prosím o kontrolu logu.. Vyřešeno

[zikinda]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:24, on 15.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: Net Games Toolbar - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\tbNet1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Net Games Toolbar - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\tbNet1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Net Games Toolbar - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\tbNet1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0043316218
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8C18F1D-65C9-4716-9452-B301711254FC}: NameServer = 192.96.162.2,192.96.160.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8523 bytes

[Reklama]

[pitimir]

Ahoj. Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

[zikinda]

DDS (Ver_09-07-30.01) - FAT32x86
Run by lenkapc at 22:40:53,39 on st 16.09.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.103 [GMT 2:00]

AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
SVCHOST.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\lenkapc\Plocha\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
uURLSearchHooks: Net Games Toolbar: {8a6264b5-a8f2-494b-8f37-cf898a763e42} - c:\program files\net_games\tbNet1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Net Games Toolbar: {8a6264b5-a8f2-494b-8f37-cf898a763e42} - c:\program files\net_games\tbNet1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: Net Games Toolbar: {8a6264b5-a8f2-494b-8f37-cf898a763e42} - c:\program files\net_games\tbNet1.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" -"http://www.1000her.cz/loading/loading.php?menu=zavodni3d&&data=&&id=1714&admedia=1"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SkyTel] SkyTel.EXE
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabídk~1\programy\pospuš~1\asusch~1.lnk - c:\program files\asus\asus chkmail\ChkMail.exe
StartupFolder: c:\docume~1\alluse~1\nabídk~1\programy\pospuš~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: w-source.biz\forum
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0043316218
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: {E8C18F1D-65C9-4716-9452-B301711254FC} = 192.96.162.2,192.96.160.6
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-17 138680]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2009-2-18 16269]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-28 352920]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-11-20 69120]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-17 603904]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2009-2-17 98488]

=============== Created Last 30 ================

2009-09-16 20:14 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-16 20:14 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-16 20:12 <DIR> --d----- c:\program files\iPod
2009-09-16 20:12 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 20:12 <DIR> --d----- c:\program files\iTunes
2009-09-16 20:11 <DIR> --d----- c:\program files\Bonjour
2009-09-09 10:46 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-09 07:42 <DIR> --dsh--- C:\FOUND.008
2009-09-06 09:17 <DIR> --dsh--- C:\FOUND.007
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 07:52 <DIR> --dsh--- C:\FOUND.006
2009-08-25 12:21 117,760 a------- c:\windows\system32\hpzll64X.dll
2009-08-24 22:28 <DIR> --d----- c:\program files\directx
2009-08-24 22:26 <DIR> --d----- c:\program files\Rockstar Games

==================== Find3M ====================

2009-08-06 11:51 131,364 a------- c:\windows\hpoins14.dat
2009-08-05 11:01 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 11:01 205,312 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:46 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 15:17 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 21:04 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 21:04 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 15:28 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-08 14:49 3,481,968 a------- c:\program files\FLV PlayerFCSetup.exe
2009-07-08 14:48 9,810,664 a------- c:\program files\FLV PlayerRCATSetup.exe
2009-07-08 14:46 21,433,720 a------- c:\program files\FLV PlayerRCSetup.exe
2009-07-03 18:59 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 18:59 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 18:59 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 18:59 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 18:59 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 18:59 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 18:59 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 18:59 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 18:59 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 18:59 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 18:59 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 18:59 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 13:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 10:27 729,088 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:27 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:27 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 10:27 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:27 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 10:27 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 10:27 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 10:27 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 10:27 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 10:27 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 10:27 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 10:27 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 13:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 08:48 726,528 a------- c:\windows\system32\dllcache\jscript.dll

============= FINISH: 22:41:25,03 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 17.2.2009 17:51:06
System Uptime: 16.9.2009 9:17:05 (13 hours ago)

Motherboard: ASUSTeK Computer INC. | | A6M
Processor: Mobile AMD Sempron(tm) Processor 3500+ | CPU 1 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 45 GiB total, 1,807 GiB free.
D: is FIXED (NTFS) - 28 GiB total, 27,864 GiB free.
E: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola SM56 Data Fax Modem
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_104310C6&REV_1007\4&344B2ED8&0&0101
Manufacturer: Motorola Inc
Name: Motorola SM56 Data Fax Modem
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_104310C6&REV_1007\4&344B2ED8&0&0101
Service: Modem

==== System Restore Points ===================

RP301: 2.9.2009 9:07:33 - Software Distribution Service 3.0
RP302: 3.9.2009 7:56:32 - Software Distribution Service 3.0
RP303: 3.9.2009 23:07:07 - Software Distribution Service 3.0
RP304: 4.9.2009 8:44:44 - Software Distribution Service 3.0
RP305: 4.9.2009 10:25:16 - Software Distribution Service 3.0
RP306: 5.9.2009 2:06:35 - Software Distribution Service 3.0
RP307: 5.9.2009 2:50:45 - Software Distribution Service 3.0
RP308: 5.9.2009 10:48:10 - Software Distribution Service 3.0
RP309: 6.9.2009 9:21:24 - Software Distribution Service 3.0
RP310: 6.9.2009 9:24:04 - Software Distribution Service 3.0
RP311: 6.9.2009 23:42:26 - Software Distribution Service 3.0
RP312: 7.9.2009 7:15:26 - Software Distribution Service 3.0
RP313: 7.9.2009 7:30:12 - Software Distribution Service 3.0
RP314: 8.9.2009 0:30:56 - Software Distribution Service 3.0
RP315: 8.9.2009 7:32:46 - Software Distribution Service 3.0
RP316: 9.9.2009 0:32:40 - Software Distribution Service 3.0
RP317: 9.9.2009 8:02:55 - Software Distribution Service 3.0
RP318: 9.9.2009 23:51:17 - Software Distribution Service 3.0
RP319: 10.9.2009 9:41:38 - Software Distribution Service 3.0
RP320: 10.9.2009 21:48:45 - Software Distribution Service 3.0
RP321: 10.9.2009 23:29:49 - Software Distribution Service 3.0
RP322: 11.9.2009 9:15:11 - Software Distribution Service 3.0
RP323: 11.9.2009 17:29:02 - Software Distribution Service 3.0
RP324: 11.9.2009 17:44:12 - Installed QuickTime
RP325: 11.9.2009 17:49:45 - Software Distribution Service 3.0
RP326: 12.9.2009 0:03:47 - Software Distribution Service 3.0
RP327: 12.9.2009 15:38:29 - Software Distribution Service 3.0
RP328: 12.9.2009 22:20:45 - Software Distribution Service 3.0
RP329: 13.9.2009 3:00:17 - Software Distribution Service 3.0
RP330: 13.9.2009 10:28:19 - Software Distribution Service 3.0
RP331: 13.9.2009 10:45:09 - Software Distribution Service 3.0
RP332: 13.9.2009 11:13:00 - Software Distribution Service 3.0
RP333: 13.9.2009 21:31:50 - Software Distribution Service 3.0
RP334: 14.9.2009 9:41:58 - Software Distribution Service 3.0
RP335: 14.9.2009 21:52:00 - Software Distribution Service 3.0
RP336: 15.9.2009 8:44:21 - Software Distribution Service 3.0
RP337: 15.9.2009 22:11:14 - Software Distribution Service 3.0
RP338: 15.9.2009 23:55:11 - Software Distribution Service 3.0
RP339: 16.9.2009 9:21:03 - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
AIO_Scan
Aktualizace systému Windows Internet Explorer 8 (KB968220)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB969897)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB938464-v2)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958215)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960714)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB963027)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973869)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Asus ChkMail
Asus_A6_ScreenSaver
ATK0100 ACPI UTILITY
Auta - Burakuv narodni sampionat
avast! Antivirus
Bonjour
BS.Player FREE
BS_Player Toolbar
BSPlayer
BufferChm
Czech Soccer Manager 2002 Final Edition
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)
DJ_AIO_Software_min
Drv
Faktury 4.2.5F
Fotosvet TETA
Google Toolbar for Internet Explorer
GTA2
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
HP Deskjet All-In-One Software 9.0
ICQ6.5
iTunes
Java(TM) 6 Update 12
LANGMaster Výuka: Kurz účetnictví
Mad Dogs On The Road
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
MSXML 4.0 SP2 (KB954430)
Net_Games Toolbar
Norton Security Scan
NVIDIA Drivers
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB970653-v3)
Power4 Gear
QuickTime
Realtek High Definition Audio Driver
REALTEK PCIE NIC Driver
Refined Bowling
Ringed Drag Strip
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Scan
Seven Remix XP 2.0
SiSoftware Sandra Lite 2009.SP1
Skype web features
Skype™ 4.1
Synaptics Pointing Device Driver
Toolbox
TuneUp Utilities 2009
UnloadSupport
Veselá kuřata
WebFldrs XP
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFlash

==== End Of File ===========================

[pitimir]

1) Stiahni ToolBar S&D. Zavri vsetky spustene prehliadace a spust program. Vyber jazyk - v pripade anglictiny stlac E -> Enter. Vyskoci na teba okno, po jeho odkliknuti sa dostanes do dalsieho menu. V nom stlac 2 -> Enter. Pockaj, kym sa neskonci scan a posli vytvoreny log.


2) Pouzi JavaRa, mas staru Javu.


3) Stiahni ComboFix na plochu - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Folder::
c:\progra~1\mywebs~1
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006

DDS::
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0043316218
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

Driver::
MyWebSearchService

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[zikinda]

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft (R) Windows Script Host verze 5.7
Copyright (C) Microsoft Corporation 1996-2001. Vçechna pr va vyhrazena.
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3500+ )
BIOS : Default System BIOS
USER : lenkapc ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090917-0] 4.8.1351 (Activated)
C:\ (Local Disk) - FAT32 - Total:44 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:27 Go (Free:27 Go)
E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
F:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( pá 18.09.2009|15:33 )

-----------\\ FIX

Deleted! - [Service] MyWebSearchService
Deleted! - C:\Program Files\AskBarDis\unins000.dat
Deleted! - C:\Program Files\AskBarDis\unins000.exe
Deleted! - C:\Program Files\AskBarDis\bar
Deleted! - C:\DOCUME~1\lenkapc\Cookies\lenkapc@myway[1].txt
Deleted! - C:\DOCUME~1\lenkapc\Cookies\lenkapc@mywebsearch[2].txt
Deleted! - C:\Program Files\AskBarDis

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.cz/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\lenkapc\Dokumenty\Hudba\Nová složka\Eminem-CrackABottle.mp3



1 - "C:\ToolBar SD\TB_1.txt" - pá 18.09.2009|15:34 - Option : [2]

-----------\\ Scan completed at 15:34:53,90

[zikinda]

ComboFix 09-09-17.04 - lenkapc 18.09.2009 16:08.9.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.192 [GMT 2:00]
Spuštěný z: c:\documents and settings\lenkapc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\lenkapc\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.006
c:\found.006\FILE0000.CHK
c:\found.006\FILE0001.CHK
c:\found.006\FILE0002.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
c:\found.007\FILE0001.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
c:\found.008\FILE0001.CHK
c:\windows\Alcmtr.exe
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-18 do 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-18 14:00 . 2009-09-18 14:00 -------- d-----w- c:\program files\CCleaner
2009-09-18 13:56 . 2009-09-18 13:56 -------- d-----w- C:\Sun
2009-09-18 13:32 . 2009-09-18 13:32 -------- d-----w- C:\ToolBar SD
2009-09-16 18:14 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-16 18:14 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-16 18:12 . 2009-09-16 18:12 -------- d-----w- c:\program files\iPod
2009-09-16 18:12 . 2009-09-16 18:12 -------- d-----w- c:\program files\iTunes
2009-09-16 18:11 . 2009-09-16 18:11 -------- d-----w- c:\program files\Bonjour
2009-09-11 15:44 . 2009-09-11 15:44 -------- d-----w- c:\program files\QuickTime
2009-09-11 15:43 . 2009-09-11 15:43 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 15:43 . 2009-09-11 15:43 -------- d-----w- c:\program files\Apple Software Update
2009-09-09 08:46 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-25 10:21 . 2008-08-18 09:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2009-08-24 20:28 . 2009-08-24 20:28 -------- d-----w- c:\program files\directx
2009-08-24 20:26 . 2009-08-24 20:26 -------- d-----w- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10 . 2009-02-17 17:40 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-17 17:40 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-17 17:40 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-28 20:47 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-28 20:47 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-17 17:40 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-28 20:47 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-17 17:40 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-28 19:00 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-06 09:51 . 2009-08-06 09:47 131364 ----a-w- c:\windows\hpoins14.dat
2009-08-06 09:50 . 2009-08-06 09:50 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-05 09:01 . 2004-11-20 09:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 19:00 . 2009-07-21 19:00 -------- d-----w- c:\program files\Common Files\Skype
2009-07-21 19:00 . 2009-07-21 19:00 -------- d-----r- c:\program files\Skype
2009-07-21 17:34 . 2009-07-21 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 19:04 . 2004-11-20 09:14 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-11-20 09:15 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:36 . 2009-07-21 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-07-21 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 12:49 . 2009-07-08 12:48 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-07-08 12:48 . 2009-07-08 12:46 9810664 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2009-07-08 12:46 . 2009-07-08 12:43 21433720 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-07-03 16:59 . 2004-11-20 09:14 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-11-20 09:14 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-11-20 09:14 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-11-20 09:14 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-11-20 09:14 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-11-20 09:14 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-11-20 09:14 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-11-20 09:14 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-18 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[7] 2004-08-18 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 2BD85EF1A4BF2AD771A2222700524336 . 2352384 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . 2BD85EF1A4BF2AD771A2222700524336 . 2352384 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-02-09 . 2BD85EF1A4BF2AD771A2222700524336 . 2352384 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-08-14 . 2BCBCE27A946C057051A85CB032F49FF . 2191360 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 7BBDCD1F5F60ED0B18D2F535763588A2 . 2182528 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . C45C335F78C90DC75C05D5260B6888C7 . 2188160 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 91F18AB1E9ACBF6E27A5545A8F57C89B . 2191360 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . 91F18AB1E9ACBF6E27A5545A8F57C89B . 2191360 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2004-08-18 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2004-08-18 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . 3546ED37229E5911B94F26CBF8882359 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 3546ED37229E5911B94F26CBF8882359 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2009-02-10 . B0900D9E282D1CCB841F3FA290E4D747 . 2229376 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 . B0900D9E282D1CCB841F3FA290E4D747 . 2229376 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-02-10 . B0900D9E282D1CCB841F3FA290E4D747 . 2229376 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 5495B7902AE2EEE3A98D889E9A679724 . 2068224 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 0AA15E32D7AE261403EE88A3A4F288A4 . 2059904 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 6BB160864CAABEEA24D6BA9EDE18B641 . 2065152 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . 09CD607918C3F5600D8A111155F62CA6 . 2068224 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 09CD607918C3F5600D8A111155F62CA6 . 2068224 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2004-08-18 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-27 2215960]
"{8a6264b5-a8f2-494b-8f37-cf898a763e42}"= "c:\program files\Net_Games\tbNet1.dll" [2009-08-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{8a6264b5-a8f2-494b-8f37-cf898a763e42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a6264b5-a8f2-494b-8f37-cf898a763e42}]
2009-08-06 15:26 2215960 ----a-w- c:\program files\Net_Games\tbNet1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-27 18:12 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-27 2215960]
"{8a6264b5-a8f2-494b-8f37-cf898a763e42}"= "c:\program files\Net_Games\tbNet1.dll" [2009-08-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{8a6264b5-a8f2-494b-8f37-cf898a763e42}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-27 2215960]
"{8A6264B5-A8F2-494B-8F37-CF898A763E42}"= "c:\program files\Net_Games\tbNet1.dll" [2009-08-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{8a6264b5-a8f2-494b-8f37-cf898a763e42}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-20 544768]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ASUS ChkMail.lnk - c:\program files\ASUS\Asus ChkMail\ChkMail.exe [2009-2-18 32768]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.3.2009 22:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.3.2009 22:47 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [18.2.2009 20:52 16269]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [17.2.2009 17:59 603904]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [17.2.2009 17:52 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-09-18 c:\windows\Tasks\User_Feed_Synchronization-{20D9E490-DACC-407B-A1D8-6EAE3C5779ED}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2009-09-16 c:\windows\Tasks\Norton Security Scan for lenkapc.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-08 10:21]

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
Trusted Zone: w-source.biz\forum
TCP: {E8C18F1D-65C9-4716-9452-B301711254FC} = 192.96.162.2,192.96.160.6
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 16:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1152)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-09-18 16:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-18 14:21

Před spuštěním: 2 951 217 152
Po spuštění: 3 063 349 248

260 --- E O F --- 2009-09-18 07:32

[pitimir]

Zaujimave...
1) Napichaj do PC vsetky USB kluce, flash disky a podobne a pouzi Flash Desinfector.


2) Otestuj subor(y) na VIRUSTOTALe:

Kód: Vybrat vše

c:\windows\system32\comctl32.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntkrnlpa.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

[zikinda]

já nevim jak to otestovat v tom virustotalu

[zikinda]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.09.19 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 -
Avast 4.8.1351.0 2009.09.18 -
AVG 8.5.0.412 2009.09.19 -
BitDefender 7.2 2009.09.19 -
CAT-QuickHeal 10.00 2009.09.19 -
ClamAV 0.94.1 2009.09.19 -
Comodo 2370 2009.09.19 -
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.19 -
F-Secure 8.0.14470.0 2009.09.18 -
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 -
Ikarus T3.1.1.72.0 2009.09.19 -
Jiangmin 11.0.800 2009.09.19 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.19 -
McAfee 5746 2009.09.19 -
McAfee+Artemis 5746 2009.09.19 -
McAfee-GW-Edition 6.8.5 2009.09.18 -
Microsoft 1.5005 2009.09.19 -
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.19 -
Panda 10.0.2.2 2009.09.19 -
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 -
Rising 21.47.52.00 2009.09.19 -
Sophos 4.45.0 2009.09.19 -
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -
Rozšiřující informace
File size: 189 bytes
MD5...: b53d99b13c2069dd515392f9e4b1e640
SHA1..: 299b92cd47caa3773421ff774e1683d19d6da7d4
SHA256: 45642c93ee4fa6a42cf548fc8111d599288361a709df79b04f0797855ab631d1
ssdeep: 3:I5SMAWAITGYXsIMMAWAIqcX9LNzAWAI0XVyIMMAfXvNwAWAIl70UAWAIqGON:I
BJJc7cAmN3gVy7d/NQTpAjN

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

tohle to napsalo

[pitimir]

Tu je navod: viewtopic.php?f=70&t=5121
Treba podla neho otestovat tieto subory, pekne jeden po druhom:

Kód: Vybrat vše

c:\windows\system32\comctl32.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntkrnlpa.exe

[zikinda]

notak v tom případě to našlo toto:

a-squared 4.5.0.24 2009.09.19 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 -
Avast 4.8.1351.0 2009.09.18 -
AVG 8.5.0.412 2009.09.19 -
BitDefender 7.2 2009.09.19 -
CAT-QuickHeal 10.00 2009.09.19 -
ClamAV 0.94.1 2009.09.19 -
Comodo 2370 2009.09.19 -
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.19 -
F-Secure 8.0.14470.0 2009.09.18 -
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 -
Ikarus T3.1.1.72.0 2009.09.19 -
Jiangmin 11.0.800 2009.09.19 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.19 -
McAfee 5746 2009.09.19 -
McAfee+Artemis 5746 2009.09.19 -
McAfee-GW-Edition 6.8.5 2009.09.18 -
Microsoft 1.5005 2009.09.19 -
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.19 -
Panda 10.0.2.2 2009.09.19 -
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 -
Rising 21.47.52.00 2009.09.19 -
Sophos 4.45.0 2009.09.19 -
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -
Rozšiřující informace
File size: 189 bytes
MD5 : b53d99b13c2069dd515392f9e4b1e640
SHA1 : 299b92cd47caa3773421ff774e1683d19d6da7d4
SHA256: 45642c93ee4fa6a42cf548fc8111d599288361a709df79b04f0797855ab631d1
TrID : File type identification
Unknown!
ssdeep: 3:I5SMAWAITGYXsIMMAWAIqcX9LNzAWAI0XVyIMMAfXvNwAWAIl70UAWAIqGON:IBJJc7cAmN3gVy7d/NQTpAjN
PEiD : -
RDS : NSRL Reference Data Set

[pitimir]

A toto bol ktory z tych 6 suborov?