 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-14 15:00 . 05.12.2001 20:00 26,112 --a------ c:\windows\LgUninst.exe
2008-12-14 14:57 . 14.12.2008 14:57 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-12-14 14:56 . 14.12.2008 15:40 <DIR> d-------- c:\programdata\Microsoft Help
2008-12-14 14:54 . 14.12.2008 14:54 <DIR> d-------- c:\program files\Lingea
2008-12-14 14:53 . 14.12.2008 14:53 <DIR> dr-h----- C:\MSOCache
2008-12-14 14:30 . 14.12.2008 14:30 <DIR> d-------- c:\program files\PowerISO
2008-12-14 12:30 . 14.12.2008 12:30 <DIR> d-------- c:\users\inet\AppData\Roaming\Ahead
2008-12-13 21:48 . 13.12.2008 21:50 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-12-13 00:19 . 13.12.2008 10:38 <DIR> d-------- c:\program files\The KMPlayer
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\users\All Users\ICQ
2008-12-12 17:58 . 12.12.2008 17:58 <DIR> d-------- c:\programdata\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\users\lukas\AppData\Roaming\ICQ
2008-12-12 17:49 . 12.12.2008 17:59 <DIR> d-------- c:\program files\ICQ6.5
2008-12-12 17:18 . 22.12.2008 21:21 <DIR> d-------- c:\users\inet\AppData\Roaming\Skype
2008-12-12 15:40 . 12.12.2008 15:43 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\users\lukas\AppData\Roaming\IrfanView
2008-12-12 12:22 . 12.12.2008 12:22 <DIR> d-------- c:\program files\IrfanView
2008-12-12 10:38 . 12.12.2008 10:38 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-12 10:37 . 12.12.2008 10:37 <DIR> d-------- c:\program files\Java
2008-12-11 23:12 . 11.12.2008 23:12 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-11 13:37 . 22.10.2008 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:17 . 08.11.2007 09:04 11,967,524 --a------ c:\windows\System32\korwbrkr.lex
2008-12-09 14:22 . 09.12.2008 14:22 <DIR> d-------- c:\program files\7-Zip
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-09 10:09 . 09.12.2008 10:09 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\lukas\AppData\Roaming\Nokia
2008-12-09 10:04 . 12.12.2008 20:55 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\users\All Users\PC Suite
2008-12-09 10:04 . 09.12.2008 10:09 <DIR> d-------- c:\programdata\PC Suite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-09 10:03 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-09 10:02 . 22.12.2008 19:29 <DIR> d-------- c:\program files\DIFX
2008-12-09 10:02 . 17.09.2007 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-12-09 10:00 . 22.12.2008 19:29 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-12-09 10:00 . 09.12.2008 10:00 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-09 09:57 . 09.12.2008 10:03 <DIR> d-------- c:\program files\Nokia
2008-12-09 09:57 . 07.05.2008 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\users\All Users\Installations
2008-12-09 09:52 . 09.12.2008 10:03 <DIR> d-------- c:\programdata\Installations
2008-12-08 22:32 . 17.12.2008 19:07 286,325,270 --a------ c:\windows\MEMORY.DMP
2008-12-08 22:27 . 09.12.2008 17:42 <DIR> d-------- c:\users\inet\AppData\Roaming\dvdcss
2008-12-08 15:42 . 11.12.2008 23:14 <DIR> d-------- c:\users\All Users\Adobe
2008-12-08 12:39 . 08.12.2008 12:39 <DIR> d-------- C:\PerfLogs
2008-12-08 00:07 . 19.01.2008 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-08 00:06 . 19.01.2008 07:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-08 00:05 . 19.01.2008 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-08 00:04 . 19.01.2008 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-08 00:04 . 19.01.2008 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-08 00:04 . 19.01.2008 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-08 00:04 . 19.01.2008 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-08 00:04 . 19.01.2008 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-08 00:03 . 19.01.2008 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-08 00:03 . 19.01.2008 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-08 00:03 . 19.01.2008 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-08 00:03 . 19.01.2008 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-07 23:36 . 07.12.2008 23:38 <DIR> d-------- c:\users\inet\AppData\Roaming\vlc
2008-12-07 23:35 . 07.12.2008 23:35 <DIR> d-------- c:\program files\VideoLAN
2008-12-07 22:25 . 07.12.2008 22:25 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 21:39 . 22.12.2008 14:43 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-07 21:39 . 22.12.2008 14:43 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-07 21:39 . 12.12.2008 10:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 21:25 . 07.12.2008 21:25 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-07 21:24 . 07.12.2008 21:24 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-07 21:24 . 07.12.2008 21:24 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-07 21:24 . 07.12.2008 21:24 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-07 21:24 . 07.12.2008 21:24 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-07 21:24 . 07.12.2008 21:24 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-07 21:24 . 07.12.2008 21:24 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-07 21:24 . 07.12.2008 21:24 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-07 21:21 . 07.12.2008 21:21 9,892,864 --a------ c:\windows\System32\NlsLexicons000a.dll
2008-12-07 20:48 . 07.12.2008 20:48 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-07 20:48 . 07.12.2008 20:48 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-07 20:48 . 07.12.2008 20:48 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-07 20:48 . 07.12.2008 20:48 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-07 20:48 . 07.12.2008 20:48 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-07 20:48 . 07.12.2008 20:48 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-07 20:48 . 07.12.2008 20:48 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-07 20:47 . 07.12.2008 20:47 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-07 20:42 . 07.12.2008 20:42 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-07 20:42 . 07.12.2008 20:42 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-07 20:42 . 07.12.2008 20:42 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-07 20:41 . 07.12.2008 20:41 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-07 20:41 . 07.12.2008 20:41 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-07 20:38 . 07.12.2008 20:38 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2008-12-07 20:37 . 07.12.2008 20:37 988,216 --a------ c:\windows\System32\winload.exe
2008-12-07 20:37 . 07.12.2008 20:37 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-07 20:37 . 07.12.2008 20:37 615,992 --a------ c:\windows\System32\ci.dll
2008-12-07 20:37 . 07.12.2008 20:37 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-07 20:37 . 07.12.2008 20:37 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-07 20:37 . 07.12.2008 20:37 46,592 --a------ c:\windows\System32\setbcdlocale.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 15:02 --------- d-----w c:\program files\MSBuild
2008-12-11 13:44 --------- d-----w c:\program files\Windows Mail
2008-12-08 12:52 174 --sha-w c:\program files\desktop.ini
2008-12-08 12:44 --------- d-----w c:\program files\Windows Sidebar
2008-12-08 12:44 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-08 12:44 --------- d-----w c:\program files\Windows Journal
2008-12-08 12:44 --------- d-----w c:\program files\Windows Defender
2008-12-08 12:44 --------- d-----w c:\program files\Windows Collaboration
2008-12-08 12:44 --------- d-----w c:\program files\Windows Calendar
2008-12-08 12:12 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-08 12:12 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-07 21:21 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2008-12-07 20:47 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-07 18:32 --------- d-sh--w c:\programdata\Plocha
2008-12-07 18:32 --------- d-sh--w c:\programdata\Oblíbené položky
2008-12-07 18:32 --------- d-sh--w c:\programdata\Šablony
2008-12-07 18:32 --------- d-sh--w c:\programdata\Nabídka Start
2008-12-07 18:32 --------- d-sh--w c:\programdata\Dokumenty
2008-12-07 18:32 --------- d-sh--w c:\programdata\Data aplikací
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_út 23.12.2008_14.41.01,38 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-23 13:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-23 14:51:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-23 13:06:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-23 14:51:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-23 13:07:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-23 14:52:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-23 14:52:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-23 13:06:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-23 14:52:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-23 13:12:19 115,014 ----a-w c:\windows\System32\perfc005.dat
+ 2008-12-23 14:57:21 115,014 ----a-w c:\windows\System32\perfc005.dat
- 2008-12-23 13:12:19 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-23 14:57:21 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-23 13:12:19 598,838 ----a-w c:\windows\System32\perfh005.dat
+ 2008-12-23 14:57:21 598,838 ----a-w c:\windows\System32\perfh005.dat
- 2008-12-23 13:12:19 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-23 14:57:21 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-23 13:08:08 6,810 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
+ 2008-12-23 14:53:15 6,818 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525455179-3678941519-2132357291-1001_UserData.bin
- 2008-12-23 13:08:08 65,540 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 14:53:15 65,596 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-23 13:08:07 36,134 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 14:53:14 36,150 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [17.06.2008 16:00 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [02.10.2008 07:00 1124352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [16.09.2008 12:16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [29.01.2007 10:22 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [22.11.2006 05:27 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [04.04.2007 11:41 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04.04.2007 11:41 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [04.04.2007 11:41 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12.06.2008 02:38 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [12.12.2008 10:38 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [14.03.2008 23:50 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [10.06.2008 18:52 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [09.03.2007 09:50 4390912 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6449032-10D4-4DB1-8989-6C58EF363B1F}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C9623950-ED65-48BB-9C41-90D2EC331645}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{027DF980-4ACC-4B2E-9BA9-ABFF8CAD4A53}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D13CBD51-7709-4B1B-8DB6-7396587FFD31}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{61C829F6-CF0F-4DCE-992E-3ED5BBEBEF6D}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= UDP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"UDP Query User{E9D92B85-0CDE-489C-BB06-67673975E127}c:\\users\\inet\\desktop\\portable skype\\phone\\skype.exe"= TCP:c:\users\inet\desktop\portable skype\phone\skype.exe:skype.exe
"TCP Query User{7E1786FC-0596-4E7F-B035-FEB66CC320A8}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{5F09652F-CBE3-495A-BF20-E5C3817CA79B}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{DBD8944E-50D4-4E43-8949-C2D4340121F3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{27D1C9A2-CAEC-45C7-B800-DDA75C03222E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{D81C36A9-1C05-47F6-89DD-157C5D3835E3}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{FE826A25-8E7C-4BBE-8EA3-5027E8B56E73}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{2C45785B-C861-4954-A25D-CE7EFCC68325}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{AFBA4FC4-E1C5-4D2A-ADA1-BB3986E669B2}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{B9010BA0-8C12-487E-B8DB-A60DC53A19C1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BBE1EB9C-F484-4D23-8F2E-FEB8792F91FA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{39A5C149-40E9-4BA8-BEA2-D676FD29A009}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{20D2A64C-9EE6-4097-A15C-4771C47AB91F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62BA09ED-4D2E-4700-B112-32252B0F5CA9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CE0F5247-7504-47D3-8CCD-BCD59EE9B563}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{FA64A606-2691-48D4-B134-A08FDDD54016}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-12-09 72192]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-12-07 24576]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-22 3666432]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-12-07 1324544]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e28895ee-c483-11dd-a393-806e6f6e6963}]
\shell\AutoRun\command - d:\.\Bin\ASSETUP.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\inet\AppData\Local\Google\Update\GoogleUpdate.exe [11.12.2008 22:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 16:26:52
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 23.12.2008 16:28:03
ComboFix-quarantined-files.txt 2008-12-23 16:28:00
ComboFix2.txt 2008-12-23 14:43:07
ComboFix3.txt 2008-12-22 14:12:22
ComboFix4.txt 2008-12-22 14:03:28

Před spuštěním: Volných bajtů: 37 064 843 264
Po spuštění: Volných bajtů: 37,023,014,912

282 --- E O F --- 2008-12-23 13:10:55

a jeste Jack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:56, on 23.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [Google Update] "C:\Users\inet\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'inet')
O4 - HKUS\S-1-5-21-2525455179-3678941519-2132357291-1001\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - S-1-5-21-2525455179-3678941519-2132357291-1001 User Startup: counter_widget.lnk = C:\Program Files\counter_widget\counter_widget.exe (User 'inet')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7540 bytes

Jeste jedna otazka kdyz kliknu pravim na libovolnou slozku okamzite se mi resetuje pruzkumnik Win, kde je chyba?

Prosim o preventivni kontrolu logu Dekuju Vyřešeno

Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Re: Prosim o preventivni kontrolu logu Dekuju

Kdo je online