mike007: prosím o kontrolu logu

Příspěvekod **mike007** » 22 pro 2009 23:12

Damned: Tady je log z Combofixu. Koukám, že už tam je další SCR ...

ComboFix 09-12-21.08 - mike 22.12.2009 23:03:07.14.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1074 [GMT 1:00]
Spuštěný z: c:\documents and settings\mike\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-22 do 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 21:48 . 2009-12-22 21:48 1081344 ----a-w- c:\windows\system32\70.scr
2009-12-20 12:19 . 2009-12-20 12:19 -------- d-----w- c:\windows\system32\LogFiles
2009-12-19 20:50 . 2009-12-19 20:50 -------- d-----w- c:\documents and settings\mike\DoctorWeb
2009-12-19 20:09 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-19 20:09 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-19 20:09 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-19 20:09 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-19 20:09 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-19 20:09 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-19 20:09 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-19 20:09 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-19 20:09 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-19 20:08 . 2009-12-19 20:09 -------- d-----w- c:\program files\Alwil Software
2009-12-19 12:40 . 2005-09-23 06:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-18 19:31 . 2009-12-18 19:31 -------- d--h--w- c:\windows\PIF
2009-12-18 16:51 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 16:51 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 16:51 . 2009-12-18 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 12:09 . 2009-12-18 12:09 -------- d-----w- c:\program files\TrendMicro
2009-12-17 18:04 . 2009-12-17 18:04 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-17 18:04 . 2009-12-17 18:04 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-17 18:04 . 2009-12-17 18:04 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-17 18:04 . 2009-12-17 18:04 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-16 16:24 . 2004-02-23 00:00 1386496 ----a-w- c:\windows\system32\msvbvm60.dll
2009-12-13 19:26 . 2009-12-13 19:26 -------- d-----w- C:\CloneDVDTemp
2009-12-06 10:41 . 2009-12-06 10:41 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 11:49 . 2009-05-08 17:09 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 16:59 . 2001-10-25 11:00 82290 ----a-w- c:\windows\system32\perfc005.dat
2009-12-19 16:59 . 2001-10-25 11:00 419830 ----a-w- c:\windows\system32\perfh005.dat
2009-11-09 09:59 . 2009-04-12 16:19 96384 ----a-w- c:\windows\system32\drivers\sptd9725.sys
2009-05-01 22:02 . 2009-05-01 22:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 22:02 . 2009-05-01 22:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-17 1800464]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\mike\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\MIKE\\Plocha\\Miranda IM\\miranda32.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4.4.2009 14:19 75904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 21:09 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [17.12.2009 19:04 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [17.12.2009 19:04 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 21:09 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [4.4.2009 14:33 161792]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [4.4.2009 14:37 13225]
S2 gupdate1c9ed154c063f46;Služba Google Update (gupdate1c9ed154c063f46);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2009 19:26 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2009 17:19 664064]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.foxconn.cz/
FF - ProfilePath - c:\documents and settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 23:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(824)
c:\program files\CursorXP\CurXP0.dll
.
Celkový čas: 2009-12-22 23:10:54
ComboFix-quarantined-files.txt 2009-12-22 22:10
ComboFix2.txt 2009-12-22 08:44

Před spuštěním: Volných bajtů: 70 909 886 464
Po spuštění: Volných bajtů: 70 884 360 192

- - End Of File - - 994D17E8B4EF05FBAD1FB586FB995E9D

Zkusím ještě vyjet to, co po mně chtěl pitimir. Doufám, že to stihnu než mi to tu vir blokne....

Reklama

Damned · Příspěvekod **Damned** » 22 pro 2009 23:22

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\system32\70.scr
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

FileLook::
c:\windows\system32\70.scr

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.
Zkopíruj sem (nebo přilož) i druhý log s názvem info.txt

Příspěvekod **mike007** » 22 pro 2009 23:25

Ahoj,
Nevěděl jsem, že mi odpovíš tak rychle... Abych mohl dělat na kompu další logy, musel jsem ten soubor smazat ...

ComboFix 09-12-21.08 - mike 22.12.2009 23:16:11.15.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1093 [GMT 1:00]
Spuštěný z: c:\documents and settings\mike\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mike\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32\70.scr"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\70.scr

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-22 do 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-20 12:19 . 2009-12-20 12:19 -------- d-----w- c:\windows\system32\LogFiles
2009-12-19 20:50 . 2009-12-19 20:50 -------- d-----w- c:\documents and settings\mike\DoctorWeb
2009-12-19 20:09 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-19 20:09 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-19 20:09 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-19 20:09 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-19 20:09 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-19 20:09 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-19 20:09 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-19 20:09 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-19 20:09 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-19 20:08 . 2009-12-19 20:09 -------- d-----w- c:\program files\Alwil Software
2009-12-19 12:40 . 2005-09-23 06:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-18 19:31 . 2009-12-18 19:31 -------- d--h--w- c:\windows\PIF
2009-12-18 16:51 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 16:51 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 16:51 . 2009-12-18 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 12:09 . 2009-12-18 12:09 -------- d-----w- c:\program files\TrendMicro
2009-12-17 18:04 . 2009-12-17 18:04 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-17 18:04 . 2009-12-17 18:04 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-17 18:04 . 2009-12-17 18:04 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-17 18:04 . 2009-12-17 18:04 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-16 16:24 . 2004-02-23 00:00 1386496 ----a-w- c:\windows\system32\msvbvm60.dll
2009-12-13 19:26 . 2009-12-13 19:26 -------- d-----w- C:\CloneDVDTemp
2009-12-06 10:41 . 2009-12-06 10:41 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 11:49 . 2009-05-08 17:09 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 16:59 . 2001-10-25 11:00 82290 ----a-w- c:\windows\system32\perfc005.dat
2009-12-19 16:59 . 2001-10-25 11:00 419830 ----a-w- c:\windows\system32\perfh005.dat
2009-11-09 09:59 . 2009-04-12 16:19 96384 ----a-w- c:\windows\system32\drivers\sptd9725.sys
2009-05-01 22:02 . 2009-05-01 22:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 22:02 . 2009-05-01 22:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-17 1800464]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\mike\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\MIKE\\Plocha\\Miranda IM\\miranda32.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4.4.2009 14:19 75904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 21:09 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [17.12.2009 19:04 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [17.12.2009 19:04 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 21:09 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [4.4.2009 14:33 161792]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [4.4.2009 14:37 13225]
S2 gupdate1c9ed154c063f46;Služba Google Update (gupdate1c9ed154c063f46);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2009 19:26 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2009 17:19 664064]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.foxconn.cz/
FF - ProfilePath - c:\documents and settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 23:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-12-22 23:21:46
ComboFix-quarantined-files.txt 2009-12-22 22:21
ComboFix2.txt 2009-12-22 22:10
ComboFix3.txt 2009-12-22 08:44

Před spuštěním: Volných bajtů: 70 887 538 688
Po spuštění: Volných bajtů: 70 877 839 360

- - End Of File - - C34C51D3DD70F7F8F8670B45EF56007D

Damned · Příspěvekod **Damned** » 22 pro 2009 23:34

Sorryyy.... :shock:

Chtěl jsem vědět, jestli nebude podepsanej.

1) stáhni si FixIEDef

2) Ukonči všechny aplikace a spusť FixIEDef

3) potvrdit licenční ujednání tlačítkem [Accept]

4) zahájit scan tlačítkem [Scan] (během scanu budou ukončeny všechny instance Internet Eploreru a Windows Exploreru (zmizí ikony na ploše, taskbar, atd), takže doporučuju veškerou práci uložit a před spuštěním scanu aplikace ukončit)

5) po dokončení scanu ukončit FixIEDef tlačítkem [Exit]

6) pokud se po dokončení nespustí windows explorer, zmáčknout CTRL+SHIFT+ESC a spustit windows explorer (plochu) pomocí menu Soubor > nová úloha > explorer

7) zkopíruj sem FixIEDef log, kterej se uložil na plochu..

Příspěvekod **mike007** » 22 pro 2009 23:42

pitimir: Níže jsou logy z OTL. Miimochodem, zjistil jsem, že už Daemona nepoužívám, tudíž žádný SW na tvorbu virtuálních mechanik bych neměl mít. :shock:

OTL.txt

OTL logfile created on: 22.12.2009 23:27:36 - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\mike\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,76 Gb Total Space | 66,03 Gb Free Space | 59,08% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEVELOPM-FC11CB
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.22 23:26:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Plocha\OTL.exe
PRC - [2009.12.17 19:04:46 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.12.17 17:30:12 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:36 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.07.25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.07.25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.04.14 08:52:56 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008.04.14 08:52:24 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.21 21:22:50 | 00,453,936 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.11.13 16:50:20 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 16:50:06 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006.06.07 11:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006.01.02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.05.17 18:21:12 | 00,147,456 | ---- | M] () -- C:\Program Files\Razer\razerhid.exe
PRC - [2005.04.06 20:32:24 | 00,114,688 | ---- | M] () -- C:\Program Files\Razer\razertra.exe
PRC - [2005.01.19 16:34:16 | 00,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2005.01.18 01:06:12 | 00,143,360 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\razerofa.exe
PRC - [2004.11.02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2003.11.13 12:23:52 | 00,062,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002.08.09 16:36:20 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Palm\HOTSYNC.EXE

========== Modules (SafeList) ==========

MOD - [2009.12.22 23:26:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Plocha\OTL.exe
MOD - [2009.12.17 19:04:46 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2005.01.19 16:34:24 | 00,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll

========== Win32 Services (SafeList) ==========

SRV - [2009.12.17 19:04:46 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.11.25 00:51:36 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:22 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.07.25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.06.14 19:26:28 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ed154c063f46) Služba Google Update (gupdate1c9ed154c063f46)
SRV - [2009.05.09 17:13:32 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.06.07 16:27:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006.06.07 11:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.02.09 12:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009.12.17 19:04:46 | 00,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009.12.17 19:04:46 | 00,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009.12.17 19:04:46 | 00,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009.11.25 00:51:00 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:08 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:58 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.05.16 20:19:38 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009.05.01 23:03:38 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.04.12 17:22:38 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009.04.12 17:19:18 | 00,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.04.14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006.11.06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006.06.07 11:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.23 23:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.04.24 22:43:58 | 00,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2005.04.21 13:40:38 | 00,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2005.04.12 10:41:22 | 00,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005.03.15 17:04:00 | 00,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530)
DRV - [2005.02.23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003.11.13 13:25:26 | 00,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.11.13 09:05:36 | 00,481,596 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.08.13 09:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.07.02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.12 12:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003.05.19 12:42:34 | 00,016,772 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002.10.04 04:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001.10.25 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
IE - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\S-1-5-21-2052111302-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.1A
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}:0.3.2
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.4
FF - prefs.js..extensions.enabledItems: {84417002-6445-49b4-9fd7-1ef48240fa41}:1.0.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.71

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.04.04 23:34:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.04.04 23:34:02 | 00,000,000 | ---D | M]

[2009.04.04 16:02:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Extensions
[2009.04.04 16:02:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions
[2009.06.13 13:46:22 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.12.03 09:06:26 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009.06.14 18:42:12 | 00,000,000 | ---D | M] (Context Highlight) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}
[2009.04.04 23:37:56 | 00,000,000 | ---D | M] (Live PageRank) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2009.07.19 21:04:16 | 00,000,000 | ---D | M] (Tab History) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{84417002-6445-49b4-9fd7-1ef48240fa41}
[2009.05.04 00:22:44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2009.12.10 21:02:22 | 00,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009.07.03 06:34:32 | 00,000,000 | ---D | M] (BBCode) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2009.11.20 21:47:26 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.05.01 00:17:56 | 00,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2009.07.01 07:34:36 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.05.03 16:32:14 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.10.13 07:29:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.12.09 22:13:04 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.09.13 09:12:24 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.09.29 08:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\amin.eft_Shutdown@gmail.com
[2009.04.04 23:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\cs@dictionaries.addons.mozilla.org
[2009.05.19 19:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\externalip@erik.morlin
[2009.07.19 21:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\extensions\timetrack@usablehack.com
[2009.10.30 16:48:52 | 00,001,699 | ---- | M] () -- C:\Documents and Settings\mike\Data aplikací\Mozilla\Firefox\Profiles\2i1sp5ib.default\searchplugins\sfd.xml
[2009.04.04 23:34:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.01 20:18:10 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.01 20:18:10 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.01 20:18:10 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.01 20:18:10 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.01 20:18:10 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [razer] C:\Program Files\Razer\razerhid.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\mike\Nabídka Start\Programy\Po spuštění\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.254.250
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.04.04 13:39:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55454075105312768)

========== Files/Folders - Created Within 7 Days ==========

[2009.12.22 23:26:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike\Plocha\OTL.exe
[2009.12.22 23:15:13 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009.12.22 23:01:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.12.22 23:01:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.12.22 23:01:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.12.22 23:01:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.12.22 23:00:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.12.22 09:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.12.20 13:19:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009.12.20 10:23:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\mike\Recent
[2009.12.19 21:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mike\DoctorWeb
[2009.12.19 21:09:25 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009.12.19 21:09:24 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009.12.19 21:09:24 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009.12.19 21:09:23 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009.12.19 21:09:23 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009.12.19 21:09:23 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009.12.19 21:09:23 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009.12.19 21:09:23 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009.12.19 21:09:02 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009.12.19 21:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009.12.19 13:40:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.19 13:40:14 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009.12.18 20:31:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.12.18 17:51:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.12.18 17:51:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.18 17:51:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.12.18 13:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009.12.17 19:04:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2009.12.17 19:04:50 | 00,171,552 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009.12.17 19:04:50 | 00,133,064 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009.12.17 19:04:50 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009.12.17 19:04:50 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009.12.16 17:24:49 | 01,386,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm60.dll
[2009.11.03 12:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2009.07.21 13:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Softland
[2009.06.14 19:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.06.14 19:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.05.16 20:13:01 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\mike\Data aplikací\pcouffin.sys
[2009.05.01 12:28:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.04.04 14:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.04.04 14:09:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.04.04 13:44:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.04.04 13:44:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2009.12.22 23:28:58 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2009.12.22 23:26:22 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\Plocha\OTL.exe
[2009.12.22 23:21:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.22 23:20:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.12.22 23:00:16 | 03,862,657 | R--- | M] () -- C:\Documents and Settings\mike\Plocha\ComboFix.exe
[2009.12.22 22:55:58 | 00,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.22 22:54:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.22 12:49:58 | 00,000,272 | -HS- | M] () -- C:\Documents and Settings\mike\ntuser.ini
[2009.12.22 12:49:58 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009.12.22 12:42:02 | 00,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.22 11:46:22 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2009.12.22 11:35:36 | 00,001,838 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2009.12.20 23:54:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\mike\Plocha\ZAZÁLOHUJ FOTKY !!!
[2009.12.19 21:09:24 | 00,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.12.19 19:44:32 | 00,098,168 | ---- | M] () -- C:\Documents and Settings\mike\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.12.19 19:43:12 | 00,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.19 19:00:56 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.19 17:59:46 | 01,008,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.19 17:59:46 | 00,421,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.19 17:59:46 | 00,419,830 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009.12.19 17:59:46 | 00,082,290 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009.12.19 17:59:46 | 00,071,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.19 07:15:36 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\mike\Plocha\HiJackThis.lnk
[2009.12.18 17:51:30 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.12.18 17:41:02 | 00,063,114 | ---- | M] () -- C:\Documents and Settings\mike\Dokumenty\pinfect.zip
[2009.12.18 14:35:48 | 00,113,152 | ---- | M] () -- C:\Documents and Settings\mike\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.17 19:04:46 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009.12.17 19:04:46 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009.12.17 19:04:46 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009.12.17 19:04:46 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.22 23:01:48 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.12.22 23:01:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.12.22 23:01:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.12.22 23:01:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.12.22 23:01:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.12.22 22:59:20 | 03,862,657 | R--- | C] () -- C:\Documents and Settings\mike\Plocha\ComboFix.exe
[2009.12.20 23:54:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\mike\Plocha\ZAZÁLOHUJ FOTKY !!!
[2009.12.19 21:09:02 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009.12.18 17:51:29 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.12.18 17:41:00 | 00,063,114 | ---- | C] () -- C:\Documents and Settings\mike\Dokumenty\pinfect.zip
[2009.12.18 13:09:03 | 00,002,433 | ---- | C] () -- C:\Documents and Settings\mike\Plocha\HiJackThis.lnk
[2009.11.09 10:46:45 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2009.11.09 10:46:45 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2009.11.09 10:46:45 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2009.11.09 10:46:45 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2009.11.09 10:46:45 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2009.10.23 15:47:21 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.10.13 07:39:50 | 00,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2009.10.13 07:39:50 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\8E5919E956.sys
[2009.09.21 08:11:54 | 00,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009.08.31 11:09:20 | 00,000,405 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2009.08.30 09:04:34 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\mike\Data aplikací\$_hpcst$.hpc
[2009.08.09 19:02:01 | 00,000,063 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.06.28 19:19:02 | 00,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009.05.16 20:14:22 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\mike\Data aplikací\pcouffin.log
[2009.05.16 20:13:01 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\mike\Data aplikací\inst.exe
[2009.05.16 20:13:01 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\mike\Data aplikací\pcouffin.cat
[2009.05.16 20:13:01 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\mike\Data aplikací\pcouffin.inf
[2009.05.06 11:48:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.05.04 11:15:44 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.04.26 23:03:43 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.14 08:18:37 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.13 18:12:32 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009.04.13 18:12:32 | 00,002,161 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009.04.12 18:00:57 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2009.04.12 18:00:55 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.04.12 17:53:06 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\__FileUploader.log
[2009.04.09 14:41:27 | 00,113,152 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.05 12:46:19 | 00,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2009.04.05 08:42:20 | 00,001,838 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.04.04 23:45:15 | 00,002,972 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.04.04 17:06:52 | 00,001,093 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.04.04 14:40:45 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.04 14:31:20 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Data aplikací\fusioncache.dat
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.04.12 17:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.04.12 17:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2009.04.13 18:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
[2009.04.17 23:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PY_Software
[2009.04.21 18:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2009.07.29 09:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2009.08.22 00:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2009.12.19 13:40:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.07.21 13:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Softland
[2009.04.10 14:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\GetRightToGo
[2009.04.13 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\proDAD
[2009.04.19 22:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Sony
[2009.04.19 22:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Publish Providers
[2009.05.16 20:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Vso
[2009.06.25 19:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\VitySoft
[2009.07.05 16:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\AltrixSoft
[2009.07.29 09:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\GARMIN
[2009.08.27 16:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\EPSON
[2009.09.21 08:11:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\HotSync
[2009.10.09 19:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\7Wonders
[2009.11.17 04:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\IObit
[2009.12.06 11:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mike\Data aplikací\Audacity

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.17 13:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.17 13:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004.08.17 13:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
[2003.06.12 12:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\WINDOWS\system32\drivers\viasraid.sys

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >

Další log bude pokračovat v novém příspěvku. Do jednoho se to nevejde.

Příspěvekod **mike007** » 22 pro 2009 23:43

Extras.txt

OTL Extras logfile created on: 22.12.2009 23:27:36 - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\mike\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,76 Gb Total Space | 66,03 Gb Free Space | 59,08% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEVELOPM-FC11CB
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1275210071-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\MIKE\Plocha\Miranda IM\miranda32.exe" = C:\Documents and Settings\MIKE\Plocha\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CDE3168-925F-417C-8EFB-CC93E2A23C34}" = Palm Desktop for Garmin iQue - ENU
"{3DCFD210-5E9B-4403-B185-1D7AE5C28612}" = Garmin MapInstall
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{67E0988E-EF9F-481E-B334-2965A50A5176}" = Atlas Czech 7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7668D9E4-B7FC-49C2-AF1B-C8DC4CFB0BD6}" = TOPO Czech 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{8103AAA2-7060-47E6-B13E-0D4EC4ED3BFD}" = iQue - TransferWaypoints
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A7C9EE7F-AB00-47D6-98D5-01AE126C7355}" = iQue - MapInstall and ContactLocation
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1.2 - Czech
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE83EC7F-7519-4036-8B59-ECE494308124}" = ATI Catalyst Control Center
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"COMODO Internet Security" = COMODO Internet Security
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CursorXP" = CursorXP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
"EPSON Printer and Utilities" = Software tiskárny EPSON
"EPSON Scanner" = EPSON Scan
"Fx Vid Cap" = Fx Vid Cap
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"PhotoFiltre" = PhotoFiltre
"PSPad editor_is1" = PSPad editor
"RealPlayer 12.0" = RealPlayer
"SMail" = Seznam Pošťák
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teacher_is1" = Teacher verze 1.8
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.12.2009 19:21:11 | Computer Name = DEVELOPM-FC11CB | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 21.12.2009 4:22:37 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 21.12.2009 7:01:19 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1004
Description = Chybující aplikace svchost.exe, verze 0.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000000.

Error - 21.12.2009 7:05:02 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 21.12.2009 17:52:45 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1004
Description = Chybující aplikace svchost.exe, verze 0.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000000.

Error - 21.12.2009 19:21:52 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 22.12.2009 4:10:32 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1004
Description = Chybující aplikace svchost.exe, verze 0.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000000.

Error - 22.12.2009 7:21:15 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
AcGenral.dll, verze 5.1.2600.5512, adresa chyby 0x000116e2.

Error - 22.12.2009 17:47:22 | Computer Name = DEVELOPM-FC11CB | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
AcGenral.dll, verze 5.1.2600.5512, adresa chyby 0x000116e2.

Error - 22.12.2009 17:55:28 | Computer Name = DEVELOPM-FC11CB | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 18.12.2009 15:04:37 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Documents and Settings\mike\Plocha\Miranda
IM\Plugins\awaysystemex.dll se nezdařila. Referenční chybová zpráva: Operace byla
dokončena úspěšně. .

Error - 18.12.2009 15:04:41 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 18.12.2009 15:04:41 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 18.12.2009 15:04:41 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Documents and Settings\mike\Plocha\Miranda
IM\Plugins\ftpfile.dll se nezdařila. Referenční chybová zpráva: Operace byla dokončena
úspěšně. .

Error - 18.12.2009 15:04:59 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 18.12.2009 15:04:59 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 18.12.2009 15:04:59 | Computer Name = DEVELOPM-FC11CB | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Documents and Settings\mike\Plocha\Miranda
IM\Plugins\uinfoexw.dll se nezdařila. Referenční chybová zpráva: Operace byla dokončena
úspěšně. .

Error - 19.12.2009 2:05:28 | Computer Name = DEVELOPM-FC11CB | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_SETUPNTGLM7X\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.

Error - 19.12.2009 8:01:53 | Computer Name = DEVELOPM-FC11CB | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056

Error - 19.12.2009 13:27:16 | Computer Name = DEVELOPM-FC11CB | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056

< End of report >

Defogger jsem tedy spustil a disabloval ty ovladače. Dej pak vědět co dál. Doufám, že to nemá vliv na vypnutí počítače. Já totiž na noc komp vypínám. Kdyby to tedy bylo potřeba zítra disablovat znovu, napiš mi to. Zatím díky.

Příspěvekod **mike007** » 23 pro 2009 00:11

Damned: Tady je log z FixIEDef

********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************

Created at 00:03:27 on Wednesday, December 23, 2009

Time Zone :

Logged On User : mike

Operating System : Systém Microsoft Windows XP Professional Service Pack 3
OS Architecture : X86
System Langauge : Czech
Keyboard Layout : Czech
Processor : X64 AMD Athlon(tm) 64 Processor 3000+

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 114.44 GB
System Drive Free : 67.44 GB

Total Physical Memory: 1535 MB
Free Physical Memory : 1069 MB
Total Page File : 1535 MB
Free Page File : 2963 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1968 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Zítra budu až do večera v práci, tak se ozvu hned jak to bude možné. Zatím díky.

pitimir · Příspěvekod **pitimir** » 23 pro 2009 10:19

Ten disk mas naozaj nahodeny na FAT32-ke?
Predpokladam, ze Defogger bol pouzity az PO spusteni ComboFixu...cize:

1) Stiahni >>tento<< subor na plochu.
Skopiruj do poznamkoveho bloku:

Kód: Vybrat vše

@echo off
"%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v
notepad report.txt
del %0
exit

Uloz ako antiTDL3.bat (typ vsetky subory) na plochu. Otvor dvojklikom. Spusti sa program, po skonceni scanu stlac lubovolnu klavesu. Otvori sa ti textovy dokument (report.txt), jeho obsah mi sem skopiruj.

2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa dalsi textak (log.txt), aj jeho obsah sem skopiruj.

3) Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1275210071-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)

:files
C:\Documents and Settings\mike\Data aplikací\IObit

:commands
[emptytemp]
[resethosts]
[reboot]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

4) Nefungoval ti zvuk? To moze mat na svedomi trojan Daonol:
Stiahni DaonolFix na plochu. Spust a stac 2 -> Enter. Zacne scan, po jeho skonceni sa vytvori log, ten posli.

Příspěvekod **mike007** » 23 pro 2009 17:40

Uff, byla to docela fuška. Počítači se to nelíbí, co log, to hláška svchost.exe

Disk mám ještě na FAT32. Jestě nebyla možnost to přeformátovat na NTFS. Pokud tohle nevyřešíme, tak možnost bude

1) TDSSKiller:
Musel jsem to zkopírovat přímo z DOSu, protože se report nechtěl sám vytvořit (otevřel se pouze prázdný notepad, v okně bylo napsáno že je chybná cesta k programu)

TDSS rootkit removing tool, Kaspersky Lab 2009
version 2.1.1 Dec 20 2009 02:40:02

Scanning Registry ...

Scanning Kernel memory ...

Completed

Results:
Infected objects in memory: 0
Cured objects in memory: 0
Infected objects on disk: 0
Objects on disk cured on reboot: 0
Objects on disk deleted on reboot: 0
Registry nodes deleted on reboot: 0

2)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

OTL:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2052111302-1275210071-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2052111302-1275210071-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\Documents and Settings\mike\Data aplikací\IObit\IObit SmartDefrag folder moved successfully.
C:\Documents and Settings\mike\Data aplikací\IObit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mike
->Temp folder emptied: 152998 bytes
->Temporary Internet Files folder emptied: 598424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 119979703 bytes
->Google Chrome cache emptied: 557424 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 122541 bytes

Total Files Cleaned = 118,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.19.0 log created on 12232009_171304

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_558.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DaonolFix:
Projel scan, vyskočila chyba s svchost.exe... pak okno zmizelo, nebyly ikony, nic. Musel jsem počítač shodit.
Log byl naštěstí dostupný na ploše.

DaonolFix (15.04.09) by jpshortstuff
Log created at 17:22 on 23/12/2009 by mike
Running from C:\Documents and Settings\mike\Plocha\DaonolFix.exe

=====Fix Daonol=====

=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo8"="VfWWDM32.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIVX"="DivX.dll"
"VIDC.I420"="i420vfw.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"VIDC.MJPG"="Pvmjpg30.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.tscc"="tsccvid.dll"
"VIDC.UYVY"="msyuv.dll"
"vidc.XVID"="xvidvfw.dll"
"VIDC.YUY2"="msyuv.dll"
"vidc.yv12"="yv12vfw.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wavemapper"="msacm32.drv"

-=End Of File=-

Damned · Příspěvekod **Damned** » 23 pro 2009 18:01

Ještě mě napadlo:

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \ntdll.dll /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Příspěvekod **mike007** » 23 pro 2009 18:24

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 064B-14E9.

Výpis adresáře C:\WINDOWS\system32

14.04.2008 08:51 700 928 ntdll.dll
1 souborů, 700 928 bajtů

Výpis adresáře C:\WINDOWS\$NtServicePackUninstall$

17.08.2004 13:48 702 976 ntdll.dll
1 souborů, 702 976 bajtů

Výpis adresáře C:\WINDOWS\ServicePackFiles\i386

14.04.2008 08:51 700 928 ntdll.dll
1 souborů, 700 928 bajtů

Damned · Příspěvekod **Damned** » 23 pro 2009 18:41

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
c:\program files\CursorXP\CurXP0.dll

mike007: prosím o kontrolu logu Vyřešeno

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Re: mike007: prosím o kontrolu logu

Kdo je online