virus Angela.B Vyřešeno

[Damned]

Jaký používáš antivir? Aviru? V procesech je jen agent, máš tam ovladače avastu. ComboFix ukazuje že máš jen dva Antispyware.

Odinstaluj si tedy pořádně avast! - použij utilitu: http://files.avast.com/files/eng/aswclear.exe

a reinstaluj Aviru.

Potom:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\aavmker4.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aswmon2.sys

Folder::
c:\program files\Alwil Software

DirLook::
c:\windows\system32\IOSUBSYS
c:\program files\pdfforge Toolbar
c:\users\Personal\AppData\Roaming\BSplayer PRO

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMfdf8f38f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fecbc013]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1425841500-2653546536-3785045844-1004]
"EnableNotifications"=dword:00000000
"EnableNotificationsRef"=dword:00000000




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Reklama]

[john.vodka]

Chování PC

Virus mi předtím přepsal přihlašovací heslo k windows, naštěstí jsem se mohl přihlásit pomocí otisku prstů a měl další bezheslový účet. Po vyčištění programem ComboFix mi hlásí počítač chybu že nemůže spusti LogonUI.exe (Asus aplikace pro přihlášení otiskem prstu) a tato hláška vyskakuje i při spuštění opery i jiných aplikací. A když chci počítač vypnout tak se nevypne, dlouho je černá obrazovka ale stále běží a musel jsem ho vypnout natvrdo. Jinak se zdá že všechno ostatní funguje bez problému zatím a anti-malware neobjevil žádné infekce.



LOG z combofix

ComboFix 09-09-08.01 - Host 09.09.2009 16:59.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.1903 [GMT 2:00]
Spuštěný z: c:\users\Host\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Host\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\aavmker4.sys"
"c:\windows\system32\drivers\aswmon.sys"
"c:\windows\system32\drivers\aswmon2.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-09 do 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 15:20 . 2009-09-09 15:20 -------- d-----w- c:\users\Host\AppData\Local\temp
2009-09-09 15:20 . 2009-09-09 15:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 15:20 . 2009-09-09 15:20 -------- d-----w- c:\users\Personal\AppData\Local\temp
2009-09-09 15:20 . 2009-09-09 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 15:20 . 2009-09-09 15:20 -------- d-----w- c:\users\Debil\AppData\Local\temp
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\users\Personal\AppData\Roaming\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:33 . 2009-09-08 18:33 -------- d-----w- c:\program files\Trend Micro
2009-09-08 14:21 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-09-08 14:15 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-07 16:30 . 2009-09-07 16:33 -------- d-----w- c:\program files\Duke Nukem - Manhattan Project
2009-09-07 16:30 . 2009-09-07 16:30 -------- d-----w- C:\Shortcuts
2009-09-03 20:03 . 2009-09-03 20:03 -------- d-----w- C:\Buziol Games
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-08-28 07:58 . 2009-08-28 07:58 -------- d-----w- c:\program files\Microsoft WSE
2009-08-28 07:43 . 2009-08-28 07:43 -------- d-----w- c:\program files\Electronic Arts
2009-08-26 19:33 . 2009-08-26 19:33 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-26 19:31 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-08-26 19:31 . 2004-08-25 11:53 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-08-26 19:31 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-08-25 12:19 . 2009-08-25 12:19 -------- d-----w- c:\program files\Phenomedia AG
2009-08-25 12:19 . 1998-11-17 11:44 328704 ----a-w- c:\windows\IsUn0407.exe
2009-08-21 07:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-21 07:53 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-21 07:53 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-21 07:53 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-21 07:53 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-19 08:13 . 2009-08-19 08:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-18 15:08 . 2009-08-26 20:10 -------- d-----w- c:\users\Personal\AppData\Roaming\Audacity
2009-08-16 16:22 . 2009-08-23 20:35 -------- d-----w- c:\program files\The Seal Hunter
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 14:40 . 2007-04-21 11:18 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-09-09 14:40 . 2007-04-21 11:18 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-09-09 14:35 . 2008-04-19 13:35 -------- d-----w- c:\program files\Opera
2009-09-08 20:29 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-08 20:29 . 2009-03-17 08:20 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-08 14:41 . 2008-03-31 11:05 166704 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 16:32 . 2008-02-19 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 15:09 . 2008-04-09 17:13 -------- d-----w- c:\program files\Activision
2009-09-03 07:48 . 2009-03-25 08:19 -------- d-----w- c:\program files\RapidDown
2009-08-31 17:29 . 2008-07-22 08:19 -------- d-----w- c:\program files\Google
2009-08-31 10:22 . 2008-10-29 19:49 -------- d-----w- c:\programdata\Xfire
2009-08-28 12:39 . 2009-09-08 14:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-08 14:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 19:41 . 2008-08-26 18:48 -------- d-----w- c:\users\Personal\AppData\Roaming\Winamp
2009-08-27 19:04 . 2008-02-19 18:31 -------- d-----w- c:\programdata\Microsoft Help
2009-08-27 18:56 . 2008-04-08 09:01 -------- d-----w- c:\program files\EA GAMES
2009-08-27 18:28 . 2009-08-05 21:08 -------- d-----w- c:\users\Personal\AppData\Roaming\Stardock
2009-08-27 15:05 . 2008-10-29 19:49 -------- d-----w- c:\users\Personal\AppData\Roaming\Xfire
2009-08-27 14:41 . 2008-04-24 21:16 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 14:41 . 2008-04-24 21:16 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 14:26 . 2008-10-29 19:49 -------- d-----w- c:\program files\Xfire
2009-08-26 20:02 . 2008-11-24 01:48 -------- d-----w- c:\program files\CDex_150
2009-08-25 18:50 . 2009-06-23 14:33 -------- d-----w- c:\users\Personal\AppData\Roaming\BSplayer PRO
2009-08-23 22:21 . 2008-03-30 09:36 -------- d-----w- c:\program files\totalcmd
2009-08-23 16:13 . 2008-03-30 09:25 -------- d-----w- c:\program files\BitLord
2009-08-21 17:50 . 2008-06-02 20:24 -------- d-----w- c:\program files\QIP Infium
2009-08-19 08:13 . 2008-03-30 09:37 -------- d-----w- c:\program files\Winamp
2009-08-06 23:12 . 2008-08-23 10:00 166704 ----a-w- c:\users\Personal\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 08:24 . 2009-05-27 15:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\program files\Stardock
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\programdata\Stardock
2009-07-21 21:52 . 2009-09-08 14:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-08 14:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-08 14:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-08 14:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-21 07:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-06-15 18:20 . 2009-08-21 07:54 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-21 07:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-21 07:54 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-21 07:54 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-21 07:54 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-21 07:54 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-21 07:54 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-21 07:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-21 07:54 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-21 07:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-10 20:57 . 2008-06-10 20:57 2307 ----a-w- c:\program files\unins000.dat
2008-06-10 20:57 . 2008-06-10 20:57 693293 ----a-w- c:\program files\unins000.exe
2008-01-19 07:33 . 2008-07-12 09:44 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\pdfforge Toolbar ----

2009-03-17 08:20 . 2009-03-17 08:20 38 ----a-w- c:\program files\pdfforge Toolbar\config.ini
2009-03-17 08:20 . 2009-03-17 08:20 33 ----a-w- c:\program files\pdfforge Toolbar\sscfg.ini
2009-01-30 15:22 . 2009-01-30 15:22 992256 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
2009-01-30 14:12 . 2009-01-30 14:12 64000 ----a-w- c:\program files\pdfforge Toolbar\WidgiHelper.exe
2009-01-30 14:12 . 2009-01-30 14:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
2009-01-30 14:12 . 2009-01-30 14:12 941 ----a-w- c:\program files\pdfforge Toolbar\Res\icon_settings.gif
2009-01-30 14:12 . 2009-01-30 14:12 1365 ----a-w- c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
2009-01-30 14:12 . 2009-01-30 14:12 1462 ----a-w- c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
2009-01-30 14:12 . 2009-01-30 14:12 1027 ----a-w- c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
2009-01-30 14:12 . 2009-01-30 14:12 2695 ----a-w- c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
2009-01-30 14:12 . 2009-01-30 14:12 1029 ----a-w- c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
2009-01-30 14:12 . 2009-01-30 14:12 1037 ----a-w- c:\program files\pdfforge Toolbar\Res\search-button.gif
2009-01-30 14:12 . 2009-01-30 14:12 948 ----a-w- c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
2009-01-30 14:12 . 2009-01-30 14:12 846 ----a-w- c:\program files\pdfforge Toolbar\Res\search-chevron.gif
2009-01-30 14:12 . 2009-01-30 14:12 1004 ----a-w- c:\program files\pdfforge Toolbar\Res\search_amazon.gif
2009-01-30 14:12 . 2009-01-30 14:12 929 ----a-w- c:\program files\pdfforge Toolbar\Res\search_ebay.gif
2009-01-30 14:12 . 2009-01-30 14:12 881 ----a-w- c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
2009-01-30 14:12 . 2009-01-30 14:12 76 ----a-w- c:\program files\pdfforge Toolbar\Res\separator.gif
2009-01-30 14:12 . 2009-01-30 14:12 2939 ----a-w- c:\program files\pdfforge Toolbar\Res\widgets.xml
2009-01-30 14:11 . 2009-01-30 14:11 45056 ----a-w- c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll

---- Directory of c:\users\Personal\AppData\Roaming\BSplayer PRO ----

2009-08-25 18:50 . 2009-09-08 19:11 239 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bsplist.bsl
2009-08-21 07:29 . 2009-08-21 07:29 15 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bslib\pcnt.dat
2009-07-08 20:30 . 2009-07-08 20:30 2560 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\DVDdata\dvd-336264571988010487.sav
2009-06-23 14:41 . 2009-08-23 11:28 2437 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bspml.xml
2009-06-23 14:40 . 2009-08-29 21:01 2560 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bsp.dat
2009-06-23 14:37 . 2009-06-29 13:54 57 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\key.reg
2009-06-23 14:34 . 2009-06-23 14:34 1136 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\unreg.log
2009-06-23 14:34 . 2008-04-13 15:26 36396 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\uninstall.exe
2009-06-23 14:34 . 2007-07-05 01:33 892928 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\iconv.dll
2009-06-23 14:34 . 2004-06-30 21:39 20179 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\GPL_rus.txt
2009-06-23 14:34 . 2004-06-30 21:39 18347 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\GPL_eng.txt
2009-06-23 14:34 . 2007-08-18 07:53 16384 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\dialog_patch.exe
2009-06-23 14:34 . 2007-08-09 11:26 4642 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter_reg_reset.reg
2009-06-23 14:34 . 2004-07-12 09:47 1158 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter_reg_renderers_win9x.reg
2009-06-23 14:34 . 2004-07-12 09:47 1224 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter_reg_renderers_win2k.reg
2009-06-23 14:34 . 2007-05-13 18:24 2707 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter_reg_presets.reg
2009-06-23 14:34 . 2007-04-15 12:21 644 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter.ax.manifest
2009-06-23 14:34 . 2007-08-18 07:55 577536 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter.ax
2009-06-23 14:34 . 2007-08-18 07:54 380928 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3filter.acm
2009-06-23 14:34 . 2007-04-15 12:21 638 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe.manifest
2009-06-23 14:34 . 2007-08-18 07:54 20480 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe
2009-06-23 14:34 . 2006-07-08 08:31 4126 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\_readme.txt
2009-06-23 14:34 . 2007-08-09 10:07 11292 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\_changes_rus.txt
2009-06-23 14:34 . 2007-08-09 07:46 11310 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\_changes_eng.txt
2009-06-23 14:34 . 2007-08-08 17:08 20948 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\zho.po
2009-06-23 14:34 . 2007-08-08 17:08 21239 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\spa.po
2009-06-23 14:34 . 2007-08-08 17:08 21138 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\slo.po
2009-06-23 14:34 . 2007-07-05 02:13 22555 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\rus.po
2009-06-23 14:34 . 2007-07-05 02:13 20658 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\por.po
2009-06-23 14:34 . 2007-07-05 02:13 20233 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\pol.po
2009-06-23 14:34 . 2007-08-08 17:08 20747 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\kor.po
2009-06-23 14:34 . 2007-08-08 17:08 21193 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\ita.po
2009-06-23 14:34 . 2007-07-05 02:13 19525 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\ind.po
2009-06-23 14:34 . 2007-08-08 17:08 21514 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\hun.po
2009-06-23 14:34 . 2007-08-08 17:08 21060 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\ger.po
2009-06-23 14:34 . 2007-07-05 02:13 20196 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\fre.po
2009-06-23 14:34 . 2007-08-09 10:26 17690 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\lang\ac3filter.pot
2009-06-23 14:34 . 2007-08-18 07:56 217716 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\spdif_rus.pdf
2009-06-23 14:34 . 2007-08-18 07:56 118654 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\spdif_eng.pdf
2009-06-23 14:34 . 2007-08-18 07:55 379186 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\loudness_rus.pdf
2009-06-23 14:34 . 2007-08-18 07:55 296182 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\loudness_eng.pdf
2009-06-23 14:34 . 2007-08-18 07:55 520482 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\ac3filter_rus.pdf
2009-06-23 14:34 . 2007-08-18 07:55 361291 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\AC3 Filter\doc\ac3filter_eng.pdf
2009-06-23 14:34 . 2009-06-23 14:34 2 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\MPEG2 decoder\unreg.log
2009-06-23 14:34 . 2007-09-18 14:31 438272 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\MPEG2 decoder\Mpeg2DecFilter.ax
2009-06-23 14:34 . 2009-06-23 14:34 2 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\unreg.log
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v3lr.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v3ehr.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v3hr.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_v1.xcm
2009-06-23 14:34 . 2008-12-11 11:27 910 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_avc_hr.cfg
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\eqm_autogk_sharp.xcm
2009-06-23 14:34 . 2008-12-11 11:26 60273 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\pthreadGC2.dll
2009-06-23 14:34 . 2007-11-29 10:52 348160 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\msvcr71.dll
2009-06-23 14:34 . 2007-11-29 10:52 499712 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\msvcp71.dll
2009-06-23 14:34 . 2008-11-26 16:49 238080 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\TomsMoComp_ff.dll
2009-06-23 14:34 . 2008-11-26 17:55 683520 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_kernelDeint.dll
2009-06-23 14:34 . 2007-11-29 10:52 1708 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\openIE.js
2009-06-23 14:34 . 2008-12-11 11:27 547 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ffdshow.ax.manifest
2009-06-23 14:34 . 2008-12-17 17:37 791742 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\xvidcore.dll
2009-06-23 14:34 . 2008-12-17 17:41 884237 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_x264.dll
2009-06-23 14:34 . 2008-12-17 17:22 93184 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_wmv9.dll
2009-06-23 14:34 . 2008-12-17 17:33 257024 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_libdts.dll
2009-06-23 14:34 . 2008-12-18 13:55 142848 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_liba52.dll
2009-06-23 14:34 . 2008-12-17 17:33 485888 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_libfaad2.dll
2009-06-23 14:34 . 2008-12-17 17:32 178688 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_libmad.dll
2009-06-23 14:34 . 2007-12-03 14:38 118784 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_realaac.dll
2009-06-23 14:34 . 2008-12-17 17:32 183296 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_samplerate.dll
2009-06-23 14:34 . 2008-12-17 17:15 145609 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\libmpeg2_ff.dll
2009-06-23 14:34 . 2008-12-19 15:15 4338246 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\libavcodec.dll
2009-06-23 14:34 . 2008-12-17 17:33 146944 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_tremor.dll
2009-06-23 14:34 . 2008-12-17 17:17 239247 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_theora.dll
2009-06-23 14:34 . 2008-12-17 16:59 560802 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\libmplayer.dll
2009-06-23 14:34 . 2008-12-17 17:33 113152 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ff_unrar.dll
2009-06-23 14:34 . 2008-12-19 16:26 2625536 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\ffdshow.ax
2009-06-23 14:34 . 2008-04-01 09:51 691717 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
2009-06-23 14:34 . 2008-04-01 09:53 42844 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\unins000.dat
2009-06-23 14:34 . 2008-12-11 11:27 67828 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.2052.sc
2009-06-23 14:34 . 2008-12-11 11:27 9802 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1053.se
2009-06-23 14:34 . 2008-12-11 11:27 70960 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1051.sk
2009-06-23 14:34 . 2008-12-11 11:27 62196 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1049.ru
2009-06-23 14:34 . 2008-12-11 11:27 11084 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1046.br
2009-06-23 14:34 . 2008-12-11 11:27 130524 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1045.pl
2009-06-23 14:34 . 2007-12-06 16:31 62969 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1041.jp
2009-06-23 14:34 . 2008-12-11 11:27 94746 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1041.ja
2009-06-23 14:34 . 2008-12-11 11:27 85420 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1040.it
2009-06-23 14:34 . 2008-12-11 11:27 10636 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1038.hu
2009-06-23 14:34 . 2008-12-11 11:27 114950 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1036.fr
2009-06-23 14:34 . 2008-12-11 11:27 69860 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1035.fi
2009-06-23 14:34 . 2008-12-11 11:27 115322 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1034.es
2009-06-23 14:34 . 2008-12-11 11:27 9 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1033.en
2009-06-23 14:34 . 2008-12-11 11:27 78406 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1031.de
2009-06-23 14:34 . 2008-12-11 11:27 99356 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1029.cz
2009-06-23 14:34 . 2008-12-11 11:27 22148 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1028.tc
2009-06-23 14:34 . 2008-12-11 11:27 82598 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\languages\ffdshow.1026.bg
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Standard.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Ultimate Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Soulhunters V5.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Soulhunters V3.xcm
2009-06-23 14:34 . 2008-12-11 11:27 1244 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\q_matrix_def.cfg
2009-06-23 14:34 . 2008-12-11 11:27 1244 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\q_matrix2.cfg
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\pvcd.xcm
2009-06-23 14:34 . 2008-12-11 11:27 2697 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\q_matrix.cfg
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\MPEG.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Low Bitrate Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\hvs-good-picture.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\hvs-best-picture.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\hvs-better-picture.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\CG-Animation Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm
2009-06-23 14:34 . 2008-12-11 11:27 128 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\FFDShow\custom matrices\andreas_78er.matrix.xcm
2008-11-11 21:30 . 2009-06-23 14:41 208896 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bslib\BSPMLIB2.DAT
2008-04-29 12:17 . 2009-09-08 19:11 11761 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\BSplayer.xml
2006-06-07 12:51 . 2006-06-07 12:51 512000 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\bslib\BSPMLIB.DAT
2006-02-27 15:25 . 2006-02-27 15:25 6292 ----a-w- c:\users\Personal\AppData\Roaming\BSplayer PRO\EQ.xml

---- Directory of c:\windows\system32\IOSUBSYS ----

2008-11-20 19:19 . 2008-11-20 19:19 12345 ----a-w- c:\windows\system32\IOSUBSYS\pxhelper.vxd


((((((((((((((((((((((((((((( SnapShot@2009-09-08_20.32.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-30 00:18 . 2009-09-09 03:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 00:18 . 2009-09-09 03:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 00:18 . 2009-09-09 03:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-16 08:07 . 2009-09-09 14:34 6470 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1425841500-2653546536-3785045844-1001_UserData.bin
+ 2009-09-08 20:30 . 2009-09-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-08 20:30 . 2009-09-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-09 14:34 112184 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-09-09 14:40 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 19:58 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 19:58 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-09 14:40 101250 c:\windows\System32\perfc009.dat
+ 2009-09-08 14:32 . 2009-09-09 03:18 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-08 14:32 . 2009-09-08 20:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-30 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1425841500-2653546536-3785045844-1004]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7ED893B2-2374-4ACF-8D2B-CB7ED269D327}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{C59D66E9-5369-458E-98E0-DFC091152ED2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{F7C5F090-61A6-4040-8AE3-14E54998C09F}d:\\hry\\hl2\\hl2.exe"= UDP:d:\hry\hl2\hl2.exe:hl2
"UDP Query User{5C577060-66A3-4B49-AA99-A243F2BBE1E6}d:\\hry\\hl2\\hl2.exe"= TCP:d:\hry\hl2\hl2.exe:hl2
"TCP Query User{F7609E16-3310-4F3F-943E-7A5186B83902}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{BFD7D859-397B-42B0-BA91-A45AC6B2D92B}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{22C187DC-50AA-4500-A880-06BDC0562E43}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{7E38A6C0-CD40-4414-A2DD-FAC784CC0F01}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"TCP Query User{9A456382-ED79-4EB8-95CF-C47A48718208}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{BBC821CF-4B1E-473C-AAE8-3AF8D30A1704}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"{0651D025-9D00-451A-8883-D0842B95704D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C999B28C-6A3B-4EAF-B7F0-66CF2AC132F5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{300BE580-70B2-4CF6-8CDB-91F3ABB74998}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A9100E55-1AA0-421D-B84C-32D15675DE7A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9087891A-FC59-446E-876A-59598ACFC4E2}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{B47515AF-965D-4CA8-9ADD-B47D385463C3}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{B8E4F162-C4B9-4FE0-8F1F-EE8A5D066D4D}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{3B0E2FF5-FBBD-41D4-9F99-18E310F1246B}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{A9AEE389-C3C2-4034-B435-602956818074}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{E448DBFB-D104-4520-8A28-604E7F5D7B1C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{2CF6CEB9-F845-4443-9575-2D611EB63576}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9544D1A9-9CCC-402B-A52C-0188833F6DC3}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{1B5621DB-DDB0-4A0A-A604-79D65418A533}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{89DA696D-F8AE-436D-ABCA-70315EC5911E}d:\\hry\\flatout2\\flatout2.exe"= UDP:d:\hry\flatout2\flatout2.exe:FlatOut2
"UDP Query User{EF2C68F8-595C-42FD-BC04-DDD950FF82B7}d:\\hry\\flatout2\\flatout2.exe"= TCP:d:\hry\flatout2\flatout2.exe:FlatOut2
"TCP Query User{789FDD66-27B0-40B6-80B1-634D7E9B516E}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{BAE7B060-CBD9-41C1-ACF6-34FDF50442C1}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{4067B8B9-D690-4F83-B072-7FA62DB51DD3}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{E0679E54-614A-4F7A-96A2-62A6C0E91FE2}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{765E0263-563F-48DF-92A2-A08A8D0F0FC6}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{8206CB58-BD46-4124-9403-D6DF1C837D07}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{0B735514-96E1-430A-805E-EF4CBEF12411}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D76666DD-35F7-4E4B-B84D-FDE9D2EDD639}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C8E37A7B-6C38-4C61-92A1-E80EA82CF58D}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{721F664A-64C0-45AB-AD69-B3A7D3649F2A}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{4E6B62DF-8632-4D68-96D4-02D0C7729413}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= UDP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"UDP Query User{226FD325-6588-4D97-BC97-2E4FC3C365F0}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= TCP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"TCP Query User{8A39C083-DC45-452C-85DC-3ADC6F13543C}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{38DF3F23-D891-43D3-A0F0-78F3A6BC7330}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{342C58BC-C8AE-4D25-945A-07E2AF727429}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{57650E2F-A0B0-4853-95B2-A16377052EA9}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{7A44AC44-7496-4327-93C0-76B1F74FB2CA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{154C9864-E3D2-4EE4-AB01-6E640651EC3B}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{14F18870-51D1-4E17-A7BE-355DC37995A5}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DE22DB7C-8E7A-4B14-9EEB-F8EFD481C281}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6EAFA948-21CC-4A26-B061-AECE2091930A}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{264A992D-B6AF-42A1-9B1E-6C6390DEF9A2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F0A37B18-1837-4B94-B6D1-BAFEC51EF5D6}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{0E1B6A16-FF3D-4779-9730-7FE3E3BD1295}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{FA8E42A3-57F6-4B11-A898-12B9699166D4}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DA8EE021-BCA9-4E2A-8098-0C47B9ED1E8E}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{5ACA59FB-114F-4E7B-B127-F60E88B8BAC6}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{1EEAE627-F2BD-431D-B9CA-EF72D3645C98}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{34A60CC8-CE63-44C8-A936-1AB382E103EE}c:\\program files\\vietcong\\vietcong.exe"= UDP:c:\program files\vietcong\vietcong.exe:vietcong
"UDP Query User{77CC8CD5-7962-4C5A-A573-F40B8D5F9AA2}c:\\program files\\vietcong\\vietcong.exe"= TCP:c:\program files\vietcong\vietcong.exe:vietcong
"TCP Query User{DAA97308-C3D2-4CE1-A6C5-252667E41834}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= UDP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{447A72BF-A8DC-483E-8D77-9542773CFAA2}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= TCP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{CB3D3DB6-B751-47F1-B0CA-880BA5F69861}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= UDP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"UDP Query User{F8CDBEF4-F0BB-4179-8DEB-7F03DE1CBDB1}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= TCP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"TCP Query User{473DF6C1-194C-4C4F-9A06-96E127067B16}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{88986485-6243-4F13-A36F-0DA5F1A643DF}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{04B7F873-6354-4ACF-B1FD-A8C9CBDA6FB1}c:\\program files\\orangebox\\hl2.exe"= UDP:c:\program files\orangebox\hl2.exe:hl2
"UDP Query User{B862BD75-485F-4E7F-BD99-995D6DE84BE6}c:\\program files\\orangebox\\hl2.exe"= TCP:c:\program files\orangebox\hl2.exe:hl2
"TCP Query User{0E13E74D-6121-4E1F-ACB0-C43E77BB059B}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= UDP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"UDP Query User{5C2A2BA8-0CF0-4334-B568-B11377F10093}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= TCP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"TCP Query User{7110A448-2C08-460C-89EC-8DE6171ECB35}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A70C1FC5-4392-4694-9966-A1FE05788528}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2.10.2007 13:53 220696]
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [19.2.2008 22:19 15416]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 19:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 21:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.5.2009 17:41 108289]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [31.10.2007 13:55 46592]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\System32\drivers\Ltn_hyd7700pc.sys [18.5.2007 7:50 374144]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{7004099C-2984-4D85-A3CF-79200AA40F6A}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{847B8816-C1FB-4FFA-8E35-21AA404E69DC}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 17:20
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-09-09 17:22
ComboFix-quarantined-files.txt 2009-09-09 15:21
ComboFix2.txt 2009-09-08 20:40

Před spuštěním: Volných bajtů: 48 977 326 080
Po spuštění: Volných bajtů: 48 923 619 328

427 --- E O F --- 2009-09-08 14:26



LOG ze hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:35, on 9.9.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\CF16182.exe
C:\Windows\system32\SearchFilterHost.exe
C:\ComboFix\handle.cfxxe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1694268781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 4938 bytes

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\pdfforge Toolbar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1425841500-2653546536-3785045844-1004]
"EnableNotifications"=dword:00000000
"EnableNotificationsRef"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
*****************************************************************************************************************************************
logonui.exe je součást Windows, spouští se když se realizuje uživatelské rozhraní při přihlášení.

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \logonui.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

[john.vodka]

ComboFix log

ComboFix 09-09-08.01 - Host 09.09.2009 18:22.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.1773 [GMT 2:00]
Spuštěný z: c:\users\Host\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Host\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\separator.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-09 do 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 16:37 . 2009-09-09 16:37 -------- d-----w- c:\users\Host\AppData\Local\temp
2009-09-09 16:37 . 2009-09-09 16:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 16:37 . 2009-09-09 16:37 -------- d-----w- c:\users\Personal\AppData\Local\temp
2009-09-09 16:37 . 2009-09-09 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 16:37 . 2009-09-09 16:37 -------- d-----w- c:\users\Debil\AppData\Local\temp
2009-09-09 16:00 . 2002-01-05 19:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-09-09 15:49 . 2009-09-09 15:49 -------- d-----w- c:\users\Host\AppData\Roaming\Malwarebytes
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\users\Personal\AppData\Roaming\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:33 . 2009-09-08 18:33 -------- d-----w- c:\program files\Trend Micro
2009-09-08 14:21 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-09-08 14:15 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-07 16:30 . 2009-09-07 16:33 -------- d-----w- c:\program files\Duke Nukem - Manhattan Project
2009-09-07 16:30 . 2009-09-07 16:30 -------- d-----w- C:\Shortcuts
2009-09-03 20:03 . 2009-09-03 20:03 -------- d-----w- C:\Buziol Games
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-08-28 07:58 . 2009-08-28 07:58 -------- d-----w- c:\program files\Microsoft WSE
2009-08-28 07:43 . 2009-08-28 07:43 -------- d-----w- c:\program files\Electronic Arts
2009-08-26 19:33 . 2009-08-26 19:33 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-26 19:31 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-08-26 19:31 . 2004-08-25 11:53 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-08-26 19:31 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-08-25 12:19 . 2009-08-25 12:19 -------- d-----w- c:\program files\Phenomedia AG
2009-08-25 12:19 . 1998-11-17 11:44 328704 ----a-w- c:\windows\IsUn0407.exe
2009-08-21 07:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-21 07:53 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-21 07:53 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-21 07:53 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-21 07:53 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-19 08:13 . 2009-08-19 08:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-18 15:08 . 2009-08-26 20:10 -------- d-----w- c:\users\Personal\AppData\Roaming\Audacity
2009-08-16 16:22 . 2009-08-23 20:35 -------- d-----w- c:\program files\The Seal Hunter
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 14:40 . 2007-04-21 11:18 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-09-09 14:40 . 2007-04-21 11:18 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-09-09 14:35 . 2008-04-19 13:35 -------- d-----w- c:\program files\Opera
2009-09-08 20:29 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-08 14:41 . 2008-03-31 11:05 166704 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 16:32 . 2008-02-19 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 15:09 . 2008-04-09 17:13 -------- d-----w- c:\program files\Activision
2009-09-03 07:48 . 2009-03-25 08:19 -------- d-----w- c:\program files\RapidDown
2009-08-31 17:29 . 2008-07-22 08:19 -------- d-----w- c:\program files\Google
2009-08-31 10:22 . 2008-10-29 19:49 -------- d-----w- c:\programdata\Xfire
2009-08-28 12:39 . 2009-09-08 14:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-08 14:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 19:41 . 2008-08-26 18:48 -------- d-----w- c:\users\Personal\AppData\Roaming\Winamp
2009-08-27 19:04 . 2008-02-19 18:31 -------- d-----w- c:\programdata\Microsoft Help
2009-08-27 18:56 . 2008-04-08 09:01 -------- d-----w- c:\program files\EA GAMES
2009-08-27 18:28 . 2009-08-05 21:08 -------- d-----w- c:\users\Personal\AppData\Roaming\Stardock
2009-08-27 15:05 . 2008-10-29 19:49 -------- d-----w- c:\users\Personal\AppData\Roaming\Xfire
2009-08-27 14:41 . 2008-04-24 21:16 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 14:41 . 2008-04-24 21:16 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 14:26 . 2008-10-29 19:49 -------- d-----w- c:\program files\Xfire
2009-08-26 20:02 . 2008-11-24 01:48 -------- d-----w- c:\program files\CDex_150
2009-08-25 18:50 . 2009-06-23 14:33 -------- d-----w- c:\users\Personal\AppData\Roaming\BSplayer PRO
2009-08-23 22:21 . 2008-03-30 09:36 -------- d-----w- c:\program files\totalcmd
2009-08-23 16:13 . 2008-03-30 09:25 -------- d-----w- c:\program files\BitLord
2009-08-21 17:50 . 2008-06-02 20:24 -------- d-----w- c:\program files\QIP Infium
2009-08-19 08:13 . 2008-03-30 09:37 -------- d-----w- c:\program files\Winamp
2009-08-06 23:12 . 2008-08-23 10:00 166704 ----a-w- c:\users\Personal\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 08:24 . 2009-05-27 15:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\program files\Stardock
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\programdata\Stardock
2009-07-21 21:52 . 2009-09-08 14:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-08 14:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-08 14:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-08 14:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-21 07:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-06-15 18:20 . 2009-08-21 07:54 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-21 07:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-21 07:54 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-21 07:54 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-21 07:54 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-21 07:54 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-21 07:54 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-21 07:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-21 07:54 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-21 07:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-10 20:57 . 2008-06-10 20:57 2307 ----a-w- c:\program files\unins000.dat
2008-06-10 20:57 . 2008-06-10 20:57 693293 ----a-w- c:\program files\unins000.exe
2008-01-19 07:33 . 2008-07-12 09:44 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_20.32.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-30 00:18 . 2009-09-09 03:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 00:18 . 2009-09-09 03:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 00:18 . 2009-09-09 03:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-30 00:18 . 2009-09-08 20:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-16 08:07 . 2009-09-09 14:34 6470 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1425841500-2653546536-3785045844-1001_UserData.bin
+ 2009-09-08 20:30 . 2009-09-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-08 20:30 . 2009-09-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-09 14:34 112184 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-09-09 14:40 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 19:58 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 19:58 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-09 14:40 101250 c:\windows\System32\perfc009.dat
+ 2009-09-08 14:32 . 2009-09-09 03:18 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-08 14:32 . 2009-09-08 20:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-30 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1425841500-2653546536-3785045844-1004]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7ED893B2-2374-4ACF-8D2B-CB7ED269D327}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{C59D66E9-5369-458E-98E0-DFC091152ED2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{F7C5F090-61A6-4040-8AE3-14E54998C09F}d:\\hry\\hl2\\hl2.exe"= UDP:d:\hry\hl2\hl2.exe:hl2
"UDP Query User{5C577060-66A3-4B49-AA99-A243F2BBE1E6}d:\\hry\\hl2\\hl2.exe"= TCP:d:\hry\hl2\hl2.exe:hl2
"TCP Query User{F7609E16-3310-4F3F-943E-7A5186B83902}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{BFD7D859-397B-42B0-BA91-A45AC6B2D92B}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{22C187DC-50AA-4500-A880-06BDC0562E43}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{7E38A6C0-CD40-4414-A2DD-FAC784CC0F01}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"TCP Query User{9A456382-ED79-4EB8-95CF-C47A48718208}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{BBC821CF-4B1E-473C-AAE8-3AF8D30A1704}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"{0651D025-9D00-451A-8883-D0842B95704D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C999B28C-6A3B-4EAF-B7F0-66CF2AC132F5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{300BE580-70B2-4CF6-8CDB-91F3ABB74998}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A9100E55-1AA0-421D-B84C-32D15675DE7A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9087891A-FC59-446E-876A-59598ACFC4E2}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{B47515AF-965D-4CA8-9ADD-B47D385463C3}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{B8E4F162-C4B9-4FE0-8F1F-EE8A5D066D4D}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{3B0E2FF5-FBBD-41D4-9F99-18E310F1246B}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{A9AEE389-C3C2-4034-B435-602956818074}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{E448DBFB-D104-4520-8A28-604E7F5D7B1C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{2CF6CEB9-F845-4443-9575-2D611EB63576}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9544D1A9-9CCC-402B-A52C-0188833F6DC3}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{1B5621DB-DDB0-4A0A-A604-79D65418A533}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{89DA696D-F8AE-436D-ABCA-70315EC5911E}d:\\hry\\flatout2\\flatout2.exe"= UDP:d:\hry\flatout2\flatout2.exe:FlatOut2
"UDP Query User{EF2C68F8-595C-42FD-BC04-DDD950FF82B7}d:\\hry\\flatout2\\flatout2.exe"= TCP:d:\hry\flatout2\flatout2.exe:FlatOut2
"TCP Query User{789FDD66-27B0-40B6-80B1-634D7E9B516E}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{BAE7B060-CBD9-41C1-ACF6-34FDF50442C1}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{4067B8B9-D690-4F83-B072-7FA62DB51DD3}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{E0679E54-614A-4F7A-96A2-62A6C0E91FE2}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{765E0263-563F-48DF-92A2-A08A8D0F0FC6}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{8206CB58-BD46-4124-9403-D6DF1C837D07}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{0B735514-96E1-430A-805E-EF4CBEF12411}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D76666DD-35F7-4E4B-B84D-FDE9D2EDD639}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C8E37A7B-6C38-4C61-92A1-E80EA82CF58D}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{721F664A-64C0-45AB-AD69-B3A7D3649F2A}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{4E6B62DF-8632-4D68-96D4-02D0C7729413}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= UDP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"UDP Query User{226FD325-6588-4D97-BC97-2E4FC3C365F0}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= TCP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"TCP Query User{8A39C083-DC45-452C-85DC-3ADC6F13543C}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{38DF3F23-D891-43D3-A0F0-78F3A6BC7330}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{342C58BC-C8AE-4D25-945A-07E2AF727429}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{57650E2F-A0B0-4853-95B2-A16377052EA9}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{7A44AC44-7496-4327-93C0-76B1F74FB2CA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{154C9864-E3D2-4EE4-AB01-6E640651EC3B}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{14F18870-51D1-4E17-A7BE-355DC37995A5}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DE22DB7C-8E7A-4B14-9EEB-F8EFD481C281}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6EAFA948-21CC-4A26-B061-AECE2091930A}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{264A992D-B6AF-42A1-9B1E-6C6390DEF9A2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F0A37B18-1837-4B94-B6D1-BAFEC51EF5D6}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{0E1B6A16-FF3D-4779-9730-7FE3E3BD1295}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{FA8E42A3-57F6-4B11-A898-12B9699166D4}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DA8EE021-BCA9-4E2A-8098-0C47B9ED1E8E}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{5ACA59FB-114F-4E7B-B127-F60E88B8BAC6}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{1EEAE627-F2BD-431D-B9CA-EF72D3645C98}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{34A60CC8-CE63-44C8-A936-1AB382E103EE}c:\\program files\\vietcong\\vietcong.exe"= UDP:c:\program files\vietcong\vietcong.exe:vietcong
"UDP Query User{77CC8CD5-7962-4C5A-A573-F40B8D5F9AA2}c:\\program files\\vietcong\\vietcong.exe"= TCP:c:\program files\vietcong\vietcong.exe:vietcong
"TCP Query User{DAA97308-C3D2-4CE1-A6C5-252667E41834}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= UDP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{447A72BF-A8DC-483E-8D77-9542773CFAA2}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= TCP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{CB3D3DB6-B751-47F1-B0CA-880BA5F69861}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= UDP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"UDP Query User{F8CDBEF4-F0BB-4179-8DEB-7F03DE1CBDB1}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= TCP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"TCP Query User{473DF6C1-194C-4C4F-9A06-96E127067B16}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{88986485-6243-4F13-A36F-0DA5F1A643DF}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{04B7F873-6354-4ACF-B1FD-A8C9CBDA6FB1}c:\\program files\\orangebox\\hl2.exe"= UDP:c:\program files\orangebox\hl2.exe:hl2
"UDP Query User{B862BD75-485F-4E7F-BD99-995D6DE84BE6}c:\\program files\\orangebox\\hl2.exe"= TCP:c:\program files\orangebox\hl2.exe:hl2
"TCP Query User{0E13E74D-6121-4E1F-ACB0-C43E77BB059B}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= UDP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"UDP Query User{5C2A2BA8-0CF0-4334-B568-B11377F10093}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= TCP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"TCP Query User{7110A448-2C08-460C-89EC-8DE6171ECB35}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A70C1FC5-4392-4694-9966-A1FE05788528}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2.10.2007 13:53 220696]
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [19.2.2008 22:19 15416]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 19:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 21:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.5.2009 17:41 108289]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [31.10.2007 13:55 46592]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\System32\drivers\Ltn_hyd7700pc.sys [18.5.2007 7:50 374144]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{7004099C-2984-4D85-A3CF-79200AA40F6A}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{847B8816-C1FB-4FFA-8E35-21AA404E69DC}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 18:37
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-09-09 18:39
ComboFix-quarantined-files.txt 2009-09-09 16:39
ComboFix2.txt 2009-09-09 15:22
ComboFix3.txt 2009-09-08 20:40

Před spuštěním: Volných bajtů: 48 955 596 800
Po spuštění: Volných bajtů: 48 913 305 600

296 --- E O F --- 2009-09-08 14:26


file.txt

Svazek v jednotce C je VistaOS.
Sériové číslo svazku je FECB-C0BC.

Výpis adresáře C:\Windows\System32

19.01.2008 09:33 9 216 LogonUI.exe
Souborů: 1, Bajtů: 9 216

Výpis adresáře C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5092764d99de

02.11.2006 11:45 9 216 LogonUI.exe
Souborů: 1, Bajtů: 9 216

Výpis adresáře C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_6593128e7338aab2

19.01.2008 09:33 9 216 LogonUI.exe
Souborů: 1, Bajtů: 9 216

[Damned]

Šmejdi by měli být pryč (alespoň žádnýho nevidím).

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Vyčisti systém CCleanerem
Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
*****************************************************************************************************************************************
S tím přihlašováním: Co jsem zatím našel, tak všude se psalo o zrušení(smazání) ůčtů, vyčištění registru a založení nových ůčtů.
Zkusím se zeptat, nebo zkusím ještě najít co s tím.

[john.vodka]

Obrovské díky, moc jste mi pomohl. Ty účty nejspíš smažu a vytvořím nové, snad to bude fungovat.

[Damned]

Označ topic za vyřešený (zelená fajfka) a měj se.

Kdyby byl problém s vytvořením a přihlašováním se k účtu, založ nový topic v příslušné sekci.