win32:Rustnt [Rtk] Vyřešeno

[tom99cz]

Dobry den,
mam nainstalovany Avast a hlasi mi win32:Rustnt [Rtk.
po pripojeni pc na sit mi automaticky PC zacne odesilat spam maily buh vi kam. Prosim poradte mi co s tim mam delat.
Preji pekny den a dekuji


Malwarebytes' Anti-Malware 1.38
Verze databáze: 2297
Windows 5.1.2600 Service Pack 3

13.7.2009 11:52:21
mbam-log-2009-07-13 (11-52-14).txt

Typ skenu: Rychlý sken
Objektu skenováno: 100796
Uplynulý cas: 5 minute(s), 3 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\documents and settings\TTT\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

[Reklama]

[Damned]

Stáhni si z mého podpisu Hijackthis, a podle návodu udělej z něho log a dej vlož ho sem.

[Damned]

Tentle svůj topic : viewtopic.php?f=47&t=42476 smaž.

[ReCall]

Nebo spíš označ jako vyřešený, smazat asi nepůjde.

[tom99cz]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:22, on 13.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\TTT\Plocha\Rapidshare\RapGet\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba Google Update (gupdate1c9ae0e76233004) (gupdate1c9ae0e76233004) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11019 bytes

Jeste jednou dekuji

[Damned]

Vítám tě zde.

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)*****************************************************************************************************************************************
Potom spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[tom99cz]

Jeste jednou pekny den,
zde jsou ty vysledky
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2297
Windows 5.1.2600 Service Pack 3

13.7.2009 15:31:40
mbam-log-2009-07-13 (15-31-40).txt

Typ skenu: Rychlý sken
Objektu skenováno: 100725
Uplynulý cas: 5 minute(s), 24 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\documents and settings\TTT\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
----------------------------------------------
po opetovnem spusteni to bylo ciste.
a zde je vysledek z Combo
ComboFix 09-07-12.03 - TTT 13.07.2009 15:48.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.569 [GMT 2:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090709-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\10c20a.msp
c:\windows\Installer\12c528.msp
c:\windows\Installer\28aee8c.msp
c:\windows\Installer\2b53c.msp
c:\windows\Installer\2b84a.msp
c:\windows\Installer\2ccf060.msp
c:\windows\Installer\33421.msp
c:\windows\Installer\33426.msp
c:\windows\Installer\38eadc.msp
c:\windows\Installer\3d711b.msp
c:\windows\Installer\3d7120.msp
c:\windows\Installer\40740.msp
c:\windows\Installer\40d79.msp
c:\windows\Installer\458cb.msp
c:\windows\Installer\4e939d3.msp
c:\windows\Installer\4e939d8.msp
c:\windows\Installer\5a6eb2.msp
c:\windows\Installer\87e89a.msp
c:\windows\Installer\99b2fc.msp
c:\windows\Installer\99b33a.msp
c:\windows\Installer\9e7a5.msp
c:\windows\Installer\b079b.msi
c:\windows\Installer\da99e.msp
c:\windows\Installer\e7ab9.msp
c:\windows\Installer\e7abe.msp
c:\windows\system32\drivers\f012939b.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_f012939b


((((((((((((((((((((((((( Soubory vytvořené od 2009-06-13 do 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 12:26 . 2009-07-13 12:26 -------- d-----w- c:\program files\Trend Micro
2009-07-13 12:25 . 2009-07-13 12:25 -------- d-----w- C:\Trend Micro
2009-07-13 09:46 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:46 . 2009-07-13 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 09:46 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 09:39 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 09:39 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 09:39 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 09:39 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 09:39 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 09:39 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 09:39 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 09:39 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 09:38 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-10 09:38 . 2009-07-10 09:38 -------- d-----w- c:\program files\Alwil Software
2009-07-10 09:09 . 2009-07-10 09:09 -------- d-sh--w- C:\FOUND.428
2009-07-09 16:05 . 2009-07-09 16:05 -------- d-----w- C:\TRANSLAT
2009-07-09 15:32 . 2009-07-09 15:32 -------- d-----w- c:\program files\Zoner
2009-07-01 07:22 . 2009-07-01 07:22 -------- d-sh--w- C:\FOUND.427
2009-06-27 08:23 . 2009-06-27 08:23 -------- d-sh--w- C:\FOUND.426
2009-06-27 04:30 . 2009-06-27 04:30 -------- d-sh--w- C:\FOUND.425
2009-06-27 04:19 . 2009-06-27 04:19 -------- d-sh--w- C:\FOUND.424
2009-06-27 04:09 . 2009-06-27 04:09 -------- d-sh--w- C:\FOUND.423
2009-06-27 03:59 . 2009-06-27 03:59 -------- d-sh--w- C:\FOUND.422
2009-06-27 03:53 . 2009-06-27 03:53 -------- d-sh--w- C:\FOUND.421
2009-06-27 03:43 . 2009-06-27 03:43 -------- d-sh--w- C:\FOUND.420
2009-06-27 03:33 . 2009-06-27 03:33 -------- d-sh--w- C:\FOUND.419
2009-06-27 03:22 . 2009-06-27 03:22 -------- d-sh--w- C:\FOUND.418
2009-06-27 03:12 . 2009-06-27 03:12 -------- d-sh--w- C:\FOUND.417
2009-06-27 03:02 . 2009-06-27 03:02 -------- d-sh--w- C:\FOUND.416
2009-06-27 02:51 . 2009-06-27 02:51 -------- d-sh--w- C:\FOUND.415
2009-06-27 02:41 . 2009-06-27 02:41 -------- d-sh--w- C:\FOUND.414
2009-06-27 02:31 . 2009-06-27 02:31 -------- d-sh--w- C:\FOUND.413
2009-06-27 02:20 . 2009-06-27 02:20 -------- d-sh--w- C:\FOUND.412
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-sh--w- C:\FOUND.411
2009-06-27 02:00 . 2009-06-27 02:00 -------- d-sh--w- C:\FOUND.410
2009-06-27 01:49 . 2009-06-27 01:49 -------- d-sh--w- C:\FOUND.409
2009-06-27 01:39 . 2009-06-27 01:39 -------- d-sh--w- C:\FOUND.408
2009-06-27 01:29 . 2009-06-27 01:29 -------- d-sh--w- C:\FOUND.407
2009-06-27 01:18 . 2009-06-27 01:18 -------- d-sh--w- C:\FOUND.406
2009-06-27 01:08 . 2009-06-27 01:08 -------- d-sh--w- C:\FOUND.405
2009-06-27 00:58 . 2009-06-27 00:58 -------- d-sh--w- C:\FOUND.404
2009-06-27 00:48 . 2009-06-27 00:48 -------- d-sh--w- C:\FOUND.403
2009-06-27 00:37 . 2009-06-27 00:37 -------- d-sh--w- C:\FOUND.402
2009-06-27 00:27 . 2009-06-27 00:27 -------- d-sh--w- C:\FOUND.401
2009-06-23 07:33 . 2009-06-23 07:33 -------- d-sh--w- C:\FOUND.400
2009-06-22 20:30 . 2009-06-22 20:30 -------- d-sh--w- C:\FOUND.399
2009-06-22 20:20 . 2009-06-22 20:20 -------- d-sh--w- C:\FOUND.398
2009-06-22 20:10 . 2009-06-22 20:10 -------- d-sh--w- C:\FOUND.397
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-sh--w- C:\FOUND.396
2009-06-22 19:49 . 2009-06-22 19:49 -------- d-sh--w- C:\FOUND.395
2009-06-22 19:39 . 2009-06-22 19:39 -------- d-sh--w- C:\FOUND.394
2009-06-22 19:29 . 2009-06-22 19:29 -------- d-sh--w- C:\FOUND.393
2009-06-22 19:18 . 2009-06-22 19:18 -------- d-sh--w- C:\FOUND.392
2009-06-22 19:08 . 2009-06-22 19:08 -------- d-sh--w- C:\FOUND.391
2009-06-22 18:58 . 2009-06-22 18:58 -------- d-sh--w- C:\FOUND.390
2009-06-22 18:47 . 2009-06-22 18:47 -------- d-sh--w- C:\FOUND.389
2009-06-22 18:37 . 2009-06-22 18:37 -------- d-sh--w- C:\FOUND.388
2009-06-22 18:27 . 2009-06-22 18:27 -------- d-sh--w- C:\FOUND.387
2009-06-22 18:17 . 2009-06-22 18:17 -------- d-sh--w- C:\FOUND.386
2009-06-22 18:07 . 2009-06-22 18:07 -------- d-sh--w- C:\FOUND.385
2009-06-22 17:56 . 2009-06-22 17:56 -------- d-sh--w- C:\FOUND.384
2009-06-22 17:46 . 2009-06-22 17:46 -------- d-sh--w- C:\FOUND.383
2009-06-22 17:36 . 2009-06-22 17:36 -------- d-sh--w- C:\FOUND.382
2009-06-22 17:25 . 2009-06-22 17:25 -------- d-sh--w- C:\FOUND.381
2009-06-22 17:15 . 2009-06-22 17:15 -------- d-sh--w- C:\FOUND.380
2009-06-22 17:05 . 2009-06-22 17:05 -------- d-sh--w- C:\FOUND.379
2009-06-22 16:54 . 2009-06-22 16:54 -------- d-sh--w- C:\FOUND.378
2009-06-22 16:44 . 2009-06-22 16:44 -------- d-sh--w- C:\FOUND.377
2009-06-22 16:34 . 2009-06-22 16:34 -------- d-sh--w- C:\FOUND.376
2009-06-22 16:24 . 2009-06-22 16:24 -------- d-sh--w- C:\FOUND.375

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 18:59 . 2008-01-03 13:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-15 10:10 . 2004-11-20 09:15 92114 ----a-w- c:\windows\system32\perfc005.dat
2009-06-15 10:10 . 2004-11-20 09:15 462136 ----a-w- c:\windows\system32\perfh005.dat
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-14 10:03 . 2009-05-14 10:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 13:12 . 2006-06-23 17:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-11 11:59 . 2006-07-19 04:50 676 ----a-w- c:\windows\im32st.dat
2009-05-07 15:33 . 2004-11-20 09:14 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-11-20 09:14 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-11-20 09:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:52 . 2004-11-20 09:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-11-20 09:14 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-07-09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-20 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-19 544768]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-18 15797248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 11:39 114768]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 11:39 20560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [23.6.2006 19:45 16269]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [23.6.2006 19:43 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [23.6.2006 19:43 8278]
S2 gupdate1c9ae0e76233004;Služba Google Update (gupdate1c9ae0e76233004);c:\program files\Google\Update\GoogleUpdate.exe [26.3.2009 13:29 133104]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\TTT\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\TTT\LOCALS~1\Temp\cusbohcn.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4.8.2008 23:52 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4.8.2008 23:52 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\drivers\u3kmini.sys [20.1.2008 23:23 352000]
S4 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 11:27]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 11:28]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 11:28]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: Download with Rapget - c:\documents and settings\TTT\Plocha\Rapidshare\RapGet\rapget.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 15:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,00,73,0a,b1,de,6f,fb,31,c8,c5,39,31,5c,bb,7b,a3,6d,11,eb,5a,45,34,
01,24,02,63,84,c0,fe,9e,ec,99,40,61,b7,8a,be,de,83,5a,d5,42,6e,53,27,fd,a5,\
"??"=hex:e5,53,a2,9a,f5,4d,7b,fd,45,33,8a,d1,04,89,11,e4

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\SecuROM\License information*]
"datasecu"=hex:0d,4a,ce,f3,54,8b,a3,4c,fd,ba,cb,ed,28,c9,37,b1,e6,b5,b0,8f,91,
10,c6,03,22,28,7c,9d,3c,1a,1a,08,c4,76,0d,12,28,df,ad,63,23,ed,9c,fd,4d,7a,\
"rkeysecu"=hex:e7,f2,b7,e5,55,cc,05,b0,1c,3e,9b,6e,a4,a0,be,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\nvwddi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\ATK0100\ATKOSD.EXE
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-07-13 15:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-13 13:58

Před spuštěním: Volných bajtů: 16 614 670 336
Po spuštění: Volných bajtů: 16 610 672 640

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

281 --- E O F --- 2009-06-11 12:37
Dekuji Vam..

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\FOUND.428
C:\FOUND.427
C:\FOUND.426
C:\FOUND.425
C:\FOUND.424
C:\FOUND.423
C:\FOUND.422
C:\FOUND.421
C:\FOUND.420
C:\FOUND.419
C:\FOUND.418
C:\FOUND.417
C:\FOUND.416
C:\FOUND.415
C:\FOUND.414
C:\FOUND.413
C:\FOUND.412
C:\FOUND.411
C:\FOUND.410
C:\FOUND.409
C:\FOUND.408
C:\FOUND.407
C:\FOUND.406
C:\FOUND.405
C:\FOUND.404
C:\FOUND.403
C:\FOUND.402
C:\FOUND.401
C:\FOUND.400
C:\FOUND.399
C:\FOUND.398
C:\FOUND.397
C:\FOUND.396
C:\FOUND.395
C:\FOUND.394
C:\FOUND.393
C:\FOUND.392
C:\FOUND.391
C:\FOUND.390
C:\FOUND.389
C:\FOUND.388
C:\FOUND.387
C:\FOUND.386
C:\FOUND.385
C:\FOUND.384
C:\FOUND.383
C:\FOUND.382
C:\FOUND.381
C:\FOUND.380
C:\FOUND.379
C:\FOUND.378
C:\FOUND.377
C:\FOUND.376
C:\FOUND.375
c:\windows\system32\d3d9caps.dat
c:\windows\im32st.dat
c:\docume~1\TTT\LOCALS~1\Temp\cusbohcn.sys
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Folder::
C:\FOUND.428
C:\FOUND.427
C:\FOUND.426
C:\FOUND.425
C:\FOUND.424
C:\FOUND.423
C:\FOUND.422
C:\FOUND.421
C:\FOUND.420
C:\FOUND.419
C:\FOUND.418
C:\FOUND.417
C:\FOUND.416
C:\FOUND.415
C:\FOUND.414
C:\FOUND.413
C:\FOUND.412
C:\FOUND.411
C:\FOUND.410
C:\FOUND.409
C:\FOUND.408
C:\FOUND.407
C:\FOUND.406
C:\FOUND.405
C:\FOUND.404
C:\FOUND.403
C:\FOUND.402
C:\FOUND.401
C:\FOUND.400
C:\FOUND.399
C:\FOUND.398
C:\FOUND.397
C:\FOUND.396
C:\FOUND.395
C:\FOUND.394
C:\FOUND.393
C:\FOUND.392
C:\FOUND.391
C:\FOUND.390
C:\FOUND.389
C:\FOUND.388
C:\FOUND.387
C:\FOUND.386
C:\FOUND.385
C:\FOUND.384
C:\FOUND.383
C:\FOUND.382
C:\FOUND.381
C:\FOUND.380
C:\FOUND.379
C:\FOUND.378
C:\FOUND.377
C:\FOUND.376
C:\FOUND.375

Driver::
cusbohcn;cusbohcn
cusbohcn
Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate
Plánovač automatické aktualizace LiveUpdate
ALUSchedulerSvc

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[tom99cz]

Dobry den, tady jsou ty vysledky

ComboFix 09-07-12.03 - TTT 14.07.2009 9:54.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.512 [GMT 2:00]
Spuštěný z: F:\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TTT\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090709-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\TTT\LOCALS~1\Temp\cusbohcn.sys"
"C:\FOUND.375"
"C:\FOUND.376"
"C:\FOUND.377"
"C:\FOUND.378"
"C:\FOUND.379"
"C:\FOUND.380"
"C:\FOUND.381"
"C:\FOUND.382"
"C:\FOUND.383"
"C:\FOUND.384"
"C:\FOUND.385"
"C:\FOUND.386"
"C:\FOUND.387"
"C:\FOUND.388"
"C:\FOUND.389"
"C:\FOUND.390"
"C:\FOUND.391"
"C:\FOUND.392"
"C:\FOUND.393"
"C:\FOUND.394"
"C:\FOUND.395"
"C:\FOUND.396"
"C:\FOUND.397"
"C:\FOUND.398"
"C:\FOUND.399"
"C:\FOUND.400"
"C:\FOUND.401"
"C:\FOUND.402"
"C:\FOUND.403"
"C:\FOUND.404"
"C:\FOUND.405"
"C:\FOUND.406"
"C:\FOUND.407"
"C:\FOUND.408"
"C:\FOUND.409"
"C:\FOUND.410"
"C:\FOUND.411"
"C:\FOUND.412"
"C:\FOUND.413"
"C:\FOUND.414"
"C:\FOUND.415"
"C:\FOUND.416"
"C:\FOUND.417"
"C:\FOUND.418"
"C:\FOUND.419"
"C:\FOUND.420"
"C:\FOUND.421"
"C:\FOUND.422"
"C:\FOUND.423"
"C:\FOUND.424"
"C:\FOUND.425"
"C:\FOUND.426"
"C:\FOUND.427"
"C:\FOUND.428"
"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"c:\windows\im32st.dat"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.375
c:\found.375\FILE0000.CHK
c:\found.375\FILE0001.CHK
c:\found.375\FILE0002.CHK
c:\found.375\FILE0003.CHK
c:\found.375\FILE0004.CHK
C:\FOUND.376
c:\found.376\FILE0000.CHK
c:\found.376\FILE0001.CHK
c:\found.376\FILE0002.CHK
c:\found.376\FILE0003.CHK
c:\found.376\FILE0004.CHK
c:\found.376\FILE0005.CHK
c:\found.376\FILE0006.CHK
c:\found.376\FILE0007.CHK
c:\found.376\FILE0008.CHK
c:\found.376\FILE0009.CHK
c:\found.376\FILE0010.CHK
c:\found.376\FILE0011.CHK
C:\FOUND.377
c:\found.377\FILE0000.CHK
c:\found.377\FILE0001.CHK
c:\found.377\FILE0002.CHK
c:\found.377\FILE0003.CHK
c:\found.377\FILE0004.CHK
c:\found.377\FILE0005.CHK
c:\found.377\FILE0006.CHK
c:\found.377\FILE0007.CHK
c:\found.377\FILE0008.CHK
c:\found.377\FILE0009.CHK
c:\found.377\FILE0010.CHK
C:\FOUND.378
c:\found.378\FILE0000.CHK
c:\found.378\FILE0001.CHK
c:\found.378\FILE0002.CHK
c:\found.378\FILE0003.CHK
c:\found.378\FILE0004.CHK
c:\found.378\FILE0005.CHK
c:\found.378\FILE0006.CHK
c:\found.378\FILE0007.CHK
c:\found.378\FILE0008.CHK
C:\FOUND.379
c:\found.379\FILE0000.CHK
c:\found.379\FILE0001.CHK
c:\found.379\FILE0002.CHK
c:\found.379\FILE0003.CHK
c:\found.379\FILE0004.CHK
c:\found.379\FILE0005.CHK
c:\found.379\FILE0006.CHK
c:\found.379\FILE0007.CHK
c:\found.379\FILE0008.CHK
c:\found.379\FILE0009.CHK
c:\found.379\FILE0010.CHK
c:\found.379\FILE0011.CHK
c:\found.379\FILE0012.CHK
c:\found.379\FILE0013.CHK
c:\found.379\FILE0014.CHK
c:\found.379\FILE0015.CHK
c:\found.379\FILE0016.CHK
c:\found.379\FILE0017.CHK
c:\found.379\FILE0018.CHK
C:\FOUND.380
c:\found.380\FILE0000.CHK
c:\found.380\FILE0001.CHK
c:\found.380\FILE0002.CHK
c:\found.380\FILE0003.CHK
c:\found.380\FILE0004.CHK
c:\found.380\FILE0005.CHK
c:\found.380\FILE0006.CHK
c:\found.380\FILE0007.CHK
c:\found.380\FILE0008.CHK
c:\found.380\FILE0009.CHK
c:\found.380\FILE0010.CHK
C:\FOUND.381
c:\found.381\FILE0000.CHK
c:\found.381\FILE0001.CHK
c:\found.381\FILE0002.CHK
c:\found.381\FILE0003.CHK
c:\found.381\FILE0004.CHK
c:\found.381\FILE0005.CHK
c:\found.381\FILE0006.CHK
c:\found.381\FILE0007.CHK
c:\found.381\FILE0008.CHK
c:\found.381\FILE0009.CHK
c:\found.381\FILE0010.CHK
C:\FOUND.382
c:\found.382\FILE0000.CHK
c:\found.382\FILE0001.CHK
c:\found.382\FILE0002.CHK
c:\found.382\FILE0003.CHK
c:\found.382\FILE0004.CHK
c:\found.382\FILE0005.CHK
c:\found.382\FILE0006.CHK
c:\found.382\FILE0007.CHK
c:\found.382\FILE0008.CHK
c:\found.382\FILE0009.CHK
c:\found.382\FILE0010.CHK
c:\found.382\FILE0011.CHK
c:\found.382\FILE0012.CHK
c:\found.382\FILE0013.CHK
c:\found.382\FILE0014.CHK
c:\found.382\FILE0015.CHK
c:\found.382\FILE0016.CHK
c:\found.382\FILE0017.CHK
C:\FOUND.383
c:\found.383\FILE0000.CHK
c:\found.383\FILE0001.CHK
c:\found.383\FILE0002.CHK
c:\found.383\FILE0003.CHK
c:\found.383\FILE0004.CHK
c:\found.383\FILE0005.CHK
c:\found.383\FILE0006.CHK
c:\found.383\FILE0007.CHK
c:\found.383\FILE0008.CHK
c:\found.383\FILE0009.CHK
c:\found.383\FILE0010.CHK
c:\found.383\FILE0011.CHK
C:\FOUND.384
c:\found.384\FILE0000.CHK
c:\found.384\FILE0001.CHK
c:\found.384\FILE0002.CHK
c:\found.384\FILE0003.CHK
c:\found.384\FILE0004.CHK
c:\found.384\FILE0005.CHK
c:\found.384\FILE0006.CHK
c:\found.384\FILE0007.CHK
c:\found.384\FILE0008.CHK
c:\found.384\FILE0009.CHK
C:\FOUND.385
c:\found.385\FILE0000.CHK
c:\found.385\FILE0001.CHK
c:\found.385\FILE0002.CHK
c:\found.385\FILE0003.CHK
c:\found.385\FILE0004.CHK
c:\found.385\FILE0005.CHK
c:\found.385\FILE0006.CHK
c:\found.385\FILE0007.CHK
c:\found.385\FILE0008.CHK
c:\found.385\FILE0009.CHK
c:\found.385\FILE0010.CHK
c:\found.385\FILE0011.CHK
c:\found.385\FILE0012.CHK
c:\found.385\FILE0013.CHK
c:\found.385\FILE0014.CHK
c:\found.385\FILE0015.CHK
C:\FOUND.386
c:\found.386\FILE0000.CHK
c:\found.386\FILE0001.CHK
c:\found.386\FILE0002.CHK
c:\found.386\FILE0003.CHK
c:\found.386\FILE0004.CHK
c:\found.386\FILE0005.CHK
c:\found.386\FILE0006.CHK
c:\found.386\FILE0007.CHK
c:\found.386\FILE0008.CHK
c:\found.386\FILE0009.CHK
C:\FOUND.387
c:\found.387\FILE0000.CHK
c:\found.387\FILE0001.CHK
c:\found.387\FILE0002.CHK
c:\found.387\FILE0003.CHK
c:\found.387\FILE0004.CHK
c:\found.387\FILE0005.CHK
c:\found.387\FILE0006.CHK
c:\found.387\FILE0007.CHK
c:\found.387\FILE0008.CHK
c:\found.387\FILE0009.CHK
c:\found.387\FILE0010.CHK
c:\found.387\FILE0011.CHK
C:\FOUND.388
c:\found.388\FILE0000.CHK
c:\found.388\FILE0001.CHK
c:\found.388\FILE0002.CHK
c:\found.388\FILE0003.CHK
c:\found.388\FILE0004.CHK
c:\found.388\FILE0005.CHK
c:\found.388\FILE0006.CHK
c:\found.388\FILE0007.CHK
c:\found.388\FILE0008.CHK
c:\found.388\FILE0009.CHK
c:\found.388\FILE0010.CHK
c:\found.388\FILE0011.CHK
c:\found.388\FILE0012.CHK
c:\found.388\FILE0013.CHK
c:\found.388\FILE0014.CHK
c:\found.388\FILE0015.CHK
c:\found.388\FILE0016.CHK
c:\found.388\FILE0017.CHK
C:\FOUND.389
c:\found.389\FILE0000.CHK
c:\found.389\FILE0001.CHK
c:\found.389\FILE0002.CHK
c:\found.389\FILE0003.CHK
c:\found.389\FILE0004.CHK
c:\found.389\FILE0005.CHK
c:\found.389\FILE0006.CHK
c:\found.389\FILE0007.CHK
c:\found.389\FILE0008.CHK
c:\found.389\FILE0009.CHK
c:\found.389\FILE0010.CHK
c:\found.389\FILE0011.CHK
C:\FOUND.390
c:\found.390\FILE0000.CHK
c:\found.390\FILE0001.CHK
c:\found.390\FILE0002.CHK
c:\found.390\FILE0003.CHK
c:\found.390\FILE0004.CHK
c:\found.390\FILE0005.CHK
c:\found.390\FILE0006.CHK
c:\found.390\FILE0007.CHK
c:\found.390\FILE0008.CHK
c:\found.390\FILE0009.CHK
c:\found.390\FILE0010.CHK
c:\found.390\FILE0011.CHK
C:\FOUND.391
c:\found.391\FILE0000.CHK
c:\found.391\FILE0001.CHK
c:\found.391\FILE0002.CHK
c:\found.391\FILE0003.CHK
c:\found.391\FILE0004.CHK
c:\found.391\FILE0005.CHK
c:\found.391\FILE0006.CHK
c:\found.391\FILE0007.CHK
c:\found.391\FILE0008.CHK
c:\found.391\FILE0009.CHK
c:\found.391\FILE0010.CHK
c:\found.391\FILE0011.CHK
c:\found.391\FILE0012.CHK
c:\found.391\FILE0013.CHK
c:\found.391\FILE0014.CHK
c:\found.391\FILE0015.CHK
c:\found.391\FILE0016.CHK
C:\FOUND.392
c:\found.392\FILE0000.CHK
c:\found.392\FILE0001.CHK
c:\found.392\FILE0002.CHK
c:\found.392\FILE0003.CHK
c:\found.392\FILE0004.CHK
c:\found.392\FILE0005.CHK
c:\found.392\FILE0006.CHK
c:\found.392\FILE0007.CHK
c:\found.392\FILE0008.CHK
c:\found.392\FILE0009.CHK
C:\FOUND.393
c:\found.393\FILE0000.CHK
c:\found.393\FILE0001.CHK
c:\found.393\FILE0002.CHK
c:\found.393\FILE0003.CHK
c:\found.393\FILE0004.CHK
c:\found.393\FILE0005.CHK
c:\found.393\FILE0006.CHK
c:\found.393\FILE0007.CHK
c:\found.393\FILE0008.CHK
c:\found.393\FILE0009.CHK
c:\found.393\FILE0010.CHK
C:\FOUND.394
c:\found.394\FILE0000.CHK
c:\found.394\FILE0001.CHK
c:\found.394\FILE0002.CHK
c:\found.394\FILE0003.CHK
c:\found.394\FILE0004.CHK
c:\found.394\FILE0005.CHK
c:\found.394\FILE0006.CHK
c:\found.394\FILE0007.CHK
c:\found.394\FILE0008.CHK
c:\found.394\FILE0009.CHK
c:\found.394\FILE0010.CHK
c:\found.394\FILE0011.CHK
c:\found.394\FILE0012.CHK
c:\found.394\FILE0013.CHK
C:\FOUND.395
c:\found.395\FILE0000.CHK
c:\found.395\FILE0001.CHK
c:\found.395\FILE0002.CHK
c:\found.395\FILE0003.CHK
c:\found.395\FILE0004.CHK
c:\found.395\FILE0005.CHK
c:\found.395\FILE0006.CHK
c:\found.395\FILE0007.CHK
c:\found.395\FILE0008.CHK
c:\found.395\FILE0009.CHK
C:\FOUND.396
c:\found.396\FILE0000.CHK
c:\found.396\FILE0001.CHK
c:\found.396\FILE0002.CHK
c:\found.396\FILE0003.CHK
c:\found.396\FILE0004.CHK
c:\found.396\FILE0005.CHK
c:\found.396\FILE0006.CHK
c:\found.396\FILE0007.CHK
c:\found.396\FILE0008.CHK
c:\found.396\FILE0009.CHK
c:\found.396\FILE0010.CHK
c:\found.396\FILE0011.CHK
c:\found.396\FILE0012.CHK
c:\found.396\FILE0013.CHK
c:\found.396\FILE0014.CHK
c:\found.396\FILE0015.CHK
c:\found.396\FILE0016.CHK
c:\found.396\FILE0017.CHK
C:\FOUND.397
c:\found.397\FILE0000.CHK
c:\found.397\FILE0001.CHK
c:\found.397\FILE0002.CHK
c:\found.397\FILE0003.CHK
c:\found.397\FILE0004.CHK
c:\found.397\FILE0005.CHK
c:\found.397\FILE0006.CHK
c:\found.397\FILE0007.CHK
c:\found.397\FILE0008.CHK
c:\found.397\FILE0009.CHK
c:\found.397\FILE0010.CHK
c:\found.397\FILE0011.CHK
c:\found.397\FILE0012.CHK
c:\found.397\FILE0013.CHK
c:\found.397\FILE0014.CHK
C:\FOUND.398
c:\found.398\FILE0000.CHK
c:\found.398\FILE0001.CHK
c:\found.398\FILE0002.CHK
c:\found.398\FILE0003.CHK
c:\found.398\FILE0004.CHK
c:\found.398\FILE0005.CHK
c:\found.398\FILE0006.CHK
c:\found.398\FILE0007.CHK
c:\found.398\FILE0008.CHK
c:\found.398\FILE0009.CHK
c:\found.398\FILE0010.CHK
c:\found.398\FILE0011.CHK
c:\found.398\FILE0012.CHK
c:\found.398\FILE0013.CHK
c:\found.398\FILE0014.CHK
c:\found.398\FILE0015.CHK
C:\FOUND.399
c:\found.399\FILE0000.CHK
c:\found.399\FILE0001.CHK
c:\found.399\FILE0002.CHK
c:\found.399\FILE0003.CHK
c:\found.399\FILE0004.CHK
c:\found.399\FILE0005.CHK
c:\found.399\FILE0006.CHK
c:\found.399\FILE0007.CHK
c:\found.399\FILE0008.CHK
c:\found.399\FILE0009.CHK
c:\found.399\FILE0010.CHK
c:\found.399\FILE0011.CHK
c:\found.399\FILE0012.CHK
C:\FOUND.400
c:\found.400\FILE0000.CHK
c:\found.400\FILE0001.CHK
c:\found.400\FILE0002.CHK
c:\found.400\FILE0003.CHK
c:\found.400\FILE0004.CHK
c:\found.400\FILE0005.CHK
c:\found.400\FILE0006.CHK
c:\found.400\FILE0007.CHK
c:\found.400\FILE0008.CHK
c:\found.400\FILE0009.CHK
c:\found.400\FILE0010.CHK
c:\found.400\FILE0011.CHK
c:\found.400\FILE0012.CHK
c:\found.400\FILE0013.CHK
C:\FOUND.401
c:\found.401\FILE0000.CHK
c:\found.401\FILE0001.CHK
c:\found.401\FILE0002.CHK
c:\found.401\FILE0003.CHK
c:\found.401\FILE0004.CHK
c:\found.401\FILE0005.CHK
c:\found.401\FILE0006.CHK
c:\found.401\FILE0007.CHK
c:\found.401\FILE0008.CHK
c:\found.401\FILE0009.CHK
c:\found.401\FILE0010.CHK
c:\found.401\FILE0011.CHK
c:\found.401\FILE0012.CHK
c:\found.401\FILE0013.CHK
c:\found.401\FILE0014.CHK
c:\found.401\FILE0015.CHK
c:\found.401\FILE0016.CHK
C:\FOUND.402
c:\found.402\FILE0000.CHK
c:\found.402\FILE0001.CHK
c:\found.402\FILE0002.CHK
c:\found.402\FILE0003.CHK
c:\found.402\FILE0004.CHK
c:\found.402\FILE0005.CHK
c:\found.402\FILE0006.CHK
c:\found.402\FILE0007.CHK
c:\found.402\FILE0008.CHK
c:\found.402\FILE0009.CHK
c:\found.402\FILE0010.CHK
c:\found.402\FILE0011.CHK
c:\found.402\FILE0012.CHK
C:\FOUND.403
c:\found.403\FILE0000.CHK
c:\found.403\FILE0001.CHK
c:\found.403\FILE0002.CHK
c:\found.403\FILE0003.CHK
c:\found.403\FILE0004.CHK
c:\found.403\FILE0005.CHK
c:\found.403\FILE0006.CHK
c:\found.403\FILE0007.CHK
c:\found.403\FILE0008.CHK
c:\found.403\FILE0009.CHK
c:\found.403\FILE0010.CHK
c:\found.403\FILE0011.CHK
c:\found.403\FILE0012.CHK
C:\FOUND.404
c:\found.404\FILE0000.CHK
c:\found.404\FILE0001.CHK
c:\found.404\FILE0002.CHK
c:\found.404\FILE0003.CHK
c:\found.404\FILE0004.CHK
c:\found.404\FILE0005.CHK
c:\found.404\FILE0006.CHK
c:\found.404\FILE0007.CHK
c:\found.404\FILE0008.CHK
c:\found.404\FILE0009.CHK
c:\found.404\FILE0010.CHK
c:\found.404\FILE0011.CHK
c:\found.404\FILE0012.CHK
c:\found.404\FILE0013.CHK
c:\found.404\FILE0014.CHK
c:\found.404\FILE0015.CHK
C:\FOUND.405
c:\found.405\FILE0000.CHK
c:\found.405\FILE0001.CHK
c:\found.405\FILE0002.CHK
c:\found.405\FILE0003.CHK
c:\found.405\FILE0004.CHK
c:\found.405\FILE0005.CHK
c:\found.405\FILE0006.CHK
c:\found.405\FILE0007.CHK
c:\found.405\FILE0008.CHK
c:\found.405\FILE0009.CHK
c:\found.405\FILE0010.CHK
c:\found.405\FILE0011.CHK
c:\found.405\FILE0012.CHK
c:\found.405\FILE0013.CHK
C:\FOUND.406
c:\found.406\FILE0000.CHK
c:\found.406\FILE0001.CHK
c:\found.406\FILE0002.CHK
c:\found.406\FILE0003.CHK
c:\found.406\FILE0004.CHK
c:\found.406\FILE0005.CHK
c:\found.406\FILE0006.CHK
c:\found.406\FILE0007.CHK
c:\found.406\FILE0008.CHK
c:\found.406\FILE0009.CHK
c:\found.406\FILE0010.CHK
c:\found.406\FILE0011.CHK
c:\found.406\FILE0012.CHK
c:\found.406\FILE0013.CHK
C:\FOUND.407
c:\found.407\FILE0000.CHK
c:\found.407\FILE0001.CHK
c:\found.407\FILE0002.CHK
c:\found.407\FILE0003.CHK
c:\found.407\FILE0004.CHK
c:\found.407\FILE0005.CHK
c:\found.407\FILE0006.CHK
c:\found.407\FILE0007.CHK
c:\found.407\FILE0008.CHK
c:\found.407\FILE0009.CHK
c:\found.407\FILE0010.CHK
c:\found.407\FILE0011.CHK
c:\found.407\FILE0012.CHK
c:\found.407\FILE0013.CHK
c:\found.407\FILE0014.CHK
c:\found.407\FILE0015.CHK
c:\found.407\FILE0016.CHK
C:\FOUND.408
c:\found.408\FILE0000.CHK
c:\found.408\FILE0001.CHK
c:\found.408\FILE0002.CHK
c:\found.408\FILE0003.CHK
c:\found.408\FILE0004.CHK
c:\found.408\FILE0005.CHK
c:\found.408\FILE0006.CHK
c:\found.408\FILE0007.CHK
c:\found.408\FILE0008.CHK
c:\found.408\FILE0009.CHK
c:\found.408\FILE0010.CHK
c:\found.408\FILE0011.CHK
C:\FOUND.409
c:\found.409\FILE0000.CHK
c:\found.409\FILE0001.CHK
c:\found.409\FILE0002.CHK
c:\found.409\FILE0003.CHK
c:\found.409\FILE0004.CHK
c:\found.409\FILE0005.CHK
c:\found.409\FILE0006.CHK
c:\found.409\FILE0007.CHK
c:\found.409\FILE0008.CHK
c:\found.409\FILE0009.CHK
c:\found.409\FILE0010.CHK
c:\found.409\FILE0011.CHK
c:\found.409\FILE0012.CHK
c:\found.409\FILE0013.CHK
c:\found.409\FILE0014.CHK
c:\found.409\FILE0015.CHK
C:\FOUND.410
c:\found.410\FILE0000.CHK
c:\found.410\FILE0001.CHK
c:\found.410\FILE0002.CHK
c:\found.410\FILE0003.CHK
c:\found.410\FILE0004.CHK
c:\found.410\FILE0005.CHK
c:\found.410\FILE0006.CHK
c:\found.410\FILE0007.CHK
c:\found.410\FILE0008.CHK
c:\found.410\FILE0009.CHK
c:\found.410\FILE0010.CHK
c:\found.410\FILE0011.CHK
c:\found.410\FILE0012.CHK
c:\found.410\FILE0013.CHK
c:\found.410\FILE0014.CHK
C:\FOUND.411
c:\found.411\FILE0000.CHK
c:\found.411\FILE0001.CHK
c:\found.411\FILE0002.CHK
c:\found.411\FILE0003.CHK
c:\found.411\FILE0004.CHK
c:\found.411\FILE0005.CHK
c:\found.411\FILE0006.CHK
c:\found.411\FILE0007.CHK
c:\found.411\FILE0008.CHK
c:\found.411\FILE0009.CHK
c:\found.411\FILE0010.CHK
c:\found.411\FILE0011.CHK
c:\found.411\FILE0012.CHK
C:\FOUND.412
c:\found.412\FILE0000.CHK
c:\found.412\FILE0001.CHK
c:\found.412\FILE0002.CHK
c:\found.412\FILE0003.CHK
c:\found.412\FILE0004.CHK
c:\found.412\FILE0005.CHK
c:\found.412\FILE0006.CHK
c:\found.412\FILE0007.CHK
c:\found.412\FILE0008.CHK
c:\found.412\FILE0009.CHK
c:\found.412\FILE0010.CHK
c:\found.412\FILE0011.CHK
c:\found.412\FILE0012.CHK
c:\found.412\FILE0013.CHK
c:\found.412\FILE0014.CHK
C:\FOUND.413
c:\found.413\FILE0000.CHK
c:\found.413\FILE0001.CHK
c:\found.413\FILE0002.CHK
c:\found.413\FILE0003.CHK
c:\found.413\FILE0004.CHK
c:\found.413\FILE0005.CHK
c:\found.413\FILE0006.CHK
c:\found.413\FILE0007.CHK
c:\found.413\FILE0008.CHK
c:\found.413\FILE0009.CHK
c:\found.413\FILE0010.CHK
c:\found.413\FILE0011.CHK
c:\found.413\FILE0012.CHK
c:\found.413\FILE0013.CHK
c:\found.413\FILE0014.CHK
c:\found.413\FILE0015.CHK
C:\FOUND.414
c:\found.414\FILE0000.CHK
c:\found.414\FILE0001.CHK
c:\found.414\FILE0002.CHK
c:\found.414\FILE0003.CHK
c:\found.414\FILE0004.CHK
c:\found.414\FILE0005.CHK
c:\found.414\FILE0006.CHK
c:\found.414\FILE0007.CHK
c:\found.414\FILE0008.CHK
c:\found.414\FILE0009.CHK
c:\found.414\FILE0010.CHK
c:\found.414\FILE0011.CHK
C:\FOUND.415
c:\found.415\FILE0000.CHK
c:\found.415\FILE0001.CHK
c:\found.415\FILE0002.CHK
c:\found.415\FILE0003.CHK
c:\found.415\FILE0004.CHK
c:\found.415\FILE0005.CHK
c:\found.415\FILE0006.CHK
c:\found.415\FILE0007.CHK
c:\found.415\FILE0008.CHK
c:\found.415\FILE0009.CHK
c:\found.415\FILE0010.CHK
c:\found.415\FILE0011.CHK
c:\found.415\FILE0012.CHK
C:\FOUND.416
c:\found.416\FILE0000.CHK
c:\found.416\FILE0001.CHK
c:\found.416\FILE0002.CHK
c:\found.416\FILE0003.CHK
c:\found.416\FILE0004.CHK
c:\found.416\FILE0005.CHK
c:\found.416\FILE0006.CHK
c:\found.416\FILE0007.CHK
c:\found.416\FILE0008.CHK
c:\found.416\FILE0009.CHK
c:\found.416\FILE0010.CHK
c:\found.416\FILE0011.CHK
c:\found.416\FILE0012.CHK
c:\found.416\FILE0013.CHK
c:\found.416\FILE0014.CHK
C:\FOUND.417
c:\found.417\FILE0000.CHK
c:\found.417\FILE0001.CHK
c:\found.417\FILE0002.CHK
c:\found.417\FILE0003.CHK
c:\found.417\FILE0004.CHK
c:\found.417\FILE0005.CHK
c:\found.417\FILE0006.CHK
c:\found.417\FILE0007.CHK
c:\found.417\FILE0008.CHK
c:\found.417\FILE0009.CHK
c:\found.417\FILE0010.CHK
C:\FOUND.418
c:\found.418\FILE0000.CHK
c:\found.418\FILE0001.CHK
c:\found.418\FILE0002.CHK
c:\found.418\FILE0003.CHK
c:\found.418\FILE0004.CHK
c:\found.418\FILE0005.CHK
c:\found.418\FILE0006.CHK
c:\found.418\FILE0007.CHK
c:\found.418\FILE0008.CHK
c:\found.418\FILE0009.CHK
c:\found.418\FILE0010.CHK
C:\FOUND.419
c:\found.419\FILE0000.CHK
c:\found.419\FILE0001.CHK
c:\found.419\FILE0002.CHK
c:\found.419\FILE0003.CHK
c:\found.419\FILE0004.CHK
c:\found.419\FILE0005.CHK
c:\found.419\FILE0006.CHK
c:\found.419\FILE0007.CHK
c:\found.419\FILE0008.CHK
c:\found.419\FILE0009.CHK
c:\found.419\FILE0010.CHK
c:\found.419\FILE0011.CHK
c:\found.419\FILE0012.CHK
c:\found.419\FILE0013.CHK
c:\found.419\FILE0014.CHK
C:\FOUND.420
c:\found.420\FILE0000.CHK
c:\found.420\FILE0001.CHK
c:\found.420\FILE0002.CHK
c:\found.420\FILE0003.CHK
c:\found.420\FILE0004.CHK
c:\found.420\FILE0005.CHK
c:\found.420\FILE0006.CHK
c:\found.420\FILE0007.CHK
c:\found.420\FILE0008.CHK
c:\found.420\FILE0009.CHK
c:\found.420\FILE0010.CHK
C:\FOUND.421
c:\found.421\FILE0000.CHK
c:\found.421\FILE0001.CHK
c:\found.421\FILE0002.CHK
c:\found.421\FILE0003.CHK
c:\found.421\FILE0004.CHK
c:\found.421\FILE0005.CHK
c:\found.421\FILE0006.CHK
c:\found.421\FILE0007.CHK
c:\found.421\FILE0008.CHK
c:\found.421\FILE0009.CHK
c:\found.421\FILE0010.CHK
C:\FOUND.422
c:\found.422\FILE0000.CHK
c:\found.422\FILE0001.CHK
c:\found.422\FILE0002.CHK
c:\found.422\FILE0003.CHK
c:\found.422\FILE0004.CHK
c:\found.422\FILE0005.CHK
c:\found.422\FILE0006.CHK
c:\found.422\FILE0007.CHK
c:\found.422\FILE0008.CHK
c:\found.422\FILE0009.CHK
c:\found.422\FILE0010.CHK
c:\found.422\FILE0011.CHK
c:\found.422\FILE0012.CHK
c:\found.422\FILE0013.CHK
c:\found.422\FILE0014.CHK
c:\found.422\FILE0015.CHK
c:\found.422\FILE0016.CHK
c:\found.422\FILE0017.CHK
c:\found.422\FILE0018.CHK
c:\found.422\FILE0019.CHK
c:\found.422\FILE0020.CHK
c:\found.422\FILE0021.CHK
c:\found.422\FILE0022.CHK
C:\FOUND.423
c:\found.423\FILE0000.CHK
c:\found.423\FILE0001.CHK
c:\found.423\FILE0002.CHK
c:\found.423\FILE0003.CHK
c:\found.423\FILE0004.CHK
c:\found.423\FILE0005.CHK
c:\found.423\FILE0006.CHK
c:\found.423\FILE0007.CHK
c:\found.423\FILE0008.CHK
c:\found.423\FILE0009.CHK
C:\FOUND.424
c:\found.424\FILE0000.CHK
c:\found.424\FILE0001.CHK
c:\found.424\FILE0002.CHK
c:\found.424\FILE0003.CHK
c:\found.424\FILE0004.CHK
c:\found.424\FILE0005.CHK
c:\found.424\FILE0006.CHK
c:\found.424\FILE0007.CHK
c:\found.424\FILE0008.CHK
c:\found.424\FILE0009.CHK
c:\found.424\FILE0010.CHK
c:\found.424\FILE0011.CHK
c:\found.424\FILE0012.CHK
c:\found.424\FILE0013.CHK
C:\FOUND.425
c:\found.425\FILE0000.CHK
c:\found.425\FILE0001.CHK
c:\found.425\FILE0002.CHK
c:\found.425\FILE0003.CHK
c:\found.425\FILE0004.CHK
c:\found.425\FILE0005.CHK
c:\found.425\FILE0006.CHK
c:\found.425\FILE0007.CHK
c:\found.425\FILE0008.CHK
c:\found.425\FILE0009.CHK
c:\found.425\FILE0010.CHK
c:\found.425\FILE0011.CHK
c:\found.425\FILE0012.CHK
c:\found.425\FILE0013.CHK
c:\found.425\FILE0014.CHK
c:\found.425\FILE0015.CHK
c:\found.425\FILE0016.CHK
c:\found.425\FILE0017.CHK
c:\found.425\FILE0018.CHK
c:\found.425\FILE0019.CHK
c:\found.425\FILE0020.CHK
c:\found.425\FILE0021.CHK
c:\found.425\FILE0022.CHK
C:\FOUND.426
c:\found.426\FILE0000.CHK
c:\found.426\FILE0001.CHK
c:\found.426\FILE0002.CHK
c:\found.426\FILE0003.CHK
c:\found.426\FILE0004.CHK
c:\found.426\FILE0005.CHK
c:\found.426\FILE0006.CHK
c:\found.426\FILE0007.CHK
c:\found.426\FILE0008.CHK
c:\found.426\FILE0009.CHK
c:\found.426\FILE0010.CHK
c:\found.426\FILE0011.CHK
C:\FOUND.427
c:\found.427\FILE0000.CHK
C:\FOUND.428
c:\found.428\FILE0000.CHK
c:\found.428\FILE0001.CHK
c:\found.428\FILE0002.CHK
c:\found.428\FILE0003.CHK
c:\found.428\FILE0004.CHK
c:\found.428\FILE0005.CHK
c:\windows\im32st.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Service_cusbohcn
-------\Service_Plánovač automatické aktualizace LiveUpdate


((((((((((((((((((((((((( Soubory vytvořené od 2009-06-14 do 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-13 12:26 . 2009-07-13 12:26 -------- d-----w- c:\program files\Trend Micro
2009-07-13 12:25 . 2009-07-13 12:25 -------- d-----w- C:\Trend Micro
2009-07-13 09:46 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:46 . 2009-07-13 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 09:46 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 09:39 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 09:39 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 09:39 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 09:39 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 09:39 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 09:39 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 09:39 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 09:39 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 09:38 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-10 09:38 . 2009-07-10 09:38 -------- d-----w- c:\program files\Alwil Software
2009-07-09 16:05 . 2009-07-09 16:05 -------- d-----w- C:\TRANSLAT
2009-07-09 15:32 . 2009-07-09 15:32 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 10:10 . 2004-11-20 09:15 92114 ----a-w- c:\windows\system32\perfc005.dat
2009-06-15 10:10 . 2004-11-20 09:15 462136 ----a-w- c:\windows\system32\perfh005.dat
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-14 10:03 . 2009-05-14 10:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 13:12 . 2006-06-23 17:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2004-11-20 09:14 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-11-20 09:14 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-11-20 09:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:52 . 2004-11-20 09:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-11-20 09:14 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_13.55.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 08:03 . 2009-07-14 08:03 16384 c:\windows\Temp\Perflib_Perfdata_918.dat
+ 2009-07-14 08:01 . 2009-07-14 08:01 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-07-09 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-20 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-19 544768]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-18 15797248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 11:39 114768]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 11:39 20560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [23.6.2006 19:45 16269]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [23.6.2006 19:43 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [23.6.2006 19:43 8278]
S2 gupdate1c9ae0e76233004;Služba Google Update (gupdate1c9ae0e76233004);c:\program files\Google\Update\GoogleUpdate.exe [26.3.2009 13:29 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4.8.2008 23:52 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4.8.2008 23:52 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\drivers\u3kmini.sys [20.1.2008 23:23 352000]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 11:27]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 11:28]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 11:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: Download with Rapget - c:\documents and settings\TTT\Plocha\Rapidshare\RapGet\rapget.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 10:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,00,73,0a,b1,de,6f,fb,31,c8,c5,39,31,5c,bb,7b,a3,6d,11,eb,5a,45,34,
01,24,02,63,84,c0,fe,9e,ec,99,40,61,b7,8a,be,de,83,5a,d5,42,6e,53,27,fd,a5,\
"??"=hex:e5,53,a2,9a,f5,4d,7b,fd,45,33,8a,d1,04,89,11,e4

[HKEY_USERS\S-1-5-21-1769516646-3135024721-1854264593-1005\Software\SecuROM\License information*]
"datasecu"=hex:0d,4a,ce,f3,54,8b,a3,4c,fd,ba,cb,ed,28,c9,37,b1,e6,b5,b0,8f,91,
10,c6,03,22,28,7c,9d,3c,1a,1a,08,c4,76,0d,12,28,df,ad,63,23,ed,9c,fd,4d,7a,\
"rkeysecu"=hex:e7,f2,b7,e5,55,cc,05,b0,1c,3e,9b,6e,a4,a0,be,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1760)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\nvwddi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-07-14 10:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-14 08:07
ComboFix2.txt 2009-07-13 13:58

Před spuštěním: Volných bajtů: 16 623 108 096
Po spuštění: Volných bajtů: 16 590 176 256

1020 --- E O F --- 2009-06-11 12:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:41, on 14.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\TTT\Plocha\Rapidshare\RapGet\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9ae0e76233004) (gupdate1c9ae0e76233004) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9928 bytes

[Damned]

Vypni si Body obnovení a po chcvíli si je zase zapni.
Předpokládám, že avast! nehlásí už nic. Logy jsou již čisté.
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se.

[tom99cz]

... tak vse udelano, jen ComboFix se mi nejak vytratil hned po jeho pouziti, pc hlasi, ze ho nemuze najit.
Jinak vse vypada byt OK.

MOC TI DEKUJI ZA POMOC!!!!!!!!
Mej se hezky