kontrola logu Vyřešeno

[Librus]

Dobrý den, chtěl bych Vás požádat a poprosit o kontrolu logu mého notebooku... Řeším svůj problém zde : viewtopic.php?f=46&t=50190 a tak chci zkusit jestli by to nepomohlo. Předem mockrát děkuji.

Pokud víte předem, že tohle ničemu nepomůže, tak se do toho ani nepouštějte :)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:18:11, on 12.2.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\Programy\Ventrilo\Ventrilo.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] D:\Programy\QIP\qip.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: AMD Safely Remove Disk Drive (SafeRemove) - AMD - C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8253 bytes

[Reklama]

[jaro3]

Odinstaluj:
Symantec/Norton tímto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe

Odinstaluj:
DAEMON Tools Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

MbAM bez nálezu?

Vypni rez. ochranu u NOD32+deaktivuj Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Librus]

Snad jsem provedl vše správně jak jste mi napsal...


ComboFix 10-02-11.04 - Libor 12.02.2010 15:24:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1763 [GMT 1:00]
Spuštěný z: c:\users\Libor\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 13:27 . 2010-02-12 13:27 -------- d-----w- c:\users\Libor\AppData\Roaming\Malwarebytes
2010-02-12 13:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 13:27 . 2010-02-12 13:27 -------- d-----w- c:\programdata\Malwarebytes
2010-02-12 13:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 07:42 . 2010-02-12 07:42 388096 ----a-r- c:\users\Libor\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-11 16:35 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-11 16:35 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-11 16:34 . 2009-12-18 13:05 833024 ----a-w- c:\windows\system32\wininet.dll
2010-02-11 16:33 . 2009-12-18 10:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-11 16:33 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-11 16:27 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 16:27 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 16:26 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 16:25 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 16:25 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 16:25 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 16:25 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 16:25 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 16:25 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 16:25 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-11 16:25 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 16:25 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 16:25 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 16:24 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 16:24 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 08:05 . 2010-02-11 08:05 -------- d-----w- c:\programdata\Alwil Software
2010-02-11 08:05 . 2010-02-11 08:05 -------- d-----w- c:\program files\Alwil Software
2010-01-30 16:58 . 2010-01-30 16:58 -------- d-----w- c:\users\Libor\AppData\Local\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 14:31 . 2008-04-17 10:34 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 14:31 . 2008-04-17 10:34 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 14:21 . 2008-09-22 12:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-12 14:10 . 2009-01-11 13:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-12 14:08 . 2009-01-11 13:11 -------- d-----w- c:\program files\Symantec
2010-02-12 14:08 . 2009-01-11 13:10 -------- d-----w- c:\programdata\Symantec
2010-02-12 12:48 . 2008-09-22 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 07:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 01:00 . 2009-06-28 13:21 -------- d-----w- c:\users\Libor\AppData\Roaming\Ventrilo
2010-02-12 01:00 . 2009-01-11 10:02 -------- d-----w- c:\programdata\P4G
2010-02-12 01:00 . 2008-11-21 13:12 -------- d-----w- c:\users\Libor\AppData\Roaming\DAEMON Tools
2010-02-11 20:58 . 2008-09-22 12:49 -------- d-----w- c:\programdata\Microsoft Help
2010-02-11 18:23 . 2009-01-11 10:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-14 10:12 . 2009-10-07 09:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-25 14:03 . 2009-12-25 14:03 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 13:56 . 2009-09-06 12:32 69291 ----a-w- c:\windows\War3Unin.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="d:\programy\QIP\qip.exe" [2008-12-09 3259392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-01-11 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-3-22 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [22.9.2008 15:45 15416]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.5.2009 4:23 176128]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.8.2009 9:29 352256]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [7.7.2008 9:37 147456]
R2 SBSDWSCService;SBSD Security Center Service;d:\programy\Spybot - Search & Destroy\SDWinSec.exe [11.1.2009 11:15 809296]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\System32\drivers\lgbtport.sys [11.6.2009 18:39 12032]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\System32\drivers\lgbtbus.sys [11.6.2009 18:39 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\System32\drivers\lgvmodem.sys [11.6.2009 18:39 12928]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [22.9.2008 14:56 22072]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2008 14:12 717296]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.8.2009 9:29 409600]
S3 Asushwio;Asushwio;c:\windows\System32\drivers\Asushwio.sys [11.10.2006 4:33 10288]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [13.1.2009 17:25 451072]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [22.3.2009 15:27 273152]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [18.9.2009 13:23 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [18.9.2009 13:23 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [18.9.2009 13:23 38784]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [22.9.2008 15:22 29736]
S3 CLXLK;CLXLK;c:\users\Libor\AppData\Local\Temp\CLXLK.exe --> c:\users\Libor\AppData\Local\Temp\CLXLK.exe [?]
S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [8.10.2009 17:46 16896]
S3 SGYJFY;SGYJFY;c:\users\Libor\AppData\Local\Temp\SGYJFY.exe --> c:\users\Libor\AppData\Local\Temp\SGYJFY.exe [?]
S3 UWDDFEVLH;UWDDFEVLH;c:\users\Libor\AppData\Local\Temp\UWDDFEVLH.exe --> c:\users\Libor\AppData\Local\Temp\UWDDFEVLH.exe [?]
S3 VMEDCCBN;VMEDCCBN;c:\users\Libor\AppData\Local\Temp\VMEDCCBN.exe --> c:\users\Libor\AppData\Local\Temp\VMEDCCBN.exe [?]
S3 ZKADNTPSXRSTC;ZKADNTPSXRSTC;c:\users\Libor\AppData\Local\Temp\ZKADNTPSXRSTC.exe --> c:\users\Libor\AppData\Local\Temp\ZKADNTPSXRSTC.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-02-12 c:\windows\Tasks\User_Feed_Synchronization-{F677F447-24BE-417C-AB61-E933AB8347CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libor\AppData\Roaming\Mozilla\Firefox\Profiles\st29lzvs.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: d:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-NCsoft-Aion - c:\users\Libor\Desktop\Launcher\NCLauncher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 15:33
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Libor\AppData\Local\Temp\BEE834D.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1848606895-4215132210-1923376856-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,2f,f9,64,af,21,b4,24,0d,38,a3,5d,83,3a,77,7c,02,bb,66,25,9d,
e4,24,c8,f3,d3,1e,63,01,54,d0,7d,06,f2,03,71,74,19,a7,d1,55,e7,f6,9b,8d,57,\
"rkeysecu"=hex:6e,6c,e5,4d,0d,92,a5,b9,00,54,cf,26,3b,61,ad,c5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-12 15:35:51
ComboFix-quarantined-files.txt 2010-02-12 14:35

Před spuštěním: Volných bajtů: 104 568 578 048
Po spuštění: Volných bajtů: 104 499 785 728

- - End Of File - - 0BECC230DCC6BC5F9FC0C3B04D8C328C

[jaro3]

Bude třeba odmazat ty antiviry-Norton/Symantec, Avast.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\users\Libor\AppData\Local\Temp\BEE834D.tmp
c:\windows\bthservsdp.dat
c:\users\Libor\AppData\Local\Temp\CLXLK.exe
c:\users\Libor\AppData\Local\Temp\SGYJFY.exe
c:\users\Libor\AppData\Local\Temp\UWDDFEVLH.exe
c:\users\Libor\AppData\Local\Temp\VMEDCCBN.exe
c:\users\Libor\AppData\Local\Temp\ZKADNTPSXRSTC.exe

Folder::
c:\programdata\Alwil Software
c:\program files\Alwil Software
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec
c:\programdata\Symantec

Driver::
CLXLK;CLXLK
 CLXLK
SGYJFY;SGYJFY
SGYJFY
UWDDFEVLH;UWDDFEVLH
UWDDFEVLH
VMEDCCBN;VMEDCCBN
VMEDCCBN
ZKADNTPSXRSTC;ZKADNTPSXRSTC
ZKADNTPSXRSTC
GarenaPEngine

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]

Fierfox::
FF - ProfilePath - c:\users\Libor\AppData\Roaming\Mozilla\Firefox\Profiles\st29lzvs.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Librus]

Když provedu tento krok : Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

, tak se mě to ptá jesti ho chci spustit, pak naběhne combofix a tabulka s tlačítkem "ok" a kecama, že bude pc restartován atd...


// nevím tedy, zda je to dobře, ale kdysi když jsem to dělal na xp, tak hned začal ten scan tuším

[Librus]

ComboFix 10-02-11.04 - Libor 12.02.2010 16:36:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1714 [GMT 1:00]
Spuštěný z: c:\users\Libor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Libor\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\users\Libor\AppData\Local\Temp\BEE834D.tmp"
"c:\users\Libor\AppData\Local\Temp\CLXLK.exe"
"c:\users\Libor\AppData\Local\Temp\SGYJFY.exe"
"c:\users\Libor\AppData\Local\Temp\UWDDFEVLH.exe"
"c:\users\Libor\AppData\Local\Temp\VMEDCCBN.exe"
"c:\users\Libor\AppData\Local\Temp\ZKADNTPSXRSTC.exe"
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\1029\aswClnTg.htm
c:\program files\Alwil Software\Avast5\1029\aswClnTg.txt
c:\program files\Alwil Software\Avast5\1029\aswInfTg.htm
c:\program files\Alwil Software\Avast5\1029\aswInfTg.txt
c:\program files\Alwil Software\Avast5\1029\Avast5_1029.chm
c:\program files\Alwil Software\Avast5\defs\10021000\acshort.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_el.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_js.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_js.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_mx4.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_mx4.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_mx95.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_mx95.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_o7.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_o7.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_ob.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_pe2.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_swf.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_swf.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_tx.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_u.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_w6.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_w6.map
c:\program files\Alwil Software\Avast5\defs\10021000\db_wh.dat
c:\program files\Alwil Software\Avast5\defs\10021000\db_xtn.map
c:\program files\Alwil Software\Avast5\defs\10021000\dllcc.dat
c:\program files\Alwil Software\Avast5\defs\10021000\l_idx.map
c:\program files\Alwil Software\Avast5\defs\10021000\l_nmp.map
c:\program files\Alwil Software\Avast5\defs\10021000\list_d.txt
c:\program files\Alwil Software\Avast5\defs\10021000\list_i.txt
c:\program files\Alwil Software\Avast5\defs\10021000\lshe3.map
c:\program files\Alwil Software\Avast5\defs\10021000\s_idx.map
c:\program files\Alwil Software\Avast5\defs\10021000\s_nmp.map
c:\program files\Alwil Software\Avast5\defs\10021000\Sf.bin
c:\program files\Alwil Software\Avast5\defs\10021000\sl_idx.map
c:\program files\Alwil Software\Avast5\defs\10021000\sl_nmp.map
c:\program files\Alwil Software\Avast5\defs\10021000\whitelist.db
c:\program files\Alwil Software\Avast5\flash\amcharts_key.txt
c:\program files\Alwil Software\Avast5\flash\amline.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
c:\program files\Alwil Software\Avast5\flash\ammap\empty_map.xml
c:\program files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
c:\program files\Alwil Software\Avast5\flash\ammap\maps\world.swf
c:\program files\Alwil Software\Avast5\Setup\servers.def
c:\program files\Alwil Software\Avast5\Setup\servers.def.lkg
c:\program files\Alwil Software\Avast5\Setup\setiface.ovr
c:\program files\Alwil Software\Avast5\Setup\setup.log
c:\program files\Alwil Software\Avast5\Setup\setup.ovr
c:\program files\Alwil Software\Avast5\Setup\summary.txt
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe.manifest
c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
c:\program files\Symantec
c:\programdata\Alwil Software
c:\programdata\Alwil Software\Avast5\aswResp.dat
c:\programdata\Alwil Software\Avast5\db1c94ae4c2fd41d1-e016ddc5.dat
c:\programdata\Alwil Software\Avast5\db1c9d4c81af0fb9d-1c727a3c.dat
c:\programdata\Alwil Software\Avast5\HtmlData\Blocked.htm
c:\programdata\Alwil Software\Avast5\HtmlData\image001.png
c:\programdata\Alwil Software\Avast5\chest\index.xml
c:\programdata\Alwil Software\Avast5\Log.db
c:\programdata\Alwil Software\Avast5\log\AshWebSv.ws
c:\programdata\Alwil Software\Avast5\log\AshWebSv.ws.ori
c:\programdata\Alwil Software\Avast5\log\aswAr.log
c:\programdata\Alwil Software\Avast5\log\aswAr1.log
c:\programdata\Alwil Software\Avast5\log\Chest.log
c:\programdata\Alwil Software\Avast5\log\Logging.log
c:\programdata\Alwil Software\Avast5\log\Mail.log
c:\programdata\Alwil Software\Avast5\log\nshield.log
c:\programdata\Alwil Software\Avast5\log\selfdef.log
c:\programdata\Alwil Software\Avast5\log\Setup.log
c:\programdata\Alwil Software\Avast5\log\unp84562478.tmp.mdmp
c:\programdata\Alwil Software\Avast5\log\usntr.log
c:\programdata\Alwil Software\Avast5\report\BehaviorShield.txt
c:\programdata\Alwil Software\Avast5\report\EmailShield.txt
c:\programdata\Alwil Software\Avast5\report\FileSystemShield.txt
c:\programdata\Alwil Software\Avast5\report\IMShield.txt
c:\programdata\Alwil Software\Avast5\report\NetworkShield.txt
c:\programdata\Alwil Software\Avast5\report\P2PShield.txt
c:\programdata\Alwil Software\Avast5\report\WebShield.txt
c:\programdata\Alwil Software\Avast5\sounds\scan_completed.wav
c:\programdata\Alwil Software\Avast5\sounds\threat_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\virus_db_updated.wav
c:\programdata\Symantec
c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CLXLK
-------\Service_SGYJFY
-------\Service_UWDDFEVLH
-------\Service_VMEDCCBN
-------\Service_ZKADNTPSXRSTC


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 15:42 . 2010-02-12 15:45 -------- d-----w- c:\users\Libor\AppData\Local\temp
2010-02-12 15:42 . 2010-02-12 15:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-12 15:42 . 2010-02-12 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-12 13:27 . 2010-02-12 13:27 -------- d-----w- c:\users\Libor\AppData\Roaming\Malwarebytes
2010-02-12 13:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 13:27 . 2010-02-12 13:27 -------- d-----w- c:\programdata\Malwarebytes
2010-02-12 13:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-11 16:35 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-11 16:35 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-11 16:34 . 2009-12-18 13:05 833024 ----a-w- c:\windows\system32\wininet.dll
2010-02-11 16:33 . 2009-12-18 10:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-11 16:33 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-11 16:27 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 16:27 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 16:26 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 16:25 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 16:25 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 16:25 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 16:25 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 16:25 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 16:25 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 16:25 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-11 16:25 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 16:25 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 16:25 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 16:24 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 16:24 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-30 16:58 . 2010-01-30 16:58 -------- d-----w- c:\users\Libor\AppData\Local\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 14:31 . 2008-04-17 10:34 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 14:31 . 2008-04-17 10:34 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 12:48 . 2008-09-22 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 07:42 . 2010-02-12 07:42 388096 ----a-r- c:\users\Libor\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-12 07:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 01:00 . 2009-06-28 13:21 -------- d-----w- c:\users\Libor\AppData\Roaming\Ventrilo
2010-02-12 01:00 . 2009-01-11 10:02 -------- d-----w- c:\programdata\P4G
2010-02-12 01:00 . 2008-11-21 13:12 -------- d-----w- c:\users\Libor\AppData\Roaming\DAEMON Tools
2010-02-11 20:58 . 2008-09-22 12:49 -------- d-----w- c:\programdata\Microsoft Help
2010-02-11 18:23 . 2009-01-11 10:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-14 10:12 . 2009-10-07 09:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-25 14:03 . 2009-12-25 14:03 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 13:56 . 2009-09-06 12:32 69291 ----a-w- c:\windows\War3Unin.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="d:\programy\QIP\qip.exe" [2008-12-09 3259392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-01-11 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-3-22 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [22.9.2008 15:45 15416]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.5.2009 4:23 176128]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [22.8.2009 9:29 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [22.8.2009 9:29 409600]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [7.7.2008 9:37 147456]
R2 SBSDWSCService;SBSD Security Center Service;d:\programy\Spybot - Search & Destroy\SDWinSec.exe [11.1.2009 11:15 809296]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\System32\drivers\lgbtport.sys [11.6.2009 18:39 12032]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\System32\drivers\lgbtbus.sys [11.6.2009 18:39 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\System32\drivers\lgvmodem.sys [11.6.2009 18:39 12928]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [22.9.2008 14:56 22072]
S3 Asushwio;Asushwio;c:\windows\System32\drivers\Asushwio.sys [11.10.2006 4:33 10288]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [13.1.2009 17:25 451072]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [22.3.2009 15:27 273152]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [18.9.2009 13:23 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [18.9.2009 13:23 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [18.9.2009 13:23 38784]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [22.9.2008 15:22 29736]
S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [8.10.2009 17:46 16896]
S3 HUO;HUO;c:\users\Libor\AppData\Local\Temp\HUO.exe --> c:\users\Libor\AppData\Local\Temp\HUO.exe [?]
S3 TI;TI;c:\users\Libor\AppData\Local\Temp\TI.exe --> c:\users\Libor\AppData\Local\Temp\TI.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-02-12 c:\windows\Tasks\User_Feed_Synchronization-{F677F447-24BE-417C-AB61-E933AB8347CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libor\AppData\Roaming\Mozilla\Firefox\Profiles\st29lzvs.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: d:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 16:45
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1848606895-4215132210-1923376856-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,2f,f9,64,af,21,b4,24,0d,38,a3,5d,83,3a,77,7c,02,bb,66,25,9d,
e4,24,c8,f3,d3,1e,63,01,54,d0,7d,06,f2,03,71,74,19,a7,d1,55,e7,f6,9b,8d,57,\
"rkeysecu"=hex:6e,6c,e5,4d,0d,92,a5,b9,00,54,cf,26,3b,61,ad,c5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-12 16:51:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-12 15:51
ComboFix2.txt 2010-02-12 14:35

Před spuštěním: Volných bajtů: 104 501 444 608
Po spuštění: Volných bajtů: 104 079 581 184

- - End Of File - - 04AD650A097BEE4C57F1D843C04B8207

[Librus]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:53:27, on 12.2.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Programy\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] D:\Programy\QIP\qip.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HUO - Unknown owner - C:\Users\Libor\AppData\Local\Temp\HUO.exe (file missing)
O23 - Service: AMD Safely Remove Disk Drive (SafeRemove) - AMD - C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TI - Unknown owner - C:\Users\Libor\AppData\Local\Temp\TI.exe (file missing)

--
End of file - 5114 bytes

[jaro3]

Ještě jeden script (Combofix):

Kód: Vybrat vše

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Log dávat nemusíš.

ComboFix se odinstaluje takto:

Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Máš 2 antispywary- u Spybotu si vypni rez. ochranu trvale.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O23 - Service: HUO - Unknown owner - C:\Users\Libor\AppData\Local\Temp\HUO.exe (file missing)
O23 - Service: TI - Unknown owner - C:\Users\Libor\AppData\Local\Temp\TI.exe (file missing)


Napiš , jak se chová PC.

[Librus]

Počítač běží rychleji, mám o 10 procesů méně, mockrát Vám děkuji. Ovšem můj problém, kvůli kterého jsem tady psal se nevyřešil, možná jsme si asi zřejmě nerozumněli nebo se já špatně vyjádřil. -> viewtopic.php?f=46&t=50190

[jaro3]

Budweš muset pokračovat v druhém tématu , tady je sekce HJT+viry.

Poslední věc:
Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Librus]

Hlášení kontroly
Pátek, Únor 12, 2010 20:23:24 - 20:26:20

Název počítače: LIBOR-PC
Typ kontroly: Rychlá kontrola
Cíl: Systém
Nalezený malware: 3
TrackingCookie.2o7 (spyware)

* Systém (Vyléčeno)

TrackingCookie.Atdmt (spyware)

* Systém (Vyléčeno)

TrackingCookie.Doubleclick (spyware)

* Systém (Vyléčeno)

Statistika
Kontrolováno:

* Soubory: 3782
* Systém: 3782
* Nekontrolováno: 0

Akce:

* Vyléčeno: 3
* Přejmenováno: 0
* Odstraněno: 0
* Nevyčištěno: 0
* Odesláno: 0

[jaro3]

3 vyléčené soubory. PC je čisté, pokračuj v druhém tématu , tady můžeš dát vyřešeno ( viry), zelenou fajfku.