HJT-prosim o kontrolu Logu Vyřešeno

[legendaryboy]

Pro upresneni, dle MWAV tam mam dost bordelu-83 kritickych infekci.
Scan Avastem nebo NODem: nic nenasly nebo se pocitac po chvilce kousl ikdyz byl relativne do te doby stabilni.
Takze se nekolikrat provedl ocistu dle navodu v normalnim i nouzovem rezimu pres ComboFIX, ComboFIX /killall, abraka.com, abraka.com /killall.
U variace ComboFIX se mi ComboFIX nekolikrat seknul, takze sem presel na jine. neco to promazlo.
Az na 5-6 combofix scan to dojelo dokonce a vyhodilo log.
I tak je komp porad hodne nestabilni, po bootu se ihned seka, nekdy i natvrdo sam restartuje, takze pokud chci nastartovat tak sem vykoumal ze musim bloknout nejaky spousteny procesy pres msconfig...takze tento log je delany na systemu nabootovanych pres msconfig s omezenymi polozkami pri spusteni ktere mi obvykle sekaly pc.
Odfajfnute polozky pri spusteni:
momentalne vsechny krom ctfmon a Superantispyware.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54, on 2009-02-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esd.element5.com/product.html?pr ... =200030350
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://193.165.78.6/VatDec.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1786278468
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

--
End of file - 7580 bytes

[Reklama]

[jaro3]

Upřímě řečeno , tak to musí být dost nestabilní...Avast, NOD, Bitdefender, několikrát ComboFix a další programy...Odinstaluj , co se dá, vrať vše do msconfig.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Vypni rez. ochranu u Antiviru, pokud máš funkční.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Aplikuj ho v nouzovém režimu!

[legendaryboy]

takze predem diky za pomoc!provedl sem snad vse presne podle instrukci...
cely log z Combo jak bylo pozadovano prilozen na konci.
Kdyz mi zkolaboval stary system tak sem ho chtel zkusit Inovovat pres reinstal, dopadlo to tak ze se mi nainstalovali este jedny na ten samy diskovy oddil, znaceny Windows.0 ...
odinstalaci nesmyslu se neco zlepsilo uz se to tolik neseka (este je mozno odinstalovat dalsi programy)
Problemy:
0) Dvoje widleXP na jednom oddile, co s tim novym systemem...nebude to mit vliv na funkci....ted nemyslim rostlinare... :))
1) startuji mi nektere programy napr. Total Comander dvakrat...je to detail muzu to smazat z msconfigu...
2) dale se bych se rad zbavil automatickeho spousteni kontroly systemovych souboru po startu (nastavil sem si příkaz sfc /scanboot)...napoveda F1 win rika:

(sfc)Po restartování počítače zkontroluje a ověří verze všech chráněných systémových souborů.
Syntaxe
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]
Parametry
/scannow
Okamžitě zkontroluje všechny chráněné systémové soubory.
/scanonce
Zkontroluje všechny chráněné systémové soubory jednou.
/scanboot
Zkontroluje všechny chráněné systémové soubory při každém restartování počítače.
/revert
Vrátí kontrolu do její výchozí operace.
/purgecache
Vyprázdní souborovou mezipaměť funkce Ochrana souborů systému Windows a okamžitě zkontroluje všechny chráněné systémové soubory.
/cachesize=x
Nastaví velikost souborové mezipaměti funkce Ochrana souborů systému Windows v MB.
/?
Zobrazí v příkazovém řádku nápovědu.

netusim cim to vypnout, zkusil sem /revert ale nic.

Zde je ten log z Combo:

ComboFix 09-02-24.02 - Petr 2009-02-25 20:37:07.7 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1704 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090225-1] *On-access scanning enabled* (Updated)

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-01-25 do 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 20:28 . 2009-02-25 20:28 <DIR> d-------- c:\windows\LastGood
2009-02-25 20:28 . 2009-02-25 20:33 29,412 --a------ c:\windows\system32\jcsball.dat
2009-02-25 20:28 . 2009-02-25 20:33 10,918 --a------ c:\windows\system32\jcsb.new
2009-02-25 20:28 . 2009-02-25 20:33 2,161 --a------ c:\windows\system32\jerror.dat
2009-02-25 20:01 . 2006-05-04 19:02 380,928 --a------ c:\windows\system32\drivers\rt61.sys
2009-02-25 20:01 . 2005-12-15 10:38 315,392 --a------ c:\windows\system32\AegisI5.exe
2009-02-25 20:01 . 2006-05-15 16:25 295,028 --a------ c:\windows\system32\Install6x.dll
2009-02-25 20:01 . 2009-02-25 20:01 21,275 --a------ c:\windows\system32\drivers\AegisP.sys
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2661.bin
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2561s.bin
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2561.bin
2009-02-25 20:01 . 2006-03-10 15:33 78 --a------ c:\windows\filespec6x
2009-02-25 15:54 . 2009-02-25 15:54 <DIR> d-------- c:\program files\Trend Micro
2009-02-24 16:13 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD33.tmp
2009-02-24 16:13 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD30.tmp
2009-02-24 16:13 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD36.tmp
2009-02-24 16:13 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD2.tmp
2009-02-24 16:13 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD39.tmp
2009-02-24 16:13 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD2D.tmp
2009-02-23 21:19 . 2009-02-23 21:19 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-02-23 21:19 . 2009-02-23 21:19 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-02-23 21:19 . 2009-02-23 21:19 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-02-23 21:19 . 2009-02-23 21:19 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-02-23 21:19 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-23 19:58 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD35.tmp
2009-02-23 19:58 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD32.tmp
2009-02-23 19:58 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD38.tmp
2009-02-23 19:58 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD3B.tmp
2009-02-23 19:58 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD2F.tmp
2009-02-23 19:57 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD2C.tmp
2009-02-23 16:10 . 2008-04-14 08:52 152,064 --a--c--- c:\windows\system32\dllcache\OLD89E.tmp
2009-02-23 16:10 . 2008-04-14 00:24 88,192 --a--c--- c:\windows\system32\dllcache\OLD89A.tmp
2009-02-23 16:10 . 2008-04-14 08:51 27,648 --a--c--- c:\windows\system32\dllcache\OLD8A6.tmp
2009-02-23 16:10 . 2001-08-17 21:49 23,552 --a--c--- c:\windows\system32\dllcache\OLD8A2.tmp
2009-02-23 16:07 . 2001-10-24 12:24 229,462 --a--c--- c:\windows\system32\dllcache\OLD4F2.tmp
2009-02-23 16:07 . 2001-10-24 12:24 131,156 --a--c--- c:\windows\system32\dllcache\OLD4E6.tmp
2009-02-23 16:07 . 2001-10-24 11:41 103,428 --a--c--- c:\windows\system32\dllcache\OLD4EA.tmp
2009-02-23 16:07 . 2001-10-24 11:41 90,557 --a--c--- c:\windows\system32\dllcache\OLD4EE.tmp
2009-02-23 16:07 . 2001-10-24 11:41 37,895 --a--c--- c:\windows\system32\dllcache\OLD4E2.tmp
2009-02-23 15:32 . 2008-04-14 07:51 20,540 --a------ c:\windows\system32\dllcache\OLD27.tmp
2009-02-23 15:32 . 2009-02-23 15:32 0 --a--c--- c:\windows\system32\dllcache\OLD2A.tmp
2009-02-22 20:19 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\adsiis51.dll
2009-02-22 20:19 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\admwprox.dll
2009-02-22 20:19 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\author.dll
2009-02-22 20:19 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\admin.dll
2009-02-22 20:19 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\author.exe
2009-02-22 20:19 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\admin.exe
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Plocha
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Okolní tiskárny
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Okolní síť
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Oblíbené položky
2009-02-22 19:50 . 2009-02-22 18:56 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Šablony
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> dr------- c:\documents and settings\Default User.WINDOWS.0\Nabídka Start
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Dokumenty
2009-02-22 19:50 . 2009-02-22 19:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Plocha
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Oblíbené položky
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS.0\Šablony
2009-02-22 19:50 . 2009-02-22 19:01 <DIR> dr------- c:\documents and settings\All Users.WINDOWS.0\Nabídka Start
2009-02-22 19:50 . 2009-02-22 18:57 <DIR> dr------- c:\documents and settings\All Users.WINDOWS.0\Dokumenty
2009-02-22 19:49 . 2009-02-22 19:50 <DIR> dr-h----- c:\documents and settings\Default User.WINDOWS.0\Data aplikací
2009-02-22 19:49 . 2009-02-23 17:32 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0
2009-02-22 19:49 . 2009-02-22 19:50 <DIR> dr-h----- c:\documents and settings\All Users.WINDOWS.0\Data aplikací
2009-02-22 19:49 . 2009-02-22 18:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0
2009-02-22 19:45 . 2008-04-14 07:51 43,520 --a------ c:\windows\system32\dllcache\OLD29.tmp
2009-02-22 19:44 . 2008-04-14 07:51 20,540 --a------ c:\windows\system32\dllcache\OLD23.tmp
2009-02-22 19:44 . 2008-04-14 07:52 16,439 --a------ c:\windows\system32\dllcache\OLD26.tmp
2009-02-22 19:43 . 2009-02-23 16:55 <DIR> d-------- C:\WINDOWS.0
2009-02-22 19:39 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD25.tmp
2009-02-22 19:39 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD22.tmp
2009-02-22 19:39 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD28.tmp
2009-02-22 19:39 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD1C.tmp
2009-02-22 19:39 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD2B.tmp
2009-02-22 19:39 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD1F.tmp
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Petr.MAŠINA\Plocha
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Okolní tiskárny
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Okolní síť
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Oblíbené položky
2009-02-22 19:05 . 2009-02-22 18:56 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Šablony
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Nabídka Start
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Dokumenty
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr-h----- c:\documents and settings\Petr.MAŠINA\Data aplikací
2009-02-22 19:05 . 2009-02-23 15:41 <DIR> d-------- c:\documents and settings\Petr.MAŠINA
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY
2009-02-22 19:02 . 2009-02-22 19:03 <DIR> d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY
2009-02-22 18:58 . 2009-02-22 18:58 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS.0\DRM
2009-02-22 17:22 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD1E.tmp
2009-02-22 17:22 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD1B.tmp
2009-02-22 17:22 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD21.tmp
2009-02-22 17:22 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD14.tmp
2009-02-22 17:22 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD24.tmp
2009-02-22 17:22 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD18.tmp
2009-02-22 17:16 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD1A.tmp
2009-02-22 17:16 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD17.tmp
2009-02-22 17:16 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD1D.tmp
2009-02-22 17:16 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD10.tmp
2009-02-22 17:16 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD20.tmp
2009-02-22 17:16 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD13.tmp
2009-02-22 16:20 . 2001-08-17 21:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-02-22 16:19 . 2001-10-24 11:58 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-22 16:18 . 2008-08-14 14:26 2,068,224 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-22 16:17 . 2001-10-25 15:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-22 16:16 . 2001-10-25 15:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-22 16:11 . 2008-08-14 14:26 2,191,360 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-22 16:11 . 2008-04-14 07:51 189,440 --a--c--- c:\windows\system32\dllcache\smtpadm.dll
2009-02-22 16:11 . 2008-04-14 07:48 77,824 --a--c--- c:\windows\system32\dllcache\logui.ocx
2009-02-22 16:11 . 2001-10-24 12:24 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-22 16:11 . 2008-04-14 07:52 32,827 --a--c--- c:\windows\system32\dllcache\tcptest.exe
2009-02-22 16:11 . 2008-04-14 07:51 20,536 --a--c--- c:\windows\system32\dllcache\shtml.dll
2009-02-22 16:11 . 2008-04-14 07:52 16,437 --a--c--- c:\windows\system32\dllcache\shtml.exe
2009-02-22 16:11 . 2008-04-04 01:28 16,384 --a--c--- c:\windows\system32\dllcache\tcptsat.dll
2009-02-22 16:11 . 2008-04-14 07:52 8,192 --a--c--- c:\windows\system32\dllcache\staxmem.dll
2009-02-22 16:11 . 2001-10-25 15:00 7,168 --a--c--- c:\windows\system32\dllcache\wamregps.dll
2009-02-22 15:51 . 2008-04-14 07:51 290,816 --a------ c:\windows\system32\dllcache\OLD19.tmp
2009-02-22 15:51 . 2008-04-14 07:51 43,520 --a------ c:\windows\system32\dllcache\OLD16.tmp
2009-02-22 15:21 . 2001-10-24 11:46 75,136 --a--c--- c:\windows\system32\dllcache\atimpae.sys
2009-02-22 12:38 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD15.tmp
2009-02-22 12:38 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD11.tmp
2009-02-22 12:38 . 2008-04-14 07:51 20,540 --a------ c:\windows\TMP17.tmp
2009-02-22 12:38 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLDE.tmp
2009-02-22 12:37 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLDB.tmp
2009-02-22 12:23 . 2009-02-22 12:23 <DIR> d-------- c:\program files\Driver-Soft
2009-02-22 12:23 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-02-22 10:11 . 2009-02-22 19:56 <DIR> d-------- c:\program files\nLite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 19:33 --------- d-----w c:\documents and settings\Petr\Data aplikací\uTorrent
2009-02-25 19:29 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-25 19:28 14,656 ----a-w c:\windows\gdrv.sys
2009-02-25 19:27 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-25 19:21 --------- d-----w c:\program files\iolo
2009-02-25 19:01 --------- d-----w c:\program files\RALINK
2009-02-25 18:37 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-25 18:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-25 18:37 --------- d-----w c:\documents and settings\Petr\Data aplikací\SUPERAntiSpyware.com
2009-02-25 18:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 18:29 --------- d-----w c:\program files\iLiberty
2009-02-25 18:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2009-02-25 18:26 --------- d-----w c:\documents and settings\Petr\Data aplikací\Microsoft Games
2009-02-25 18:24 --------- d-----w c:\program files\Ubisoft
2009-02-25 18:19 --------- d-----w c:\program files\Ovislink
2009-02-25 18:19 --------- d-----w c:\program files\Common Files\Acronis
2009-02-25 14:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-23 20:17 --------- d-----w c:\program files\CCleaner
2009-02-23 19:43 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-23 19:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 18:56 --------- d-----w c:\program files\Orbitdownloader
2009-02-21 13:33 --------- d-----w c:\program files\ESET
2009-02-21 13:21 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-21 10:37 --------- d-----w c:\program files\Bonjour
2009-02-21 10:35 --------- d-----w c:\documents and settings\Petr\Data aplikací\DiskAid
2009-02-21 10:30 --------- d-----w c:\program files\totalcmd
2009-02-21 10:30 --------- d-----w c:\program files\Recuva
2009-02-21 10:30 --------- d-----w c:\program files\MPlayer for Windows
2009-02-21 10:30 --------- d-----w c:\program files\MozyHome
2009-02-21 10:30 --------- d-----w c:\program files\MediaInfo
2009-02-21 10:30 --------- d-----w c:\program files\MediaCoder
2009-02-21 10:30 --------- d-----w c:\program files\iTunes
2009-02-21 10:30 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\BinarySense
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\Akamai
2009-02-21 10:30 --------- d-----w c:\program files\ATITool
2009-02-21 10:27 --------- d-----w c:\program files\Metacafe
2009-02-18 16:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2009-02-17 18:13 --------- d-----w c:\documents and settings\Petr\Data aplikací\Metacafe
2009-02-17 18:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Metacafe
2009-02-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 15:49 --------- d-----w c:\program files\MediaCoder iPhone Edition
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 13:55 --------- d-----w c:\program files\Gigabyte
2009-02-07 11:22 77,168 ----a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-03 15:59 --------- d-----w c:\program files\USDownloader135
2009-02-01 20:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-01 20:48 22,328 ----a-w c:\documents and settings\Petr\Data aplikací\PnkBstrK.sys
2009-02-01 20:47 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2009-02-01 20:47 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-01 20:47 107,832 ----a-w c:\windows\system32\PnkBstrB(2).exe
2009-02-01 19:59 --------- d-----w c:\program files\Codemasters
2009-02-01 18:22 --------- d-----w c:\documents and settings\Petr\Data aplikací\Skype
2009-02-01 18:00 --------- d-----w c:\documents and settings\Petr\Data aplikací\skypePM
2009-01-29 14:39 --------- d-----w c:\program files\Skype
2009-01-24 18:40 --------- d-----w c:\program files\Windows Desktop Search
2009-01-24 10:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-01-23 18:54 --------- d-----w c:\documents and settings\Petr\Data aplikací\Windows Search
2009-01-21 19:33 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-01-21 19:33 23,600 ----a-w c:\windows\system32\drivers\TVICHW32(2).SYS
2009-01-19 16:07 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-19 16:06 --------- d-----w c:\program files\iPod
2009-01-18 20:48 --------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-18 20:40 --------- d-----w c:\documents and settings\Petr\Data aplikací\Malwarebytes
2009-01-12 20:06 --------- d-----w c:\program files\Common Files\Apple
2009-01-12 20:04 --------- d-----w c:\program files\QuickTime Alternative
2009-01-11 19:57 --------- d-----w c:\program files\WinSCP
2009-01-09 14:23 319,488 ----a-w c:\windows\HideWin.exe
2009-01-08 20:54 --------- d-----w c:\program files\HD Tune
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-02-07 13:53 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-10-24 06:47 47,360 ----a-w c:\documents and settings\Petr\Data aplikací\pcouffin.sys
2007-10-11 08:23 8,255 -c--a-w c:\program files\atitool.rar
2007-09-06 12:28 1,097,728 ----a-w c:\documents and settings\Petr\iTunesMobileDevice.dll
2005-01-28 14:15 192,512 ----a-w c:\windows\inf\unregmp2(2).exe
2008-01-08 18:47 61 --sh--w c:\windows\cnerolf.bin
2006-05-03 10:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w c:\windows\system32\VistaUltm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-10-24 15:52 3044664 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-10-24 15:52 3044664 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tray3"="c:\windows\system32\RecvMessage.exe" [2007-01-10 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 c:\windows\RTHDCPL.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ATITool(2).lnk - c:\program files\ATITool\ATITool.exe [2006-12-08 3035136]
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-08 3035136]
desktop(2).ini [2007-10-03 84]
HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [2007-08-09 2422008]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
PdaNet Desktop(2).lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-02-04 163840]
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-02-04 163840]
Total Commander(2).lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-03-07 1080264]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-03-07 1080264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2).ini [2008-10-31 169]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2008-10-24 2954552]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-25 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\strongDCrc10\\StrongDC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\update.exe"=
"c:\\WINDOWS\\system32\\RecvMessage.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
S1 amdtools;AMD Special Tools Driver; [x]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
S1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53752]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
S2 COM Service;COM Service;c:\program files\Gigabyte\C.O.M\GCSVR.exe [2009-02-07 16384]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2007-08-09 816376]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f9586d-7ab8-11dc-8682-001a4d4ebf13}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-02-25 c:\windows\Tasks\20090107_211900_Hlavní Záloha.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 09:24]

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://esd.element5.com/product.html?pr ... =200030350
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\BinarySense\HDDlife 3\hlAPP.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\4o3l9ne1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 20:39:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet108\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(392)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-25 20:40:58
ComboFix-quarantined-files.txt 2009-02-25 19:40:44

Před spuštěním: Volných bajtů: 169,085,321,216
Po spuštění: Volných bajtů: 169,000,378,368

Current=108 Default=108 Failed=107 LastKnownGood=109 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109
519 --- E O F --- 2009-02-25 14:55:14

[jaro3]

Dva systémy na jednom oddíle? To snad ne, to myslím nepovolí windows, moc tomu nerozumím.
Ten TotalComander můžeš v msconfig odškrtnout.
Jinak to vypadá hrozně... Jestli tam nemáš něco důležitého, tak bych raději volil formát..
Neměl jsi tam někdy něco od Symantec/Norton, nevím co je to za soubory:
c:\windows\system32\jcsball.dat
c:\windows\system32\jcsb.new
c:\windows\system32\jerror.dat
Jestli to znáš tak napiš...
Kdybys nechtěl formátovat , tak ten script pro Combofix udělám zítra, teď musím končit.Ale formát by byl nejlepší, nebo si dát nový (další) oddíl a tam dát čistou instalaci a pak ten starý něčím projet, nezavirované soubory a složky přetáhnout a starý poté formátovat.

[legendaryboy]

Opravdu mam dve instalce na jednom oddilu disku, ted vim ze je to kravina nemit specialni oddil na Win, ale udelal sem to pac sem nechtel pri instalci vice her, programu premyslet nad tim ze mi nekdy dojde misto na C: a ze budu muset instalovat na jiny oddil na tom samem diskovem poli... . Momentalne mam v RAID 0 poli prvni instalaci slozka WINDOWS/ a druha ktera se mi nainstalovala nechtic, puvodne sem chtel abych hodil nikoli novou instalaci ale tzv. inovaci. Nepovedlo se, ale vypada to ze se oba systemy neperou, teda zatim si nejak neprekazej. Pri bootu mam 35 sec na vyber jaky pouziji system.

A to vypnuti "scf /scanboot" (kontrola systemovych souboru) se mi pres prikaz "sfc /revert" nejak nepodarilo a nevim jak jinak by to slo... :((

Momentalne muzu rict ze se to prestalo sekat, ale nemam radost z infikovanych souboru kdyz sem uvidel log z MWAV. Byly tam nejaky backdoory, viry, atd. Mozna MWAV prehani, tezko rict. Pokud je mozno a neznici mi to system, smazal bych vsechny ty infikovany soubory manualne ale nevim estli najdu skryte ci jestli se to takto manualne smaze dokonale.

Ted kdyz uz mi system nabootuje bez omezovani msconfigem a 10 hodin se nesekl tak se mi do formatu a reinstalu moc nechce....

Ohledne Symantec/Norton a tech divnych souboru:
....Norton AV sem mozna mel taky nekdy nainstalovane uz si presne nevzpominam. Zkousel sem hodne softwaru. Mozna sem ho zkousel soucasne s NODem a sekalo mi to start, tak sem dal prednost NODu.
Zkousel sem hodne verzi NODu 32:
novy verze cracly
novy necrekly
pak staricky NOD 32 v2.XX, protoze u nej nebyl problem s aktualizaci...za cas sem ale zjistil ze nejde pouzit scan, zacalo kousani pri fullscanu, neslo tim proscanovat disky tak sem musel zacit resit cim to je a zacaly tim problemy.

Ted sem presel na AVAST.

Mel sem instalovano nekolik verzi System Mechanicu 7.5....8v (asi system-mechanic-8-crc-by-emer), vetsinou crackle z torentu,

PC sem prubezne scanoval programy:

Spyboot,
RootkitBuster2.2.1014
TROJAN REMOVER 6.6.5...cracklou verzi, MWAV oznacil infikovany.
Ad-Awarem 2008
Glary Utilities
a dalsi programy uz ale nevim jaky, protoze vetsinou nic nenasly tak sly do kose.

Ted kdyz uz se po deinstalaci kravin neseka tak to vypada, ze vazne sem to s temi Antiprogramy_Spyware, Adware, Vir, atd asi trochu prehanel....

Vetsina downloadu z warezu -crackly verze ci s keygeny byla MWaVem oznacena...

[jaro3]

O.K:, beru to tak , že tam nyní nemáš žádný antivir , tak odeberem ty zbytky + nákazy....

START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší toto:
sc stop aswSP
sc delete aswSP
sc stop aswFsBlk
sc delete aswFsBlk
exit
Restart PC
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\jcsball.dat
c:\windows\system32\jcsb.new
c:\windows\system32\jerror.dat
c:\windows\system32\dllcache\OLD33.tmp
c:\windows\system32\dllcache\OLD30.tmp
c:\windows\system32\dllcache\OLD36.tmp
c:\windows\system32\dllcache\OLD2.tmp
c:\windows\system32\dllcache\OLD39.tmp
c:\windows\system32\dllcache\OLD2D.tmp
c:\windows\system32\dllcache\OLD35.tmp
c:\windows\system32\dllcache\OLD32.tmp
c:\windows\system32\dllcache\OLD38.tmp
c:\windows\system32\dllcache\OLD3B.tmp
c:\windows\system32\dllcache\OLD2F.tmp
c:\windows\system32\dllcache\OLD2C.tmp
c:\windows\system32\dllcache\OLD89E.tmp
c:\windows\system32\dllcache\OLD89A.tmp
c:\windows\system32\dllcache\OLD8A6.tmp
c:\windows\system32\dllcache\OLD8A2.tmp
c:\windows\system32\dllcache\OLD4F2.tmp
c:\windows\system32\dllcache\OLD4E6.tmp
c:\windows\system32\dllcache\OLD4EA.tmp
c:\windows\system32\dllcache\OLD4EE.tmp
c:\windows\system32\dllcache\OLD4E2.tmp
c:\windows\system32\dllcache\OLD27.tmp
c:\windows\system32\dllcache\OLD2A.tmp
c:\windows\system32\dllcache\OLD29.tmp
c:\windows\system32\dllcache\OLD23.tmp
c:\windows\system32\dllcache\OLD26.tmp
c:\windows\system32\dllcache\OLD25.tmp
c:\windows\system32\dllcache\OLD22.tmp
c:\windows\system32\dllcache\OLD28.tmp
c:\windows\system32\dllcache\OLD1C.tmp
c:\windows\system32\dllcache\OLD2B.tmp
c:\windows\system32\dllcache\OLD1F.tmp
c:\windows\system32\dllcache\OLD1E.tmp
c:\windows\system32\dllcache\OLD1B.tmp
c:\windows\system32\dllcache\OLD21.tmp
c:\windows\system32\dllcache\OLD14.tmp
c:\windows\system32\dllcache\OLD24.tmp
c:\windows\system32\dllcache\OLD18.tmp
c:\windows\system32\dllcache\OLD1A.tmp
c:\windows\system32\dllcache\OLD17.tmp
c:\windows\system32\dllcache\OLD1D.tmp
c:\windows\system32\dllcache\OLD10.tmp
c:\windows\system32\dllcache\OLD20.tmp
c:\windows\system32\dllcache\OLD13.tmp
c:\windows\system32\dllcache\OLD19.tmp
c:\windows\system32\dllcache\OLD16.tmp
c:\windows\system32\dllcache\OLD15.tmp
c:\windows\system32\dllcache\OLD11.tmp
c:\windows\TMP17.tmp
c:\windows\system32\dllcache\OLDE.tmp
c:\windows\system32\dllcache\OLDB.tmp
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
c:\windows\system32\Smab0.dll
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswFsBlk.sys

Folder::
c:\documents and settings\All Users\Data aplikací\Kaspersky Lab

Driver::
aswSP
aswFsBlk

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
avast! Web Scanner"=-
"avast! Mail Scanner"=-
"avast! Antivirus"=-
"aswUpdSv"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Potom sem ještě vlož log ze skenu MWAV.
Toto otestuj na Virustotal
c:\windows\system32\wininet.dll
Vlož sem pak odkaz výsledku.

[legendaryboy]

Smankote ja sem ten AVAST radeji zase po ComboFIX scanech nainstaloval, pac sem chtel serfovat a bez Antiviru sem se nejak bal. No nic, estli berete ze ho tam nemam tak odpojim net, odinstaluju ho, restartnu a snad nabehnou a budu pokracovat dle vasich instrukci, jdu na to.

[jaro3]

njn, tak ho pak nainstaluješ zpátky , po odvirování a vyčištění, hlavně aby Ti to při scriptu nespadlo...

[legendaryboy]

Po skriptu to restartovalo a pri vypisu LOGu sem mozna omylem zavrel nejaky notepad text ktery se mi automaticky vzdycky pri startu spousti (vytaci me to ale doufam ze to neovlivnilo ten vypis natolik ze se to pak seklo), je v nich uvedeny nejaky klic z registru... delalo to uz pred tim, resp . po nejakym comboscanu.
Horsi je ze to vypsalo log, zavrelo se okno Comba a pocitac dale nereagoval byl zasekly. Takze sem zkusil znova tvrdy restart ze to napodruhe nabootuje, nepovedlo se. Prejel sem na druhy "WINDOWS.O" abych mohl poslat alespon tento LOG. Na dalsi scany MWAV a HJT bych musel jit do nouzoveho rezimu coz by nemelo vadit? A pokud se podari poslu dalsi vyžádané logy MWAV a HJT.
c:\windows\system32\jcsb.new 10920 bytes
c:\windows\system32\jcsball.dat 30671 bytes
c:\windows\system32\jerror.dat 2186 bytes
Koukam do logu ze ty soubory tam porad sou... mel sem za to ze je combo smazne...

Soubor wininet.dll přijatý 2009.02.26 18:20:15 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO

Výsledek: 0/39 (0%)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.02.26 -
AhnLab-V3 5.0.0.2 2009.02.26 -
AntiVir 7.9.0.93 2009.02.26 -
Authentium 5.1.0.4 2009.02.26 -
Avast 4.8.1335.0 2009.02.25 -
AVG 8.0.0.237 2009.02.26 -
BitDefender 7.2 2009.02.26 -
CAT-QuickHeal 10.00 2009.02.26 -
ClamAV 0.94.1 2009.02.26 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.26 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6375 2009.02.26 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.26 -
Fortinet 3.117.0.0 2009.02.26 -
GData 19 2009.02.26 -
Ikarus T3.1.1.45.0 2009.02.26 -
K7AntiVirus 7.10.648 2009.02.26 -
Kaspersky 7.0.0.125 2009.02.26 -
McAfee 5536 2009.02.25 -
McAfee+Artemis 5536 2009.02.25 -
Microsoft 1.4306 2009.02.26 -
NOD32 3893 2009.02.26 -
Norman 6.00.06 2009.02.26 -
nProtect 2009.1.8.0 2009.02.26 -
Panda 10.0.0.10 2009.02.26 -
PCTools 4.4.2.0 2009.02.26 -
Prevx1 V2 2009.02.26 -
Rising 21.18.32.00 2009.02.26 -
SecureWeb-Gateway 6.0.0 2009.02.26 -
Sophos 4.39.0 2009.02.26 -
Sunbelt 3.2.1858.2 2009.02.25 -
Symantec 10 2009.02.26 -
TheHacker 6.3.2.5.265 2009.02.25 -
TrendMicro 8.700.0.1004 2009.02.26 -
VBA32 3.12.10.0 2009.02.26 -
ViRobot 2009.2.26.1625 2009.02.26 -
VirusBuster 4.5.11.0 2009.02.26 -
Rozšiřující informace
File size: 826368 bytes


ComboFix 09-02-24.02 - Petr 2009-02-26 17:38:20.8 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1274 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\system32\dllcache\OLD10.tmp
c:\windows\system32\dllcache\OLD11.tmp
c:\windows\system32\dllcache\OLD13.tmp
c:\windows\system32\dllcache\OLD14.tmp
c:\windows\system32\dllcache\OLD15.tmp
c:\windows\system32\dllcache\OLD16.tmp
c:\windows\system32\dllcache\OLD17.tmp
c:\windows\system32\dllcache\OLD18.tmp
c:\windows\system32\dllcache\OLD19.tmp
c:\windows\system32\dllcache\OLD1A.tmp
c:\windows\system32\dllcache\OLD1B.tmp
c:\windows\system32\dllcache\OLD1C.tmp
c:\windows\system32\dllcache\OLD1D.tmp
c:\windows\system32\dllcache\OLD1E.tmp
c:\windows\system32\dllcache\OLD1F.tmp
c:\windows\system32\dllcache\OLD2.tmp
c:\windows\system32\dllcache\OLD20.tmp
c:\windows\system32\dllcache\OLD21.tmp
c:\windows\system32\dllcache\OLD22.tmp
c:\windows\system32\dllcache\OLD23.tmp
c:\windows\system32\dllcache\OLD24.tmp
c:\windows\system32\dllcache\OLD25.tmp
c:\windows\system32\dllcache\OLD26.tmp
c:\windows\system32\dllcache\OLD27.tmp
c:\windows\system32\dllcache\OLD28.tmp
c:\windows\system32\dllcache\OLD29.tmp
c:\windows\system32\dllcache\OLD2A.tmp
c:\windows\system32\dllcache\OLD2B.tmp
c:\windows\system32\dllcache\OLD2C.tmp
c:\windows\system32\dllcache\OLD2D.tmp
c:\windows\system32\dllcache\OLD2F.tmp
c:\windows\system32\dllcache\OLD30.tmp
c:\windows\system32\dllcache\OLD32.tmp
c:\windows\system32\dllcache\OLD33.tmp
c:\windows\system32\dllcache\OLD35.tmp
c:\windows\system32\dllcache\OLD36.tmp
c:\windows\system32\dllcache\OLD38.tmp
c:\windows\system32\dllcache\OLD39.tmp
c:\windows\system32\dllcache\OLD3B.tmp
c:\windows\system32\dllcache\OLD4E2.tmp
c:\windows\system32\dllcache\OLD4E6.tmp
c:\windows\system32\dllcache\OLD4EA.tmp
c:\windows\system32\dllcache\OLD4EE.tmp
c:\windows\system32\dllcache\OLD4F2.tmp
c:\windows\system32\dllcache\OLD89A.tmp
c:\windows\system32\dllcache\OLD89E.tmp
c:\windows\system32\dllcache\OLD8A2.tmp
c:\windows\system32\dllcache\OLD8A6.tmp
c:\windows\system32\dllcache\OLDB.tmp
c:\windows\system32\dllcache\OLDE.tmp
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\flvDX.dll
c:\windows\system32\jcsb.new
c:\windows\system32\jcsball.dat
c:\windows\system32\jerror.dat
c:\windows\system32\msfDX.dll
c:\windows\system32\Smab0.dll
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\TMP17.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
c:\documents and settings\All Users\Data aplikací\Kaspersky Lab\AVP.7.125_10.08_20.08_670.SRV.exception.log
c:\documents and settings\All Users\Data aplikací\Kaspersky Lab\AVP.7.125_10.08_20.43_384.ALL.exception.log
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\dllcache\OLD10.tmp
c:\windows\system32\dllcache\OLD11.tmp
c:\windows\system32\dllcache\OLD13.tmp
c:\windows\system32\dllcache\OLD14.tmp
c:\windows\system32\dllcache\OLD15.tmp
c:\windows\system32\dllcache\OLD16.tmp
c:\windows\system32\dllcache\OLD17.tmp
c:\windows\system32\dllcache\OLD18.tmp
c:\windows\system32\dllcache\OLD19.tmp
c:\windows\system32\dllcache\OLD1A.tmp
c:\windows\system32\dllcache\OLD1B.tmp
c:\windows\system32\dllcache\OLD1C.tmp
c:\windows\system32\dllcache\OLD1D.tmp
c:\windows\system32\dllcache\OLD1E.tmp
c:\windows\system32\dllcache\OLD1F.tmp
c:\windows\system32\dllcache\OLD2.tmp
c:\windows\system32\dllcache\OLD20.tmp
c:\windows\system32\dllcache\OLD21.tmp
c:\windows\system32\dllcache\OLD22.tmp
c:\windows\system32\dllcache\OLD23.tmp
c:\windows\system32\dllcache\OLD24.tmp
c:\windows\system32\dllcache\OLD25.tmp
c:\windows\system32\dllcache\OLD26.tmp
c:\windows\system32\dllcache\OLD27.tmp
c:\windows\system32\dllcache\OLD28.tmp
c:\windows\system32\dllcache\OLD29.tmp
c:\windows\system32\dllcache\OLD2A.tmp
c:\windows\system32\dllcache\OLD2B.tmp
c:\windows\system32\dllcache\OLD2C.tmp
c:\windows\system32\dllcache\OLD2D.tmp
c:\windows\system32\dllcache\OLD2F.tmp
c:\windows\system32\dllcache\OLD30.tmp
c:\windows\system32\dllcache\OLD32.tmp
c:\windows\system32\dllcache\OLD33.tmp
c:\windows\system32\dllcache\OLD35.tmp
c:\windows\system32\dllcache\OLD36.tmp
c:\windows\system32\dllcache\OLD38.tmp
c:\windows\system32\dllcache\OLD39.tmp
c:\windows\system32\dllcache\OLD3B.tmp
c:\windows\system32\dllcache\OLD4E2.tmp
c:\windows\system32\dllcache\OLD4E6.tmp
c:\windows\system32\dllcache\OLD4EA.tmp
c:\windows\system32\dllcache\OLD4EE.tmp
c:\windows\system32\dllcache\OLD4F2.tmp
c:\windows\system32\dllcache\OLD89A.tmp
c:\windows\system32\dllcache\OLD89E.tmp
c:\windows\system32\dllcache\OLD8A2.tmp
c:\windows\system32\dllcache\OLD8A6.tmp
c:\windows\system32\dllcache\OLDB.tmp
c:\windows\system32\dllcache\OLDE.tmp
c:\windows\system32\flvDX.dll
c:\windows\system32\jcsb.new
c:\windows\system32\jcsball.dat
c:\windows\system32\jerror.dat
c:\windows\system32\msfDX.dll
c:\windows\system32\Smab0.dll
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\TMP17.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP


((((((((((((((((((((((((( Soubory vytvořené od 2009-01-26 do 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-25 20:44 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLD37.tmp
2009-02-25 20:44 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD34.tmp
2009-02-25 20:44 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD3A.tmp
2009-02-25 20:44 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD2E.tmp
2009-02-25 20:44 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD3D.tmp
2009-02-25 20:44 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD31.tmp
2009-02-25 20:01 . 2006-05-04 19:02 380,928 --a------ c:\windows\system32\drivers\rt61.sys
2009-02-25 20:01 . 2005-12-15 10:38 315,392 --a------ c:\windows\system32\AegisI5.exe
2009-02-25 20:01 . 2006-05-15 16:25 295,028 --a------ c:\windows\system32\Install6x.dll
2009-02-25 20:01 . 2009-02-25 20:01 21,275 --a------ c:\windows\system32\drivers\AegisP.sys
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2661.bin
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2561s.bin
2009-02-25 20:01 . 2006-04-06 13:15 8,192 --a------ c:\windows\system32\drivers\RT2561.bin
2009-02-25 20:01 . 2006-03-10 15:33 78 --a------ c:\windows\filespec6x
2009-02-25 15:54 . 2009-02-25 15:54 <DIR> d-------- c:\program files\Trend Micro
2009-02-23 21:19 . 2009-02-23 21:19 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-02-23 21:19 . 2009-02-23 21:19 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-02-23 21:19 . 2009-02-23 21:19 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-02-23 21:19 . 2009-02-23 21:19 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-02-23 21:19 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-22 20:19 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\adsiis51.dll
2009-02-22 20:19 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\admwprox.dll
2009-02-22 20:19 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\author.dll
2009-02-22 20:19 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\admin.dll
2009-02-22 20:19 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\author.exe
2009-02-22 20:19 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\admin.exe
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Plocha
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Okolní tiskárny
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Okolní síť
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Oblíbené položky
2009-02-22 19:50 . 2009-02-22 18:56 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0\Šablony
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> dr------- c:\documents and settings\Default User.WINDOWS.0\Nabídka Start
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Default User.WINDOWS.0\Dokumenty
2009-02-22 19:50 . 2009-02-22 19:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Plocha
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0\Oblíbené položky
2009-02-22 19:50 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS.0\Šablony
2009-02-22 19:50 . 2009-02-22 19:01 <DIR> dr------- c:\documents and settings\All Users.WINDOWS.0\Nabídka Start
2009-02-22 19:50 . 2009-02-22 18:57 <DIR> dr------- c:\documents and settings\All Users.WINDOWS.0\Dokumenty
2009-02-22 19:49 . 2009-02-22 19:50 <DIR> dr-h----- c:\documents and settings\Default User.WINDOWS.0\Data aplikací
2009-02-22 19:49 . 2009-02-23 17:32 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS.0
2009-02-22 19:49 . 2009-02-22 19:50 <DIR> dr-h----- c:\documents and settings\All Users.WINDOWS.0\Data aplikací
2009-02-22 19:49 . 2009-02-22 18:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS.0
2009-02-22 19:43 . 2009-02-23 16:55 <DIR> d-------- C:\WINDOWS.0
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d-------- c:\documents and settings\Petr.MAŠINA\Plocha
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Okolní tiskárny
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Okolní síť
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Oblíbené položky
2009-02-22 19:05 . 2009-02-22 18:56 <DIR> d--h----- c:\documents and settings\Petr.MAŠINA\Šablony
2009-02-22 19:05 . 2009-02-22 19:50 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Nabídka Start
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr------- c:\documents and settings\Petr.MAŠINA\Dokumenty
2009-02-22 19:05 . 2009-02-22 19:05 <DIR> dr-h----- c:\documents and settings\Petr.MAŠINA\Data aplikací
2009-02-22 19:05 . 2009-02-23 15:41 <DIR> d-------- c:\documents and settings\Petr.MAŠINA
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2009-02-22 19:03 . 2009-02-22 19:03 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY
2009-02-22 19:02 . 2009-02-22 19:03 <DIR> d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY
2009-02-22 18:58 . 2009-02-22 18:58 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS.0\DRM
2009-02-22 16:20 . 2001-08-17 21:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-02-22 16:19 . 2001-10-24 11:58 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-22 16:18 . 2008-08-14 14:26 2,068,224 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-22 16:17 . 2001-10-25 15:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-22 16:16 . 2001-10-25 15:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-22 16:11 . 2008-08-14 14:26 2,191,360 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-22 16:11 . 2008-04-14 07:51 189,440 --a--c--- c:\windows\system32\dllcache\smtpadm.dll
2009-02-22 16:11 . 2008-04-14 07:48 77,824 --a--c--- c:\windows\system32\dllcache\logui.ocx
2009-02-22 16:11 . 2001-10-24 12:24 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-22 16:11 . 2008-04-14 07:52 32,827 --a--c--- c:\windows\system32\dllcache\tcptest.exe
2009-02-22 16:11 . 2008-04-14 07:51 20,536 --a--c--- c:\windows\system32\dllcache\shtml.dll
2009-02-22 16:11 . 2008-04-14 07:52 16,437 --a--c--- c:\windows\system32\dllcache\shtml.exe
2009-02-22 16:11 . 2008-04-04 01:28 16,384 --a--c--- c:\windows\system32\dllcache\tcptsat.dll
2009-02-22 16:11 . 2008-04-14 07:52 8,192 --a--c--- c:\windows\system32\dllcache\staxmem.dll
2009-02-22 16:11 . 2001-10-25 15:00 7,168 --a--c--- c:\windows\system32\dllcache\wamregps.dll
2009-02-22 15:21 . 2001-10-24 11:46 75,136 --a--c--- c:\windows\system32\dllcache\atimpae.sys
2009-02-22 12:23 . 2009-02-22 12:23 <DIR> d-------- c:\program files\Driver-Soft
2009-02-22 12:23 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-02-22 10:11 . 2009-02-22 19:56 <DIR> d-------- c:\program files\nLite
2009-02-22 09:10 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD5.tmp
2009-02-22 09:10 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD8.tmp
2009-02-22 08:22 . 2009-02-22 08:46 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-22 08:19 . 2009-02-22 08:19 <DIR> d-------- c:\program files\Microsoft
2009-02-22 07:54 . 2009-02-22 08:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Autodesk
2009-02-22 07:52 . 2009-02-22 07:55 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-02-22 07:52 . 2009-02-22 07:54 <DIR> d-------- c:\program files\Autodesk
2009-02-22 06:43 . 2009-02-22 06:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\OptiTex
2009-02-22 06:42 . 2009-02-22 06:42 <DIR> d-------- c:\program files\DAZ
2009-02-22 06:42 . 2009-02-22 06:42 <DIR> d-------- c:\program files\Common Files\DAZ
2009-02-22 06:42 . 2008-08-21 19:12 10,113,024 --a------ c:\windows\system32\dzcore.dll
2009-02-22 06:42 . 2008-08-21 18:42 6,131,712 --a------ c:\windows\system32\daz-qt-mt.dll
2009-02-22 06:42 . 2008-08-21 18:34 2,076,672 --a------ c:\windows\system32\dz3delight.dll
2009-02-22 06:42 . 2008-08-21 18:42 1,785,856 --a------ c:\windows\system32\daz-qsa.dll
2009-02-22 06:42 . 2008-08-21 19:15 49,152 --a------ c:\windows\system32\dzcarrara.dll
2009-02-22 06:42 . 2008-08-21 19:14 33,280 --a------ c:\windows\system32\dzbryce6.dll
2009-02-22 06:42 . 2008-08-21 19:14 26,624 --a------ c:\windows\system32\dzwrapper.dll
2009-02-21 22:03 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLDD.tmp
2009-02-21 22:03 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLDA.tmp
2009-02-21 22:03 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD4.tmp
2009-02-21 22:03 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD7.tmp
2009-02-21 21:17 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLDC.tmp
2009-02-21 21:17 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLD9.tmp
2009-02-21 21:17 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLDF.tmp
2009-02-21 21:17 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD3.tmp
2009-02-21 21:17 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD6.tmp
2009-02-21 21:17 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLD12.tmp
2009-02-21 21:00 . 2001-10-24 12:24 137,216 --a------ c:\windows\system32\dllcache\atidrae(2).dll
2009-02-21 20:10 . 2009-02-23 16:02 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Orbit
2009-02-21 14:32 . 2008-04-14 07:46 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-21 14:31 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-21 14:30 . 2008-04-14 07:51 218,112 --a--c--- c:\windows\system32\dllcache\c_g18030.dll
2009-02-21 14:29 . 2001-10-24 12:24 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-02-21 14:28 . 2008-04-14 07:51 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-02-21 14:27 . 2008-04-14 07:51 184,435 --a--c--- c:\windows\system32\dllcache\fp4amsft.dll
2009-02-21 14:27 . 2008-04-14 07:51 147,513 --a--c--- c:\windows\system32\dllcache\fp4apws.dll
2009-02-21 14:27 . 2008-04-14 07:51 102,509 --a--c--- c:\windows\system32\dllcache\fp4atxt.dll
2009-02-21 14:27 . 2008-04-14 07:51 82,035 --a--c--- c:\windows\system32\dllcache\fp4anscp.dll
2009-02-21 14:27 . 2008-04-14 07:51 49,210 --a--c--- c:\windows\system32\dllcache\fp4areg.dll
2009-02-21 14:27 . 2008-04-14 07:51 41,020 --a--c--- c:\windows\system32\dllcache\fp4avnb.dll
2009-02-21 14:21 . 2009-02-21 14:21 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-21 12:47 . 2009-02-21 12:48 <DIR> d-------- c:\program files\OpenFX
2009-02-21 11:07 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLDEA.tmp
2009-02-21 11:07 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLDEE.tmp
2009-02-21 10:45 . 2008-04-14 07:51 290,816 --a--c--- c:\windows\system32\dllcache\OLDDE.tmp
2009-02-21 10:45 . 2008-04-14 07:51 43,520 --a--c--- c:\windows\system32\dllcache\OLDDA.tmp
2009-02-21 10:45 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLDE2.tmp
2009-02-21 10:45 . 2008-04-14 07:51 20,540 --a--c--- c:\windows\system32\dllcache\OLD8A.tmp
2009-02-21 10:45 . 2008-04-14 07:52 16,439 --a--c--- c:\windows\system32\dllcache\OLDE6.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 16:45 --------- d-----w c:\documents and settings\Petr\Data aplikací\uTorrent
2009-02-26 16:44 14,656 ----a-w c:\windows\gdrv.sys
2009-02-26 16:43 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-26 16:38 --------- d-----w c:\program files\Apple Software Update
2009-02-26 16:10 --------- d-----w c:\documents and settings\Petr\Data aplikací\Metacafe
2009-02-26 16:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Metacafe
2009-02-26 16:09 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-26 15:58 --------- d-----w c:\program files\Metacafe
2009-02-26 13:51 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-25 19:21 --------- d-----w c:\program files\iolo
2009-02-25 19:01 --------- d-----w c:\program files\RALINK
2009-02-25 18:37 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-25 18:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-25 18:37 --------- d-----w c:\documents and settings\Petr\Data aplikací\SUPERAntiSpyware.com
2009-02-25 18:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 18:29 --------- d-----w c:\program files\iLiberty
2009-02-25 18:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2009-02-25 18:26 --------- d-----w c:\documents and settings\Petr\Data aplikací\Microsoft Games
2009-02-25 18:24 --------- d-----w c:\program files\Ubisoft
2009-02-25 18:19 --------- d-----w c:\program files\Ovislink
2009-02-25 18:19 --------- d-----w c:\program files\Common Files\Acronis
2009-02-23 20:17 --------- d-----w c:\program files\CCleaner
2009-02-23 19:43 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-23 19:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 18:56 --------- d-----w c:\program files\Orbitdownloader
2009-02-21 13:33 --------- d-----w c:\program files\ESET
2009-02-21 13:21 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-21 10:37 --------- d-----w c:\program files\Bonjour
2009-02-21 10:35 --------- d-----w c:\documents and settings\Petr\Data aplikací\DiskAid
2009-02-21 10:30 --------- d-----w c:\program files\totalcmd
2009-02-21 10:30 --------- d-----w c:\program files\Recuva
2009-02-21 10:30 --------- d-----w c:\program files\MPlayer for Windows
2009-02-21 10:30 --------- d-----w c:\program files\MozyHome
2009-02-21 10:30 --------- d-----w c:\program files\MediaInfo
2009-02-21 10:30 --------- d-----w c:\program files\MediaCoder
2009-02-21 10:30 --------- d-----w c:\program files\iTunes
2009-02-21 10:30 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\BinarySense
2009-02-21 10:30 --------- d-----w c:\program files\Common Files\Akamai
2009-02-21 10:30 --------- d-----w c:\program files\ATITool
2009-02-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 15:49 --------- d-----w c:\program files\MediaCoder iPhone Edition
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 13:55 --------- d-----w c:\program files\Gigabyte
2009-02-07 11:22 77,168 ----a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-03 15:59 --------- d-----w c:\program files\USDownloader135
2009-02-01 20:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-01 20:48 22,328 ----a-w c:\documents and settings\Petr\Data aplikací\PnkBstrK.sys
2009-02-01 19:59 --------- d-----w c:\program files\Codemasters
2009-02-01 18:22 --------- d-----w c:\documents and settings\Petr\Data aplikací\Skype
2009-02-01 18:00 --------- d-----w c:\documents and settings\Petr\Data aplikací\skypePM
2009-01-29 14:39 --------- d-----w c:\program files\Skype
2009-01-25 07:37 --------- d-----w c:\program files\Personal Voice Changer Driver
2009-01-24 18:40 --------- d-----w c:\program files\Windows Desktop Search
2009-01-24 10:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-01-23 18:54 --------- d-----w c:\documents and settings\Petr\Data aplikací\Windows Search
2009-01-21 19:33 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-01-21 19:33 23,600 ----a-w c:\windows\system32\drivers\TVICHW32(2).SYS
2009-01-19 16:07 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-19 16:06 --------- d-----w c:\program files\iPod
2009-01-18 20:48 --------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-18 20:40 --------- d-----w c:\documents and settings\Petr\Data aplikací\Malwarebytes
2009-01-12 20:06 --------- d-----w c:\program files\Common Files\Apple
2009-01-12 20:04 --------- d-----w c:\program files\QuickTime Alternative
2009-01-11 19:57 --------- d-----w c:\program files\WinSCP
2009-01-09 14:23 319,488 ----a-w c:\windows\HideWin.exe
2009-01-08 20:54 --------- d-----w c:\program files\HD Tune
2008-02-07 13:53 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-10-24 06:47 47,360 ----a-w c:\documents and settings\Petr\Data aplikací\pcouffin.sys
2007-10-11 08:23 8,255 -c--a-w c:\program files\atitool.rar
2007-09-06 12:28 1,097,728 ----a-w c:\documents and settings\Petr\iTunesMobileDevice.dll
2005-01-28 14:15 192,512 ----a-w c:\windows\inf\unregmp2(2).exe
2008-01-08 18:47 61 --sh--w c:\windows\cnerolf.bin
2008-02-04 19:26 151,040 --sha-w c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-25_20.39.32.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:42 8,465,920 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:36:00 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:36:01 233,848 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:36:00 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:36:04 759,160 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:36:11 391,032 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-04-14 06:51:56 8,465,408 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02:56 8,465,408 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-06-29 15:46:40 128,840 ----a-w c:\windows\system32\Metacafe.scr
+ 2009-02-17 20:39:11 128,840 ----a-w c:\windows\system32\Metacafe.scr
- 2008-04-14 06:51:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:09 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:36:00 18,296 ------w c:\windows\system32\spmsg.dll
+ 2009-02-26 16:44:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_364.dat
+ 2009-02-26 16:44:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_68c.dat
+ 2009-02-26 16:44:01 16,384 ----atw c:\windows\temp\Perflib_Perfdata_784.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-10-24 15:52 3044664 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-10-24 15:52 3044664 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tray3"="c:\windows\system32\RecvMessage.exe" [2007-01-10 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 c:\windows\RTHDCPL.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2).ini [2008-10-31 169]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-02-17 145736]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2008-10-24 2954552]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-25 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"avast! Web Scanner"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\strongDCrc10\\StrongDC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\update.exe"=
"c:\\WINDOWS\\system32\\RecvMessage.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53752]
R2 COM Service;COM Service;c:\program files\Gigabyte\C.O.M\GCSVR.exe [2009-02-07 16384]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2007-08-09 816376]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S1 amdtools;AMD Special Tools Driver; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f9586d-7ab8-11dc-8682-001a4d4ebf13}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-02-25 c:\windows\Tasks\20090107_211900_Hlavní Záloha.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 09:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://esd.element5.com/product.html?pr ... =200030350
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\BinarySense\HDDlife 3\hlAPP.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\4o3l9ne1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 17:44:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
c:\windows\system32\jcsb.new 10920 bytes
c:\windows\system32\jcsball.dat 30671 bytes
c:\windows\system32\jerror.dat 2186 bytes

sken byl úspešně dokončen
skryté soubory: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet108\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\notepad.exe
c:\program files\ATITool\ATITool.exe
c:\program files\ATITool\ATITool.exe
c:\windows\system32\notepad.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PdaNet for iPhone\PdaNetPC.exe
c:\program files\PdaNet for iPhone\PdaNetPC.exe
c:\program files\totalcmd\TOTALCMD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2009-02-26 17:48:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-26 16:48:22
ComboFix2.txt 2009-02-25 19:40:59

Před spuštěním: Volných bajtů: 168,601,382,912
Po spuštění: Volných bajtů: 168,441,073,664

Current=108 Default=108 Failed=107 LastKnownGood=109 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109
682 --- E O F --- 2009-02-26 13:51:20

[legendaryboy]

Tak nakonec nastartovali... ted jdu na MWAV scan...odinstaloval sem 100 GB her tak by to mohlo svistet o hodinu rychleji. Mohl bych to sem nahodit este dneska. Jinak moc diky, zatim to vypada nadejne!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45, on 2009-02-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\C.O.M\GCSVR.EXE
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RecvMessage.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esd.element5.com/product.html?pr ... =200030350
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [tray3] C:\WINDOWS\system32\RecvMessage.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATITool(2).lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Startup: desktop(2).ini
O4 - Startup: HDDlife.lnk = ?
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: PdaNet Desktop(2).lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Startup: Total Commander(2).lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O4 - Startup: Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://193.165.78.6/VatDec.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1786278468
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Service - Unknown owner - C:\Program Files\GIGABYTE\C.O.M\GCSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature Service (HDD Temperature) - Windows (R) Server 2003 DDK provider - (no file)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe

--
End of file - 15067 bytes

[legendaryboy]

Tak nevim cim to je chyba, MWAV scan mel dobehnout a pak sem mel nastaveno uspani pc (usporny rezim), uspal se. Rano sem probudil avsak na posledni chvili s poslednimi zbytky stability systemu zkopiroval log do textaku, bylo to o fous, protoze Firefox pripojeny k netu mi prestal pracovat, reagovat, dale reset. Ale asi sem pripojil komp prilis brzy po nabootovani k netu, zase zasek, restart do WINDOWS.0 Abych log mohl odeslat.
Zde je.

Kua ja ho mam na plose a z tehle win se k nemu nedostanu, to sem podcenil.... me jebne

[jaro3]

C:\Documents and Settings\Jméno\Plocha
Ty tam máš ještě BitDefender? Vidím ho v logu HJT.
Ještě script v CF:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\dllcache\OLD*.tmp
c:\windows\SxsCaPendDel


Postup stejný , vypnout ochrany antiviru+firewall.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -


Pak ten MWAV.