Kontrola logu

[Zio Pelo]

Děkuji za kontrolu logu.

Logfile of HijackThis v1.99.1
Scan saved at 15:05:33, on 1.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\DOCUME~1\MICHAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\xxx\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {05d44720-58e3-49e6-bdf6-d00330e511d3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {3bb54395-5982-4788-8af4-b5388ffdd0d8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736c456-ea94-4aac-bb08-917abdd035b3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1941802000
O16 - DPF: {9bdf4724-10aa-43d5-bd15-aea0d2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab
O16 - DPF: {b8be5e93-a60c-4d26-a2dc-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {da2aa6cf-5c7a-4b71-bc3b-c771bb369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: psrqlkf - C:\WINDOWS\SYSTEM32\psrqlkf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\ALEX\602FSVC8.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\ibserver.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\ibserver.exe (file missing)
O23 - Service: LexBce Server (lexbces) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: StyleXPService (stylexpservice) - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Příště novější verzi HJT (2.02.nebo 2.0.3Beta):
http://www.trendsecure.com/portal/en-US ... s/download

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Zio Pelo]

zasilam log

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3469
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.1.2010 19:35:54
mbam-log-2010-01-01 (19-35-44).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 134553
Uplynulý čas: 13 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.


Vypni rez. ochrany+firewall u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Zio Pelo]

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3469
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.1.2010 19:45:04
mbam-log-2010-01-01 (19-45-04).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 134553
Uplynulý čas: 13 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[Zio Pelo]

ComboFix 09-12-31.A1 - xxx 01.01.2010 20:04:47.3.2 - x86
Spuštěný z: c:\documents and settings\Michal Štěpaník\Plocha\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michal ćtŘpanˇk\Dokumenty\cc_20090620_123329.reg
c:\documents and settings\Michal ćtŘpanˇk\Dokumenty\MMX5RegistryBackup_8-16-2009_10.11.03.reg
c:\windows\AegisP.inf

c:\windows\system32\drivers\asyncmac.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\asyncmac.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 19:14 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-01-01 19:14 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-01-01 18:19 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 18:19 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 18:19 . 2010-01-01 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 13:33 . 2010-01-01 13:33 -------- d-----w- c:\program files\Launch Manager
2010-01-01 13:23 . 2006-08-16 10:21 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-01-01 13:22 . 2006-08-16 10:21 2879488 ----a-w- c:\windows\SkyTel.exe
2010-01-01 13:22 . 2006-08-16 10:20 69632 ----a-w- c:\windows\Alcmtr.exe
2009-12-31 09:05 . 2009-12-31 09:05 -------- d-----w- c:\program files\JPEG Resampler
2009-12-29 11:38 . 2009-12-29 11:38 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-12-29 11:37 . 2009-12-29 11:37 -------- d-----w- c:\program files\Microsoft IntelliType Pro 5.0
2009-12-29 11:19 . 2009-12-29 11:19 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-28 11:02 . 2006-05-15 14:39 147456 ----a-w- c:\windows\UNINST32.EXE
2009-12-28 11:02 . 2004-12-09 11:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2009-12-28 11:02 . 2004-12-08 13:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2009-12-28 10:13 . 2009-12-28 10:13 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-12-27 21:11 . 2009-12-27 21:11 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-12-27 21:09 . 2009-12-27 21:09 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-27 19:53 . 2009-12-27 19:53 -------- d-----w- c:\program files\MSXML 4.0
2009-12-27 19:41 . 2009-12-28 14:56 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-27 19:41 . 2009-12-27 19:41 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-27 19:39 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-27 19:39 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-12-27 19:39 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-27 19:36 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-27 19:31 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-13 11:09 . 2009-12-13 11:09 -------- d-----w- c:\program files\Aspyr Media, Inc
2009-12-07 11:48 . 2009-12-07 11:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-07 10:53 . 2009-12-07 10:53 -------- d-----w- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 13:54 . 2007-07-10 10:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 13:22 . 2007-07-10 10:46 -------- d-----w- c:\program files\Realtek
2009-12-29 11:14 . 2007-09-26 22:07 -------- d-----w- c:\program files\HIP+
2009-12-29 10:45 . 2009-11-19 18:25 -------- d-----w- c:\program files\QuickTime
2009-12-29 10:40 . 2009-06-30 11:09 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 14:46 . 2003-04-16 12:00 510224 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 14:46 . 2003-04-16 12:00 111136 ----a-w- c:\windows\system32\perfc005.dat
2009-12-28 14:06 . 2009-11-09 14:51 -------- d-----w- c:\program files\AEGON Expert 2.0
2009-12-28 11:18 . 2009-11-12 09:33 -------- d-----w- c:\program files\Radical Games
2009-12-27 22:21 . 2009-01-23 09:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-27 21:12 . 2009-01-06 17:06 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-25 20:25 . 2008-07-05 11:34 -------- d-----w- c:\program files\TGTSoft
2009-12-25 20:12 . 2008-07-15 17:15 -------- d-----w- c:\program files\Native Instruments
2009-12-25 20:11 . 2009-08-20 11:05 -------- d-----w- c:\program files\MZ U.T
2009-12-25 20:08 . 2007-09-05 09:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 20:02 . 2009-11-12 14:13 -------- d-----w- c:\program files\GoFTP
2009-12-25 19:54 . 2009-06-02 08:21 -------- d-----w- c:\program files\Any Audio Converter
2009-12-12 20:27 . 2007-12-30 22:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-12 20:17 . 2007-07-15 09:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-05 17:47 . 2009-07-31 13:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 14:00 . 2009-08-01 19:39 -------- d-----w- c:\program files\Boris FX, Inc
2009-11-19 18:16 . 2009-06-01 19:53 -------- d-----w- c:\program files\Safari
2009-11-18 14:36 . 2007-07-20 18:41 -------- d-----w- c:\program files\Windows Live
2009-11-18 14:33 . 2009-11-18 14:33 -------- d-----w- c:\program files\Microsoft
2009-10-29 07:43 . 2003-04-16 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 18:48 . 2009-10-22 18:48 65719 ----a-w- c:\windows\BricoPackUninst.cmd
2009-10-22 18:48 . 2009-10-22 18:45 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-10-22 09:58 . 2009-06-01 19:10 89744 ------w- c:\windows\system32\mlfcache.dat
2009-10-21 05:40 . 2007-07-11 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2007-07-11 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2007-07-11 13:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2003-04-16 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2003-04-16 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2003-04-16 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 18:24 . 2009-10-08 18:24 552 ------w- c:\windows\system32\d3d8caps.dat
2009-10-08 13:57 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-16 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-16 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 16:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-04 07:21 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 16:16 11952 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psrqlkf]
2007-06-13 13:23 93184 ------w- c:\windows\system32\psrqlkf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Michal Štěpaník\Data aplikací\iolo\\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TopDesk"=c:\program files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Cibis\\CibisWebStandalone\\programs\\j2sdk1.4.2_04\\bin\\java.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCGui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11593:TCP"= 11593:TCP:@xpsp2res.dll,-22005
"48252:TCP"= 48252:TCP:@xpsp2res.dll,-22005
"20275:TCP"= 20275:TCP:@xpsp2res.dll,-22005
"33694:TCP"= 33694:TCP:@xpsp2res.dll,-22005
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.6.2009 20:28 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.6.2009 20:28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10.10.2006 12:53 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20.6.2009 20:28 297752]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe [15.4.2009 15:17 655360]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [13.3.2009 8:45 847392]
S0 lrmvkyum;lrmvkyum;c:\windows\system32\drivers\undjlecl.dat --> c:\windows\system32\drivers\undjlecl.dat [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2007 10:00 691696]
S2 nod32fixtemdono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [16.4.2003 13:00 3584]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\ALEX\602FSVC8.EXE --> c:\program files\ALEX\602FSVC8.EXE [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [15.4.2009 15:30 1048576]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [15.4.2009 15:27 1236992]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [29.12.2009 12:19 23600]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 16:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.live.com/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Michal Štěpaník\Data aplikací\Mozilla\Firefox\Profiles\9vddc9jb.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 20:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrmvkyum]
"ImagePath"="system32\drivers\undjlecl.dat"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2827b165-3c8d-9285-add7-963e7ffdddb8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864B9FAA-4179-2B8A-1FB2-3284DBF95521}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pakamfljkkkdmohadmgmhelegoiaoikd"=hex:6a,61,6a,6a,67,6e,6a,68,66,6d,6c,67,68,
63,61,6e,6e,61,64,69,00,00
"oaebimioeendaokmmablgmfcicckkf"=hex:6a,61,68,6a,61,6a,6c,70,69,6a,6b,6c,68,6c,
6b,6b,63,70,64,6f,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="8ECAFCBB2EF5FA60E4CBCDA892CADB6CCA27FD880902DE06C3F1FBF9E77945DFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA9C6AECB7A5D1407A4BCDF545510C36559F66662F2C5BF45BC5407EC55563E399B6A114FF81186C3EAE06BB8BAAD79AB21711B03BBB25F871BB2E16C4923541211AFE412E18B2F5521DE6ABFBFCD8DA46155A09876CDDFE00AD67CFBA75F9093A8B0A1CFB99034D8EAEC5C0AAA374A936EC2AE956E5C937AAF6FE8045BECF0EC79C951062BBE5B9F6FB267460965DC8FA15125812D572F50B6A15C7E11E0539F9EC8A5C525E8CA51DBCDD33A2A095806D78B83F586EACEB34C8234FABA84FB013573F0B1DB9591E7DD4F8EBF23042F35F0ECF1218F77F0CA219DED1D8FD411BB61022C0445009E342B3CA8444BEEBDB1D069B9C42012768CEA712D1B8A051F4CC81E73071C154756798DD6C73F153F6362E747B75682A74565F23842E778150517EA069CE0F7C3C7852F71615FF55605113FAEE493452E18CB077AEF2BCA460C797AC738D6FE2FCF108476B84F448728CCC0A4497A0C9677E10A821899C8E95B24D53FE283B50B115AE0060CF7693D2F8B2C8378783A562D6BC903C23E731DC04DF79B3834593BFBAD0E65AB047F44D145B9C8973768C2D6B28A5489E680DC5C2FD1AAE7F5DD895755C77E7EE3D54E9CF69196E1A9E315E30683EE9DA5590E25094661379DE7A0BFA0C0DBFB4E70EF6FA052B22504ABEC1AB6DE74C04F9CF6661C2F56FDC1531222631EAFB3B887A3FC480D074340F6CC111A3B254B819AC4BA3157C5293DAFD0C07576CFC45F06464DF44A22329A2B1A370A2CE82816D88496117F8FB8AE3C37B4B259B4E3C38B193EB38135FD15679FCBE3394C5633122C3F8BD939BF7BF200E77AC7F85DA9EBC1FB962295C3F37A0C640ADB7CE93BB2914D739068E7C7FBCC182FB4E00C98ADCA0D300E3F354169F168E006CB88DB5CEE2F1EBF6A6D81B7A1D8BA8A4FE25D8C1F499A1B4D1A4A6DC7175317B2EE01E466A666752E20D537E6900826CC6587F8915AF113844C1F72E67F4FE8CBEBDCD57A4A2CB649E438C168FA865987ADEB16D841D6B4C73916998F86C4C55563E76C9102D1FCF032E0D157A5A8E7D068A1BA8B52EE312463C6B5E1E52A6CB24BD81BF70E3EB18317CA94C773E80B1CD886F329B461AE456110D066A9FA106A30AF86DCFDD9B680B1B36F321D406F03D1B90091E45B487EDD912785B23157A7B02F0853B8965F0B371F76F22B2F38423E9E520C310E0A449632A98F35525D39005D2D54786474EAEFD6F4C97CBAF7BB1B5E93413E2D78B15E1A7C36BA61B1916603B8B84ABAB00D37E1695D45E7B972F8E49D3E04F107041A36778F20"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2010-01-01 20:16:38
ComboFix-quarantined-files.txt 2010-01-01 19:16
ComboFix2.txt 2009-01-20 21:38

Před spuštěním: Volných bajtů: 19 145 809 920
Po spuštění: Volných bajtů: 19 314 753 536

- - End Of File - - D4C97414822ED9B90C6209FD3DE44FFB

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Alcmtr.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\d3d8caps.dat
c:\windows\system32\psrqlkf.dll
c:\program files\Ask.com\GenericAskToolbar.dll
c:\windows\system32\drivers\undjlecl.dat
c:\windows\system32\regedt32.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\program files\Ask.com\UpdateTask.exe

Folder::
c:\program files\Ask.com

Driver::
Psrqlkf
undjlecl
lrmvkyum
undjlecl
nod32fixtemdono

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psrqlkf]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrmvkyum]

RegNull::
[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2827b165-3c8d-9285-add7-963e7ffdddb8}*]
[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864B9FAA-4179-2B8A-1FB2-3284DBF95521}*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Zio Pelo]

ComboFix 09-12-31.A1 - xxx 01.01.2010 21:30:45.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1534.978 [GMT 1:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows\Alcmtr.exe"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\drivers\undjlecl.dat"
"c:\windows\system32\mlfcache.dat"
"c:\windows\system32\psrqlkf.dll"
"c:\windows\system32\regedt32.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michal ćtŘpanˇk\Dokumenty\cc_20090620_123329.reg
c:\documents and settings\Michal ćtŘpanˇk\Dokumenty\MMX5RegistryBackup_8-16-2009_10.11.03.reg
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Alcmtr.exe
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\psrqlkf.dll
c:\windows\system32\regedt32.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_lrmvkyum
-------\Service_nod32fixtemdono


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 19:40 . 2010-01-01 20:24 -------- d-----w- c:\program files\Wine Tycoon
2010-01-01 19:14 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-01-01 19:14 . 2008-04-13 18:57 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-01-01 18:19 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 18:19 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 18:19 . 2010-01-01 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 13:33 . 2010-01-01 13:33 -------- d-----w- c:\program files\Launch Manager
2010-01-01 13:23 . 2006-08-16 10:21 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-01-01 13:22 . 2006-08-16 10:21 2879488 ----a-w- c:\windows\SkyTel.exe
2009-12-31 09:05 . 2009-12-31 09:05 -------- d-----w- c:\program files\JPEG Resampler
2009-12-29 11:38 . 2009-12-29 11:38 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-12-29 11:37 . 2009-12-29 11:37 -------- d-----w- c:\program files\Microsoft IntelliType Pro 5.0
2009-12-29 11:19 . 2009-12-29 11:19 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-28 11:02 . 2006-05-15 14:39 147456 ----a-w- c:\windows\UNINST32.EXE
2009-12-28 11:02 . 2004-12-09 11:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2009-12-28 11:02 . 2004-12-08 13:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2009-12-28 10:13 . 2009-12-28 10:13 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-12-27 21:11 . 2009-12-27 21:11 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-12-27 21:09 . 2009-12-27 21:09 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-27 19:53 . 2009-12-27 19:53 -------- d-----w- c:\program files\MSXML 4.0
2009-12-27 19:41 . 2009-12-28 14:56 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-27 19:41 . 2009-12-27 19:41 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-27 19:39 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-27 19:39 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-12-27 19:39 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-27 19:36 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-27 19:31 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-07 11:48 . 2009-12-07 11:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-07 10:53 . 2009-12-07 10:53 -------- d-----w- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 13:54 . 2007-07-10 10:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 13:22 . 2007-07-10 10:46 -------- d-----w- c:\program files\Realtek
2009-12-29 11:14 . 2007-09-26 22:07 -------- d-----w- c:\program files\HIP+
2009-12-29 10:45 . 2009-11-19 18:25 -------- d-----w- c:\program files\QuickTime
2009-12-29 10:40 . 2009-06-30 11:09 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 14:46 . 2003-04-16 12:00 510224 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 14:46 . 2003-04-16 12:00 111136 ----a-w- c:\windows\system32\perfc005.dat
2009-12-28 14:06 . 2009-11-09 14:51 -------- d-----w- c:\program files\AEGON Expert 2.0
2009-12-28 11:18 . 2009-11-12 09:33 -------- d-----w- c:\program files\Radical Games
2009-12-27 22:21 . 2009-01-23 09:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-27 21:12 . 2009-01-06 17:06 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-25 20:25 . 2008-07-05 11:34 -------- d-----w- c:\program files\TGTSoft
2009-12-25 20:12 . 2008-07-15 17:15 -------- d-----w- c:\program files\Native Instruments
2009-12-25 20:11 . 2009-08-20 11:05 -------- d-----w- c:\program files\MZ U.T
2009-12-25 20:08 . 2007-09-05 09:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 20:02 . 2009-11-12 14:13 -------- d-----w- c:\program files\GoFTP
2009-12-25 19:54 . 2009-06-02 08:21 -------- d-----w- c:\program files\Any Audio Converter
2009-12-12 20:27 . 2007-12-30 22:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-12 20:17 . 2007-07-15 09:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 14:00 . 2009-08-01 19:39 -------- d-----w- c:\program files\Boris FX, Inc
2009-11-19 18:16 . 2009-06-01 19:53 -------- d-----w- c:\program files\Safari
2009-11-18 14:36 . 2007-07-20 18:41 -------- d-----w- c:\program files\Windows Live
2009-11-18 14:33 . 2009-11-18 14:33 -------- d-----w- c:\program files\Microsoft
2009-10-29 07:43 . 2003-04-16 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-22 18:48 . 2009-10-22 18:48 65719 ----a-w- c:\windows\BricoPackUninst.cmd
2009-10-22 18:48 . 2009-10-22 18:45 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-10-21 05:40 . 2007-07-11 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2007-07-11 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2007-07-11 13:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2003-04-16 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2003-04-16 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2003-04-16 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 13:57 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-16 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-16 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

c:\documents and settings\Michal ćtŘpanˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-2 3450608]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-04 07:21 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 16:16 11952 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Michal Štěpaník\Data aplikací\iolo\\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TopDesk"=c:\program files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Cibis\\CibisWebStandalone\\programs\\j2sdk1.4.2_04\\bin\\java.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCGui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11593:TCP"= 11593:TCP:@xpsp2res.dll,-22005
"48252:TCP"= 48252:TCP:@xpsp2res.dll,-22005
"20275:TCP"= 20275:TCP:@xpsp2res.dll,-22005
"33694:TCP"= 33694:TCP:@xpsp2res.dll,-22005
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2007 10:00 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.6.2009 20:28 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.6.2009 20:28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10.10.2006 12:53 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20.6.2009 20:28 297752]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe [15.4.2009 15:17 655360]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [13.3.2009 8:45 847392]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\ALEX\602FSVC8.EXE --> c:\program files\ALEX\602FSVC8.EXE [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [15.4.2009 15:30 1048576]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [15.4.2009 15:27 1236992]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [29.12.2009 12:19 23600]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.live.com/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Michal Štěpaník\Data aplikací\Mozilla\Firefox\Profiles\9vddc9jb.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\documents and settings\Michal Štěpaník\Plocha\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 22:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprx.sys >>UNKNOWN [0x8A3D8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e11b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7d1abb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d09a0d
SendHandler -> NDIS.sys @ 0xb7d1db40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="8ECAFCBB2EF5FA60E4CBCDA892CADB6CCA27FD880902DE06C3F1FBF9E77945DFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA9C6AECB7A5D1407A4BCDF545510C36559F66662F2C5BF45BC5407EC55563E399B6A114FF81186C3EAE06BB8BAAD79AB21711B03BBB25F871BB2E16C4923541211AFE412E18B2F5521DE6ABFBFCD8DA46155A09876CDDFE00AD67CFBA75F9093A8B0A1CFB99034D8EAEC5C0AAA374A936EC2AE956E5C937AAF6FE8045BECF0EC79C951062BBE5B9F6FB267460965DC8FA15125812D572F50B6A15C7E11E0539F9EC8A5C525E8CA51DBCDD33A2A095806D78B83F586EACEB34C8234FABA84FB013573F0B1DB9591E7DD4F8EBF23042F35F0ECF1218F77F0CA219DED1D8FD411BB61022C0445009E342B3CA8444BEEBDB1D069B9C42012768CEA712D1B8A051F4CC81E73071C154756798DD6C73F153F6362E747B75682A74565F23842E778150517EA069CE0F7C3C7852F71615FF55605113FAEE493452E18CB077AEF2BCA460C797AC738D6FE2FCF108476B84F448728CCC0A4497A0C9677E10A821899C8E95B24D53FE283B50B115AE0060CF7693D2F8B2C8378783A562D6BC903C23E731DC04DF79B3834593BFBAD0E65AB047F44D145B9C8973768C2D6B28A5489E680DC5C2FD1AAE7F5DD895755C77E7EE3D54E9CF69196E1A9E315E30683EE9DA5590E25094661379DE7A0BFA0C0DBFB4E70EF6FA052B22504ABEC1AB6DE74C04F9CF6661C2F56FDC1531222631EAFB3B887A3FC480D074340F6CC111A3B254B819AC4BA3157C5293DAFD0C07576CFC45F06464DF44A22329A2B1A370A2CE82816D88496117F8FB8AE3C37B4B259B4E3C38B193EB38135FD15679FCBE3394C5633122C3F8BD939BF7BF200E77AC7F85DA9EBC1FB962295C3F37A0C640ADB7CE93BB2914D739068E7C7FBCC182FB4E00C98ADCA0D300E3F354169F168E006CB88DB5CEE2F1EBF6A6D81B7A1D8BA8A4FE25D8C1F499A1B4D1A4A6DC7175317B2EE01E466A666752E20D537E6900826CC6587F8915AF113844C1F72E67F4FE8CBEBDCD57A4A2CB649E438C168FA865987ADEB16D841D6B4C73916998F86C4C55563E76C9102D1FCF032E0D157A5A8E7D068A1BA8B52EE312463C6B5E1E52A6CB24BD81BF70E3EB18317CA94C773E80B1CD886F329B461AE456110D066A9FA106A30AF86DCFDD9B680B1B36F321D406F03D1B90091E45B487EDD912785B23157A7B02F0853B8965F0B371F76F22B2F38423E9E520C310E0A449632A98F35525D39005D2D54786474EAEFD6F4C97CBAF7BB1B5E93413E2D78B15E1A7C36BA61B1916603B8B84ABAB00D37E1695D45E7B972F8E49D3E04F107041A36778F20"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1372)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\docume~1\MICHAL~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-01-01 22:40:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-01 21:40
ComboFix2.txt 2010-01-01 19:16
ComboFix3.txt 2009-01-20 21:38

Před spuštěním: Volných bajtů: 18 794 307 584
Po spuštění: Volných bajtů: 18 737 373 184

- - End Of File - - 0E94AB2D2AD546924ADDE1D262B2E2D3

[Zio Pelo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:39, on 1.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\DOCUME~1\MICHAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxx\Dokumenty\Stažené soubory\hijackthis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {05d44720-58e3-49e6-bdf6-d00330e511d3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {3bb54395-5982-4788-8af4-b5388ffdd0d8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {5736c456-ea94-4aac-bb08-917abdd035b3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1941802000
O16 - DPF: {9bdf4724-10aa-43d5-bd15-aea0d2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab
O16 - DPF: {b8be5e93-a60c-4d26-a2dc-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {da2aa6cf-5c7a-4b71-bc3b-c771bb369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\ALEX\602FSVC8.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\ibserver.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\ibserver.exe (file missing)
O23 - Service: LexBce Server (lexbces) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe
O23 - Service: StyleXPService (stylexpservice) - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 11754 bytes

[jaro3]

Aktualizuj javu:
Java SE Runtime Environment 6u17
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u17-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
Po najetí zpět do Win. spusť znovu soubor mbr.exe a log co vytvoří sem vlož.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O9 - Extra button: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13c1dbf6-7535-495c-91f6-8c13714ed485} - C:\Documents and Settings\xxx\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {5736c456-ea94-4aac-bb08-917abdd035b3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {9bdf4724-10aa-43d5-bd15-aea0d2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab
O16 - DPF: {b8be5e93-a60c-4d26-a2dc-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {da2aa6cf-5c7a-4b71-bc3b-c771bb369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\ALEX\602FSVC8.EXE (file missing)


[Zio Pelo]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Zio Pelo]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

druhy log