Prosím o kontorlu logu (Nějaký vir za sms nechápu)

thegamer · Příspěvekod **thegamer** » 22 zář 2009 18:11

Zdravím , mám následující problém.
Takže, když zapnu PC tak se mi objeví tahle modrá obrazovka...

http://img246.imageshack.us/i/virj.jpg/

Takže bych prosil o pomoc jak se toho zbavit.. Díky. Tady je log z HJT!

Logfile of HijackThis v1.99.1
Scan saved at 15:25:25, on 22.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\hphmon03.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\Games\Counter Strike\groupmanager.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Programs\RocketDock\RocketDock.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
D:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
D:\Documents and Settings\All Users\Data aplikací\Findbasic\findbasic123.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\iZ3D Driver\Win32\S3DCService.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Findbasic\findbasic.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Admin\Plocha\hijackthis\HijackThis.exe
D:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 89.102.201.133 l2authd.lineage2.com
O1 - Hosts: 89.102.201.133 l2testauthd.lineage2.com
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - D:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GroupManager] C:\Games\Counter Strike\groupmanager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATI] C:\Windows\ati\ati.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programs\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Programs\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Findbasic Service - Unknown owner - D:\Documents and Settings\All Users\Data aplikací\Findbasic\findbasic123.exe" "D:\Program Files\Findbasic\findbasic.dll" Service (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D LLC. - D:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

Reklama

Damned · Příspěvekod **Damned** » 22 zář 2009 18:38

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

thegamer · Příspěvekod **thegamer** » 22 zář 2009 18:49

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2843
Windows 5.1.2600 Service Pack 3

22.9.2009 18:49:10
mbam-log-2009-09-22 (18-49-07).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 87994
Uplynulý čas: 2 minute(s), 59 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 9

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
D:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

Infikované soubory:
D:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> No action taken.
D:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> No action taken.
D:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> No action taken.
D:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.
C:\Games\Counter Strike\groupmanager.exe (Backdoor.Bot) -> No action taken.

Damned · Příspěvekod **Damned** » 22 zář 2009 19:16

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

thegamer · Příspěvekod **thegamer** » 22 zář 2009 19:34

No tak tady je ten Log z MBAM ale mám problém. Když restartuju ještě jednou PC tak se mi zase zobrazí modrá obrazovka s tim abych vložil kód z sms.. Jenže já už mám poslední pokus bez vložení toho kódu.. A bojím se že se mi uzamkne Pc.. co s tím prosím poraď mám to risknout nebo mám nejdřív něco udělat.. ?

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2843
Windows 5.1.2600 Service Pack 3

22.9.2009 19:34:04
mbam-log-2009-09-22 (19-34-04).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 87667
Uplynulý čas: 3 minute(s), 7 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 22 zář 2009 19:48

ComboFix by měl zbytek odstranit.

thegamer · Příspěvekod **thegamer** » 22 zář 2009 19:59

A v HJT nemám nic fixnout?

Damned · Příspěvekod **Damned** » 22 zář 2009 20:52

MbAM již odstranil zápisy.
Můeš ale klidně zkontrolovat a smazat drobnosti.
Předtím si stáhni z mého podpisu novější HJT.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GroupManager] C:\Games\Counter Strike\groupmanager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programs\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O11 - Options group: [TABS] Tabbed Browsing

Pak spusť ten Combofix

thegamer · Příspěvekod **thegamer** » 22 zář 2009 21:51

Takže tady je ten log z ComboFixu .. ale nemohl sem nainstalovat zotavovací konzoli protože se mi nějakým způsobem nepodařilo připojit k internetu.. Mám udlěat ComboFix znova i se zotavovací konzolí?

ComboFix 09-09-22.01 - Admin 22.09.2009 21:43.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2748 [GMT 2:00]
Spuštěný z: d:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
d:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-22 do 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 16:41 . 2009-09-10 12:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 16:41 . 2009-09-22 16:41 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:41 . 2009-09-10 12:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-09-21 17:31 . 2009-09-21 17:31 -------- d-----w- d:\program files\McAfee Security Scan
2009-09-20 16:29 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll
2009-09-20 16:29 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-20 16:29 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\windows\system32\AGEIA
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\program files\AGEIA Technologies
2009-09-20 13:59 . 2009-09-21 16:39 2287104 ----a-w- d:\windows\system32\TUKernel.exe
2009-09-20 13:48 . 2008-02-27 11:15 28416 ----a-w- d:\windows\system32\uxtuneup.dll
2009-09-20 13:48 . 2009-09-20 13:48 307968 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-09-20 13:02 . 2009-09-22 09:34 -------- d-----w- d:\program files\Findbasic
2009-09-20 13:02 . 2009-09-20 13:05 -------- d-----w- d:\program files\FileSubmit
2009-09-20 13:02 . 2009-09-20 13:04 -------- d-----w- d:\windows\Icons
2009-09-20 12:48 . 2009-09-20 12:48 -------- d-----w- d:\program files\TGTSoft
2009-09-20 12:41 . 2009-09-22 19:41 -------- d-----w- d:\documents and settings\Admin\.rainlendar2
2009-09-20 12:41 . 2009-09-20 12:41 -------- d-----w- d:\program files\Rainlendar2
2009-09-19 15:00 . 2009-09-19 15:02 -------- d-----w- d:\program files\CD Art Display
2009-09-19 15:00 . 2003-01-27 12:27 94208 ----a-w- d:\windows\system32\wmpuice.dll
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- d:\windows\Downloaded Installations
2009-09-18 20:35 . 2009-09-18 20:35 -------- d-----w- d:\program files\VideoLAN
2009-09-17 19:28 . 2005-09-01 09:03 5888 ------w- d:\windows\system32\drivers\imagedrv.sys
2009-09-17 19:28 . 2005-09-01 09:03 127488 ------w- d:\windows\system32\drivers\imagesrv.sys
2009-09-17 19:28 . 2004-07-26 14:16 476320 ------w- d:\windows\system32\ImagXpr7.dll
2009-09-17 19:28 . 2004-07-26 14:16 471040 ------w- d:\windows\system32\ImagXRA7.dll
2009-09-17 19:28 . 2004-07-26 14:16 262144 ------w- d:\windows\system32\ImagXR7.dll
2009-09-17 19:28 . 2004-07-26 14:16 1568768 ------w- d:\windows\system32\ImagX7.dll
2009-09-17 19:28 . 2004-07-09 06:43 364544 ------w- d:\windows\system32\TwnLib4.dll
2009-09-17 19:28 . 2000-06-26 08:45 106496 ----a-w- d:\windows\system32\TwnLib20.dll
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Ahead
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Common Files\Ahead
2009-09-17 19:28 . 2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
2009-09-17 19:25 . 2009-09-17 19:25 -------- d-----w- d:\program files\Yahoo!
2009-09-17 19:18 . 2009-09-17 19:19 35792800 ----a-w- D:\nero6614.exe
2009-09-17 15:43 . 2008-04-13 22:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-09-17 15:43 . 2008-04-13 22:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-09-16 19:12 . 2009-09-16 19:12 -------- d-----w- d:\documents and settings\Admin\dwhelper
2009-09-13 10:58 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2009-09-13 10:58 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2009-09-13 10:58 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2009-09-13 10:58 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\yv12vfw.dll
2009-09-13 10:58 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2009-09-13 10:58 . 2009-09-13 10:58 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-09-12 12:47 . 2005-05-10 16:54 258352 ----a-w- d:\windows\system32\unicows.dll
2009-09-11 14:21 . 2009-09-11 14:21 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-09-09 16:57 . 2009-09-09 16:57 -------- d-----w- d:\program files\Common Files\Borland Shared
2009-09-09 16:57 . 1999-01-20 03:01 210032 ----a-w- d:\windows\system32\DBCLIENT.DLL
2009-09-09 16:57 . 2009-09-09 19:05 -------- d-----w- d:\program files\Teacher
2009-09-08 13:30 . 2009-09-08 13:30 -------- d-----w- d:\program files\Common Files\Skype
2009-09-08 13:30 . 2009-09-08 13:31 -------- d-----r- d:\program files\Skype
2009-09-07 16:48 . 2007-05-17 15:30 318976 ----a-w- d:\windows\system32\avisynth.dll
2009-09-07 16:48 . 2004-02-22 08:11 719872 ----a-w- d:\windows\system32\devil.dll
2009-09-07 16:48 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\i420vfw.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\AviSynth 2.5
2009-09-07 16:47 . 2008-03-16 12:30 216064 --sh--r- d:\windows\system32\nbDX.dll
2009-09-07 16:47 . 2007-02-21 10:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2009-09-07 16:47 . 2006-05-03 09:06 163328 --sh--r- d:\windows\system32\flvDX.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\eRightSoft
2009-09-05 18:22 . 2009-09-05 18:22 -------- d-----w- d:\program files\DAEMON Tools Toolbar
2009-09-05 18:22 . 2009-09-06 07:54 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-09-05 16:13 . 2009-09-05 16:14 45 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences2.dat
2009-09-05 11:54 . 2009-09-05 11:55 -------- d-----w- D:\Left 4 Dead
2009-09-05 10:02 . 2009-09-05 10:48 -------- d-----w- d:\program files\Scorpions WinCheater
2009-09-01 14:44 . 2009-09-01 14:45 -------- d-----w- d:\program files\Magic Bullet Editors 2.0 Vegas
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Common Files\eSellerate
2009-09-01 13:57 . 2009-09-01 14:02 -------- d-----w- d:\program files\NewBlue
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Sonic Foundry
2009-09-01 13:56 . 2009-09-01 13:56 -------- d-----w- d:\program files\Panopticum Lens Pro 3.5 For Vegas
2009-09-01 13:12 . 2009-09-01 13:12 -------- d-----w- d:\program files\Pixelan
2009-08-30 14:47 . 2009-08-30 14:54 -------- d-----w- d:\program files\Mumble
2009-08-27 16:10 . 2009-08-27 16:11 -------- d-----w- d:\program files\RS2Bot
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Free Offers from Freeze.com
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Common Files\Winferno
2009-08-27 16:09 . 2006-10-09 11:06 495616 ----a-w- d:\windows\system32\WINUTIL5.DLL
2009-08-27 16:09 . 2006-05-17 06:40 393216 ----a-w- d:\windows\system32\WINLCTL5.DLL
2009-08-27 16:09 . 2009-08-27 16:14 -------- d-----w- d:\program files\Winferno
2009-08-27 14:45 . 2009-09-05 16:27 37 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences.dat
2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- d:\windows\Sun
2009-08-27 14:43 . 2009-08-27 14:43 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-08-27 14:43 . 2009-08-27 14:43 -------- d-----w- d:\program files\Java
2009-08-25 12:02 . 2009-08-25 12:02 -------- d-----w- d:\program files\Ventrilo
2009-08-25 12:02 . 2009-09-20 13:47 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-08-25 08:06 . 2009-08-17 16:05 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2009-08-25 08:06 . 2009-08-17 16:05 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 13:40 . 2009-08-21 16:10 -------- d-----w- d:\program files\GoQ - NetRadio
2009-09-20 08:55 . 2009-08-14 21:33 -------- d-----w- d:\program files\BitComet
2009-09-15 14:50 . 2009-08-15 09:18 189104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-09-15 14:42 . 2009-08-15 09:19 139584 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-09-05 13:57 . 2009-08-15 10:16 -------- d-----w- d:\program files\Common Files\Adobe
2009-08-23 09:04 . 2009-08-23 09:04 794408 ----a-w- d:\windows\system32\pbsvc.exe
2009-08-23 09:04 . 2009-08-15 09:18 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-08-23 08:35 . 2009-08-23 08:35 -------- d-----w- d:\program files\hp photosmart
2009-08-21 16:09 . 2009-08-21 16:08 -------- d-----w- d:\program files\NetRadio 1.01
2009-08-20 07:39 . 2009-08-20 07:39 -------- d-----w- d:\program files\Electronic Arts
2009-08-20 07:37 . 2009-08-14 09:01 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-08-19 13:47 . 2009-08-19 13:47 -------- d-----w- d:\program files\GamePark
2009-08-18 15:05 . 2009-08-18 15:05 278728 ----a-w- d:\windows\system32\drivers\atksgt.sys
2009-08-18 15:05 . 2009-08-18 15:05 25416 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2009-08-17 16:10 . 2009-08-14 10:11 1279456 ----a-w- d:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-14 10:11 93392 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-14 10:11 94160 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:04 . 2009-08-14 10:11 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-14 10:11 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-14 10:11 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-14 10:11 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-08-17 15:49 . 2009-08-17 15:37 29566 ----a-w- d:\windows\scunin.dat
2009-08-17 15:49 . 2009-08-17 15:37 967 ----a-w- d:\windows\ScUnin.pif
2009-08-17 15:49 . 2009-08-17 15:37 94208 ----a-w- d:\windows\ScUnin.exe
2009-08-16 08:25 . 2009-08-16 08:25 -------- d-----w- d:\program files\iZ3D Driver
2009-08-16 01:24 . 2001-10-25 12:00 77872 ----a-w- d:\windows\system32\perfc005.dat
2009-08-16 01:24 . 2001-10-25 12:00 428750 ----a-w- d:\windows\system32\perfh005.dat
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\MSBuild
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\Reference Assemblies
2009-08-15 16:34 . 2009-08-15 16:34 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-08-15 16:18 . 2009-08-15 16:18 -------- d-----w- d:\program files\Ubisoft
2009-08-15 16:16 . 2009-08-15 16:16 -------- d-----w- d:\program files\Alcohol Soft
2009-08-15 16:12 . 2009-08-15 16:12 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-08-15 10:35 . 2009-08-15 10:18 -------- d-----w- d:\program files\Counter-Strike Source
2009-08-15 10:23 . 2009-08-15 10:23 -------- d-----w- d:\program files\Adobe Media Player
2009-08-15 10:20 . 2009-08-15 10:20 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-08-15 10:18 . 2009-08-15 10:18 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-08-14 21:38 . 2009-08-14 21:38 -------- d-----w- d:\program files\Bitcomet Ultra Accelerator
2009-08-14 19:46 . 2009-08-14 19:46 -------- d-----w- d:\program files\Fantasy Moon 3D Screensaver
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- d:\program files\Lagoon 3D Screensaver
2009-08-14 19:40 . 2009-08-14 19:40 -------- d-----w- d:\program files\Coral Clock 3D Screensaver
2009-08-14 19:35 . 2009-08-14 19:28 -------- d-----w- d:\program files\3Planesoft Screensaver Manager
2009-08-14 19:35 . 2009-08-14 19:35 -------- d-----w- d:\program files\Earth 3D Screensaver
2009-08-14 19:31 . 2009-08-14 19:31 -------- d-----w- d:\program files\Voyage of Columbus 3D Screensaver
2009-08-14 19:28 . 2009-08-14 19:28 -------- d-----w- d:\program files\Fireplace 3D Screensaver
2009-08-14 11:46 . 2009-08-14 11:45 -------- d-----w- d:\program files\ICQ6.5
2009-08-14 10:52 . 2009-08-14 10:52 -------- d-----w- d:\program files\Common Files\INCA Shared
2009-08-14 10:15 . 2009-08-14 10:15 0 ----a-w- d:\windows\nsreg.dat
2009-08-14 10:11 . 2009-08-14 10:11 -------- d-----w- d:\program files\Alwil Software
2009-08-14 09:16 . 2009-08-14 09:16 -------- d-----w- d:\program files\Innovative Solutions
2009-08-14 09:14 . 2009-08-14 09:14 0 ----a-w- d:\windows\ativpsrm.bin
2009-08-14 09:12 . 2009-08-14 09:04 -------- d-----w- d:\program files\ATI Technologies
2009-08-14 09:03 . 2009-08-14 09:01 -------- d-----w- d:\program files\Common Files\InstallShield
2009-08-14 09:01 . 2009-08-14 09:01 -------- d-----w- d:\program files\Realtek
2009-08-14 09:01 . 2009-08-14 09:01 315392 ----a-w- d:\windows\HideWin.exe
2009-08-14 08:59 . 2009-08-14 08:59 -------- d-----w- d:\program files\Intel
2009-08-14 08:55 . 2009-08-14 08:55 10406 ----a-w- D:\hwids.dat
2009-08-14 08:49 . 2009-08-14 08:49 -------- d-----w- d:\program files\microsoft frontpage
2009-08-14 08:46 . 2009-08-14 08:46 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-08-14 08:46 . 2009-08-14 08:46 -------- d-----w- d:\program files\Windows Media Connect 2
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 06:52 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 06:51 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- d:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-08-08 15:42 286208 ----a-w- d:\windows\system32\wmpdxm.dll
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- d:\windows\system32\atimpc32.dll
2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- d:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- d:\windows\system32\aticalcl.dll
2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- d:\windows\system32\aticaldd.dll
2009-07-02 10:12 . 2009-08-14 09:04 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-06-29 16:00 . 2008-08-08 15:43 827392 ----a-w- d:\windows\system32\wininet.dll
2009-06-29 15:59 . 2008-08-08 15:43 78336 ----a-w- d:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2008-08-08 15:43 17408 ----a-w- d:\windows\system32\corpol.dll
2009-06-25 08:27 . 2008-04-14 06:52 54272 ----a-w- d:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 06:51 56832 ----a-w- d:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 06:51 147456 ----a-w- d:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 06:51 136192 ----a-w- d:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 06:51 729088 ----a-w- d:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 06:51 301568 ----a-w- d:\windows\system32\kerberos.dll
2006-05-03 09:06 . 2009-09-07 16:47 163328 --sh--r- d:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-07 16:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-07 16:47 216064 --sh--r- d:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programs\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPHmon03"="d:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-10-12 16384512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - d:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"STYLEXP"=d:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"RelevantKnowledge"=d:\program files\relevantknowledge\rlvknlg.exe -boot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\HLSW\\hlsw.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Games\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Games\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10281:TCP"= 10281:TCP:BitComet 10281 TCP
"10281:UDP"= 10281:UDP:BitComet 10281 UDP

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [25.8.2009 10:06 114768]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [16.8.2009 10:25 23672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [25.8.2009 10:06 20560]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [16.8.2009 10:25 233472]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [14.8.2009 11:04 89600]
R3 Dot4Usb HPH09;Dot4Usb HPH09;d:\windows\system32\drivers\hphius09.sys [23.8.2009 10:34 18864]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;d:\windows\system32\drivers\whfltr2k.sys [14.8.2009 11:36 6784]
S2 Findbasic Service;Findbasic Service;d:\documents and settings\All Users\Data aplikací\Findbasic\findbasic123.exe [22.9.2009 10:32 54776]
S3 getPlusHelper;getPlus(R) Helper;d:\windows\System32\svchost.exe -k getPlusHelper [14.4.2008 8:52 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-22 d:\windows\Tasks\1-Click Maintenance.job
- c:\programs\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 12:24]

2009-09-22 d:\windows\Tasks\PCConfidential.job
- d:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-08-27 12:10]

2009-09-22 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-08-16 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - d:\program files\NOS\bin\getPlus_Helper.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 21:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-1390067357-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:3e,77,86,17,12,d7,3d,84,dc,65,66,bb,97,21,ad,6c,e3,c4,e0,5e,66,
27,5d,98,f3,5f,5b,cc,75,64,99,26,53,0d,5f,79,f4,04,4b,8b,33,f1,58,e2,db,29,\
"rkeysecu"=hex:ff,57,b0,f2,f7,7b,68,a5,96,b9,9f,70,22,90,e5,79
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-09-22 21:48
ComboFix-quarantined-files.txt 2009-09-22 19:48

Před spuštěním: Volných bajtů: 24 916 996 096
Po spuštění: Volných bajtů: 25 017 716 736

307 --- E O F --- 2009-09-09 19:47

Damned · Příspěvekod **Damned** » 22 zář 2009 22:19

Konzola pro Zotavení není potřeba.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
D:\hwids.dat
d:\windows\system32\emptyregdb.dat
d:\windows\Tasks\WGASetup.job
d:\windows\system32\KB905474\wgasetup.exe

Firefox::
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

Folder::
d:\program files\DAEMON Tools Toolbar
d:\program files\relevantknowledge

Driver::
getPlusHelper;getPlus(R) Helper
getPlusHelper

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RelevantKnowledge"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

thegamer · Příspěvekod **thegamer** » 22 zář 2009 22:41

Tak žadný strašák typu "Pošli sms ! " se neobjevil.. Díky moc.. :)
Tady jinak ten ComboFix Log..

ComboFix 09-09-22.01 - Admin 22.09.2009 22:32.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2839 [GMT 2:00]
Spuštěný z: d:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"D:\hwids.dat"
"d:\windows\system32\emptyregdb.dat"
"d:\windows\system32\KB905474\wgasetup.exe"
"d:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
D:\hwids.dat
d:\program files\DAEMON Tools Toolbar
d:\program files\DAEMON Tools Toolbar\_DTLite.xml
d:\program files\DAEMON Tools Toolbar\DTToolbar.dll
d:\program files\DAEMON Tools Toolbar\Resources\about.ico
d:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
d:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
d:\program files\DAEMON Tools Toolbar\Resources\as.ico
d:\program files\DAEMON Tools Toolbar\Resources\as.png
d:\program files\DAEMON Tools Toolbar\Resources\astro.ico
d:\program files\DAEMON Tools Toolbar\Resources\az.ico
d:\program files\DAEMON Tools Toolbar\Resources\b1.bmp
d:\program files\DAEMON Tools Toolbar\Resources\b1.png
d:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
d:\program files\DAEMON Tools Toolbar\Resources\buy.ico
d:\program files\DAEMON Tools Toolbar\Resources\cond000.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond001.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond003.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond004.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond005.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond006.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond007.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond008.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond009.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond010.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond011.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond019.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond020.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond021.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond022.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond023.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond024.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond025.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond026.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond037.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond038.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond039.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond040.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond041.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond046.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond048.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond050.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond051.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond052.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond053.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond054.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond055.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond056.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond057.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond058.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond059.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond060.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond061.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond062.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond063.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond064.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond065.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond066.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond067.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond068.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond069.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond075.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond076.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond077.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond078.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond079.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond080.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond084.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond085.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond086.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond087.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond088.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond089.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond090.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond091.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond092.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond093.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond094.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond095.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond108.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond109.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond110.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond111.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond112.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond113.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond120.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond121.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond122.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond126.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond127.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond128.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond129.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond130.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond131.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond132.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond133.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond134.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond135.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond136.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond137.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond138.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond140.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond141.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond142.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond143.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond148.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond149.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond152.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond154.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond155.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond156.gif
d:\program files\DAEMON Tools Toolbar\Resources\cond157.gif
d:\program files\DAEMON Tools Toolbar\Resources\Config.ico
d:\program files\DAEMON Tools Toolbar\Resources\d.ico
d:\program files\DAEMON Tools Toolbar\Resources\d2.ico
d:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
d:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
d:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
d:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
d:\program files\DAEMON Tools Toolbar\Resources\ds.ico
d:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
d:\program files\DAEMON Tools Toolbar\Resources\dt.ico
d:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
d:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
d:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
d:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
d:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
d:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
d:\program files\DAEMON Tools Toolbar\Resources\features.ico
d:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
d:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
d:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
d:\program files\DAEMON Tools Toolbar\Resources\gd.ico
d:\program files\DAEMON Tools Toolbar\Resources\genre.xml
d:\program files\DAEMON Tools Toolbar\Resources\globe.ico
d:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
d:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
d:\program files\DAEMON Tools Toolbar\Resources\hb.ico
d:\program files\DAEMON Tools Toolbar\Resources\help.ico
d:\program files\DAEMON Tools Toolbar\Resources\hide.ico
d:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
d:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
d:\program files\DAEMON Tools Toolbar\Resources\ip.ico
d:\program files\DAEMON Tools Toolbar\Resources\lang.xml
d:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
d:\program files\DAEMON Tools Toolbar\Resources\m.ico
d:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
d:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
d:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
d:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
d:\program files\DAEMON Tools Toolbar\Resources\next.bmp
d:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\none.bmp
d:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\noW.gif
d:\program files\DAEMON Tools Toolbar\Resources\op.ico
d:\program files\DAEMON Tools Toolbar\Resources\play.bmp
d:\program files\DAEMON Tools Toolbar\Resources\play.ico
d:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
d:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
d:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\prod.ico
d:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
d:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
d:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
d:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
d:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
d:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
d:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
d:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
d:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
d:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
d:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
d:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
d:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
d:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
d:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
d:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
d:\program files\DAEMON Tools Toolbar\Resources\s2.ico
d:\program files\DAEMON Tools Toolbar\Resources\show.ico
d:\program files\DAEMON Tools Toolbar\Resources\size.bmp
d:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\skins.ico
d:\program files\DAEMON Tools Toolbar\Resources\spt.ico
d:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
d:\program files\DAEMON Tools Toolbar\Resources\stop.ico
d:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\style.ico
d:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
d:\program files\DAEMON Tools Toolbar\Resources\time.ico
d:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
d:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
d:\program files\DAEMON Tools Toolbar\Resources\trans.ico
d:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\u.ico
d:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol.ico
d:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
d:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wb.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
d:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
d:\program files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
d:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
d:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
d:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
d:\program files\DAEMON Tools Toolbar\uninst.exe
d:\windows\system32\AVSredirect.dll
d:\windows\system32\emptyregdb.dat
d:\windows\system32\KB905474\wgasetup.exe
d:\windows\Tasks\WGASetup.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GETPLUSHELPER
-------\Service_getPlusHelper

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-22 do 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 16:41 . 2009-09-10 12:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 16:41 . 2009-09-22 16:41 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:41 . 2009-09-10 12:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-09-21 17:31 . 2009-09-21 17:31 -------- d-----w- d:\program files\McAfee Security Scan
2009-09-20 16:29 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll
2009-09-20 16:29 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-20 16:29 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\windows\system32\AGEIA
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\program files\AGEIA Technologies
2009-09-20 13:59 . 2009-09-21 16:39 2287104 ----a-w- d:\windows\system32\TUKernel.exe
2009-09-20 13:48 . 2008-02-27 11:15 28416 ----a-w- d:\windows\system32\uxtuneup.dll
2009-09-20 13:48 . 2009-09-20 13:48 307968 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-09-20 13:02 . 2009-09-22 09:34 -------- d-----w- d:\program files\Findbasic
2009-09-20 13:02 . 2009-09-20 13:05 -------- d-----w- d:\program files\FileSubmit
2009-09-20 13:02 . 2009-09-20 13:04 -------- d-----w- d:\windows\Icons
2009-09-20 12:48 . 2009-09-20 12:48 -------- d-----w- d:\program files\TGTSoft
2009-09-20 12:41 . 2009-09-22 20:36 -------- d-----w- d:\documents and settings\Admin\.rainlendar2
2009-09-20 12:41 . 2009-09-20 12:41 -------- d-----w- d:\program files\Rainlendar2
2009-09-19 15:00 . 2009-09-19 15:02 -------- d-----w- d:\program files\CD Art Display
2009-09-19 15:00 . 2003-01-27 12:27 94208 ----a-w- d:\windows\system32\wmpuice.dll
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- d:\windows\Downloaded Installations
2009-09-18 20:35 . 2009-09-18 20:35 -------- d-----w- d:\program files\VideoLAN
2009-09-17 19:28 . 2005-09-01 09:03 5888 ------w- d:\windows\system32\drivers\imagedrv.sys
2009-09-17 19:28 . 2005-09-01 09:03 127488 ------w- d:\windows\system32\drivers\imagesrv.sys
2009-09-17 19:28 . 2004-07-26 14:16 476320 ------w- d:\windows\system32\ImagXpr7.dll
2009-09-17 19:28 . 2004-07-26 14:16 471040 ------w- d:\windows\system32\ImagXRA7.dll
2009-09-17 19:28 . 2004-07-26 14:16 262144 ------w- d:\windows\system32\ImagXR7.dll
2009-09-17 19:28 . 2004-07-26 14:16 1568768 ------w- d:\windows\system32\ImagX7.dll
2009-09-17 19:28 . 2004-07-09 06:43 364544 ------w- d:\windows\system32\TwnLib4.dll
2009-09-17 19:28 . 2000-06-26 08:45 106496 ----a-w- d:\windows\system32\TwnLib20.dll
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Ahead
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Common Files\Ahead
2009-09-17 19:28 . 2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
2009-09-17 19:25 . 2009-09-17 19:25 -------- d-----w- d:\program files\Yahoo!
2009-09-17 19:18 . 2009-09-17 19:19 35792800 ----a-w- D:\nero6614.exe
2009-09-17 15:43 . 2008-04-13 22:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-09-17 15:43 . 2008-04-13 22:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-09-16 19:12 . 2009-09-16 19:12 -------- d-----w- d:\documents and settings\Admin\dwhelper
2009-09-13 10:58 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2009-09-13 10:58 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2009-09-13 10:58 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2009-09-13 10:58 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\yv12vfw.dll
2009-09-13 10:58 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2009-09-13 10:58 . 2009-09-13 10:58 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-09-12 12:47 . 2005-05-10 16:54 258352 ----a-w- d:\windows\system32\unicows.dll
2009-09-11 14:21 . 2009-09-11 14:21 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-09-09 16:57 . 2009-09-09 16:57 -------- d-----w- d:\program files\Common Files\Borland Shared
2009-09-09 16:57 . 1999-01-20 03:01 210032 ----a-w- d:\windows\system32\DBCLIENT.DLL
2009-09-09 16:57 . 2009-09-09 19:05 -------- d-----w- d:\program files\Teacher
2009-09-08 13:30 . 2009-09-08 13:30 -------- d-----w- d:\program files\Common Files\Skype
2009-09-08 13:30 . 2009-09-08 13:31 -------- d-----r- d:\program files\Skype
2009-09-07 16:48 . 2007-05-17 15:30 318976 ----a-w- d:\windows\system32\avisynth.dll
2009-09-07 16:48 . 2004-02-22 08:11 719872 ----a-w- d:\windows\system32\devil.dll
2009-09-07 16:48 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\i420vfw.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\AviSynth 2.5
2009-09-07 16:47 . 2008-03-16 12:30 216064 --sh--r- d:\windows\system32\nbDX.dll
2009-09-07 16:47 . 2007-02-21 10:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2009-09-07 16:47 . 2006-05-03 09:06 163328 --sh--r- d:\windows\system32\flvDX.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\eRightSoft
2009-09-05 18:22 . 2009-09-06 07:54 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-09-05 16:13 . 2009-09-05 16:14 45 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences2.dat
2009-09-05 11:54 . 2009-09-05 11:55 -------- d-----w- D:\Left 4 Dead
2009-09-05 10:02 . 2009-09-05 10:48 -------- d-----w- d:\program files\Scorpions WinCheater
2009-09-01 14:44 . 2009-09-01 14:45 -------- d-----w- d:\program files\Magic Bullet Editors 2.0 Vegas
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Common Files\eSellerate
2009-09-01 13:57 . 2009-09-01 14:02 -------- d-----w- d:\program files\NewBlue
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Sonic Foundry
2009-09-01 13:56 . 2009-09-01 13:56 -------- d-----w- d:\program files\Panopticum Lens Pro 3.5 For Vegas
2009-09-01 13:12 . 2009-09-01 13:12 -------- d-----w- d:\program files\Pixelan
2009-08-30 14:47 . 2009-08-30 14:54 -------- d-----w- d:\program files\Mumble
2009-08-27 16:10 . 2009-08-27 16:11 -------- d-----w- d:\program files\RS2Bot
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Free Offers from Freeze.com
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Common Files\Winferno
2009-08-27 16:09 . 2006-10-09 11:06 495616 ----a-w- d:\windows\system32\WINUTIL5.DLL
2009-08-27 16:09 . 2006-05-17 06:40 393216 ----a-w- d:\windows\system32\WINLCTL5.DLL
2009-08-27 16:09 . 2009-08-27 16:14 -------- d-----w- d:\program files\Winferno
2009-08-27 14:45 . 2009-09-05 16:27 37 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences.dat
2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- d:\windows\Sun
2009-08-27 14:43 . 2009-08-27 14:43 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-08-27 14:43 . 2009-08-27 14:43 -------- d-----w- d:\program files\Java
2009-08-25 12:02 . 2009-08-25 12:02 -------- d-----w- d:\program files\Ventrilo
2009-08-25 12:02 . 2009-09-20 13:47 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-08-25 08:06 . 2009-08-17 16:05 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2009-08-25 08:06 . 2009-08-17 16:05 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 13:40 . 2009-08-21 16:10 -------- d-----w- d:\program files\GoQ - NetRadio
2009-09-20 08:55 . 2009-08-14 21:33 -------- d-----w- d:\program files\BitComet
2009-09-15 14:50 . 2009-08-15 09:18 189104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-09-15 14:42 . 2009-08-15 09:19 139584 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-09-05 13:57 . 2009-08-15 10:16 -------- d-----w- d:\program files\Common Files\Adobe
2009-08-23 09:04 . 2009-08-23 09:04 794408 ----a-w- d:\windows\system32\pbsvc.exe
2009-08-23 09:04 . 2009-08-15 09:18 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-08-23 08:35 . 2009-08-23 08:35 -------- d-----w- d:\program files\hp photosmart
2009-08-21 16:09 . 2009-08-21 16:08 -------- d-----w- d:\program files\NetRadio 1.01
2009-08-20 07:39 . 2009-08-20 07:39 -------- d-----w- d:\program files\Electronic Arts
2009-08-20 07:37 . 2009-08-14 09:01 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-08-19 13:47 . 2009-08-19 13:47 -------- d-----w- d:\program files\GamePark
2009-08-18 15:05 . 2009-08-18 15:05 278728 ----a-w- d:\windows\system32\drivers\atksgt.sys
2009-08-18 15:05 . 2009-08-18 15:05 25416 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2009-08-17 16:10 . 2009-08-14 10:11 1279456 ----a-w- d:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-14 10:11 93392 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-14 10:11 94160 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:04 . 2009-08-14 10:11 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-14 10:11 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-14 10:11 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-14 10:11 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-08-17 15:49 . 2009-08-17 15:37 29566 ----a-w- d:\windows\scunin.dat
2009-08-17 15:49 . 2009-08-17 15:37 967 ----a-w- d:\windows\ScUnin.pif
2009-08-17 15:49 . 2009-08-17 15:37 94208 ----a-w- d:\windows\ScUnin.exe
2009-08-16 08:25 . 2009-08-16 08:25 -------- d-----w- d:\program files\iZ3D Driver
2009-08-16 01:24 . 2001-10-25 12:00 77872 ----a-w- d:\windows\system32\perfc005.dat
2009-08-16 01:24 . 2001-10-25 12:00 428750 ----a-w- d:\windows\system32\perfh005.dat
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\MSBuild
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\Reference Assemblies
2009-08-15 16:34 . 2009-08-15 16:34 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-08-15 16:18 . 2009-08-15 16:18 -------- d-----w- d:\program files\Ubisoft
2009-08-15 16:16 . 2009-08-15 16:16 -------- d-----w- d:\program files\Alcohol Soft
2009-08-15 16:12 . 2009-08-15 16:12 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-08-15 10:35 . 2009-08-15 10:18 -------- d-----w- d:\program files\Counter-Strike Source
2009-08-15 10:23 . 2009-08-15 10:23 -------- d-----w- d:\program files\Adobe Media Player
2009-08-15 10:20 . 2009-08-15 10:20 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-08-15 10:18 . 2009-08-15 10:18 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-08-14 21:38 . 2009-08-14 21:38 -------- d-----w- d:\program files\Bitcomet Ultra Accelerator
2009-08-14 19:46 . 2009-08-14 19:46 -------- d-----w- d:\program files\Fantasy Moon 3D Screensaver
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- d:\program files\Lagoon 3D Screensaver
2009-08-14 19:40 . 2009-08-14 19:40 -------- d-----w- d:\program files\Coral Clock 3D Screensaver
2009-08-14 19:35 . 2009-08-14 19:28 -------- d-----w- d:\program files\3Planesoft Screensaver Manager
2009-08-14 19:35 . 2009-08-14 19:35 -------- d-----w- d:\program files\Earth 3D Screensaver
2009-08-14 19:31 . 2009-08-14 19:31 -------- d-----w- d:\program files\Voyage of Columbus 3D Screensaver
2009-08-14 19:28 . 2009-08-14 19:28 -------- d-----w- d:\program files\Fireplace 3D Screensaver
2009-08-14 11:46 . 2009-08-14 11:45 -------- d-----w- d:\program files\ICQ6.5
2009-08-14 10:52 . 2009-08-14 10:52 -------- d-----w- d:\program files\Common Files\INCA Shared
2009-08-14 10:15 . 2009-08-14 10:15 0 ----a-w- d:\windows\nsreg.dat
2009-08-14 10:11 . 2009-08-14 10:11 -------- d-----w- d:\program files\Alwil Software
2009-08-14 09:16 . 2009-08-14 09:16 -------- d-----w- d:\program files\Innovative Solutions
2009-08-14 09:14 . 2009-08-14 09:14 0 ----a-w- d:\windows\ativpsrm.bin
2009-08-14 09:12 . 2009-08-14 09:04 -------- d-----w- d:\program files\ATI Technologies
2009-08-14 09:03 . 2009-08-14 09:01 -------- d-----w- d:\program files\Common Files\InstallShield
2009-08-14 09:01 . 2009-08-14 09:01 -------- d-----w- d:\program files\Realtek
2009-08-14 09:01 . 2009-08-14 09:01 315392 ----a-w- d:\windows\HideWin.exe
2009-08-14 08:59 . 2009-08-14 08:59 -------- d-----w- d:\program files\Intel
2009-08-14 08:49 . 2009-08-14 08:49 -------- d-----w- d:\program files\microsoft frontpage
2009-08-14 08:46 . 2009-08-14 08:46 -------- d-----w- d:\program files\Windows Media Connect 2
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 06:52 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 06:51 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- d:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-08-08 15:42 286208 ----a-w- d:\windows\system32\wmpdxm.dll
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- d:\windows\system32\atimpc32.dll
2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- d:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- d:\windows\system32\aticalcl.dll
2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- d:\windows\system32\aticaldd.dll
2009-07-02 10:12 . 2009-08-14 09:04 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-06-29 16:00 . 2008-08-08 15:43 827392 ------w- d:\windows\system32\wininet.dll
2009-06-29 15:59 . 2008-08-08 15:43 78336 ----a-w- d:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2008-08-08 15:43 17408 ----a-w- d:\windows\system32\corpol.dll
2009-06-25 08:27 . 2008-04-14 06:52 54272 ----a-w- d:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 06:51 56832 ----a-w- d:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 06:51 147456 ----a-w- d:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 06:51 136192 ----a-w- d:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 06:51 729088 ----a-w- d:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 06:51 301568 ----a-w- d:\windows\system32\kerberos.dll
2006-05-03 09:06 . 2009-09-07 16:47 163328 --sh--r- d:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-07 16:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-07 16:47 216064 --sh--r- d:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-22_19.47.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-22 20:36 . 2009-09-22 20:36 16384 d:\windows\Temp\Perflib_Perfdata_5c8.dat
+ 2009-09-22 20:36 . 2009-09-22 20:36 16384 d:\windows\Temp\Perflib_Perfdata_28c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programs\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPHmon03"="d:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-10-12 16384512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - d:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"STYLEXP"=d:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\HLSW\\hlsw.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Games\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Games\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10281:TCP"= 10281:TCP:BitComet 10281 TCP
"10281:UDP"= 10281:UDP:BitComet 10281 UDP

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [25.8.2009 10:06 114768]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [16.8.2009 10:25 23672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [25.8.2009 10:06 20560]
R2 Findbasic Service;Findbasic Service;d:\documents and settings\All Users\Data aplikací\Findbasic\findbasic123.exe [22.9.2009 10:32 54776]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [16.8.2009 10:25 233472]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [14.8.2009 11:04 89600]
R3 Dot4Usb HPH09;Dot4Usb HPH09;d:\windows\system32\drivers\hphius09.sys [23.8.2009 10:34 18864]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;d:\windows\system32\drivers\whfltr2k.sys [14.8.2009 11:36 6784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-09-22 d:\windows\Tasks\1-Click Maintenance.job
- c:\programs\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 12:24]

2009-09-22 d:\windows\Tasks\PCConfidential.job
- d:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-08-27 12:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-DAEMON Tools Toolbar - d:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 22:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-1390067357-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:3e,77,86,17,12,d7,3d,84,dc,65,66,bb,97,21,ad,6c,e3,c4,e0,5e,66,
27,5d,98,f3,5f,5b,cc,75,64,99,26,53,0d,5f,79,f4,04,4b,8b,33,f1,58,e2,db,29,\
"rkeysecu"=hex:ff,57,b0,f2,f7,7b,68,a5,96,b9,9f,70,22,90,e5,79
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(792)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2188)
d:\program files\Findbasic\findbasic.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\program files\TGTSoft\StyleXP\StyleXPService.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\system32\PnkBstrB.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\program files\Findbasic\findbasic.exe
d:\windows\system32\hphipm09.exe
.
**************************************************************************
.
Celkový čas: 2009-09-22 22:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-22 20:39
ComboFix2.txt 2009-09-22 19:48

Před spuštěním: Volných bajtů: 25 209 372 672
Po spuštění: Volných bajtů: 25 117 679 616

624 --- E O F --- 2009-09-09 19:47

Damned · Příspěvekod **Damned** » 22 zář 2009 22:54

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"getPlusHelper"=-

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Prosím o kontorlu logu (Nějaký vir za sms nechápu) Vyřešeno

Prosím o kontorlu logu (Nějaký vir za sms nechápu) Vyřešeno

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Re: Prosím o kontorlu logu (Nějaký vir za sms nechápu)

Kdo je online