Prosím o kontrolu logu (zamrzavani pc,problem s aplikacemi) Vyřešeno

[Luise]

Zdravím prosil bych o kontrolu logu zhruba včera mi z ničeho nic začal zamrzávat pc tohle se stava skoro co hodinu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:36, on 17.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 3992 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Luise]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3876
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.3.2010 16:58:14
mbam-log-2010-03-17 (16-58-14).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115444
Uplynulý čas: 5 minute(s), 9 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[jaro3]

Nevidím antivir...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Luise]

dneska sem ho daval pryc a snazil se zjistit co to dělá

[jaro3]

tak ho zatímk neinstaluj , udělej Combofix , ale vypadá to spíše na problém s HW.

[Luise]

ComboFix 10-03-16.05 - Administrator 17.03.2010 19:19:06.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1680 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-13 08:23 . 2010-03-13 08:23 -------- d-----w- c:\program files\VideoLAN
2010-03-12 16:26 . 2010-03-12 16:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 15:24 . 2010-03-06 15:45 -------- d-----w- c:\program files\Silent Hill Homecoming
2010-03-04 00:06 . 2010-03-04 00:06 -------- d-----w- c:\windows\system32\KB905474
2010-03-04 00:06 . 2009-03-10 21:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-03-04 00:06 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\program files\CAPCOM
2010-02-28 14:18 . 2010-02-28 14:18 -------- d-----w- c:\program files\MSBuild
2010-02-28 14:15 . 2010-02-28 14:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-28 14:14 . 2010-02-28 14:14 -------- d-----w- c:\program files\Reference Assemblies
2010-02-28 14:14 . 2006-10-14 15:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-28 14:14 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-02-28 14:13 . 2010-02-28 14:13 -------- d-----w- c:\windows\system32\xlive
2010-02-28 14:13 . 2010-03-17 12:53 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-27 18:43 . 2010-02-27 18:43 -------- d-----w- c:\program files\Trend Micro
2010-02-25 16:16 . 2010-02-25 16:16 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 16:15 . 2010-02-25 16:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-25 16:13 . 2010-02-25 16:15 -------- d-----w- c:\windows\SHELLNEW
2010-02-25 16:13 . 2010-02-25 16:13 -------- d-----r- C:\MSOCache
2010-02-24 17:03 . 2010-03-17 12:52 -------- d-----w- c:\program files\DivX
2010-02-24 17:03 . 2010-02-24 17:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 12:45 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-24 12:34 . 2010-02-24 12:34 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 12:33 . 2010-02-24 12:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-23 22:40 . 2010-02-23 22:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-23 22:37 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-23 22:37 . 2010-02-23 22:37 -------- d-----w- c:\windows\Logs
2010-02-23 22:36 . 2010-02-23 22:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 22:36 . 2010-02-23 22:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 22:36 . 2010-02-24 12:33 -------- d-----w- c:\windows\system32\LogFiles
2010-02-23 22:36 . 2010-02-23 22:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-23 22:36 . 2010-02-23 22:36 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-23 22:33 . 2010-02-23 22:33 -------- d-----w- c:\program files\Ubisoft
2010-02-23 22:29 . 2010-02-23 22:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 18:08 . 2005-06-23 10:11 23552 ----a-r- c:\windows\system32\PostProc.dll
2010-02-21 18:08 . 2001-09-20 13:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2010-02-21 18:08 . 2005-10-11 16:07 393088 ----a-r- c:\windows\system32\drivers\senfilt.sys
2010-02-21 18:08 . 2005-03-05 20:53 127872 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2010-02-21 18:08 . 2005-10-06 17:21 141312 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2010-02-21 18:08 . 2005-05-04 08:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2010-02-21 18:08 . 2001-09-11 14:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2010-02-21 18:08 . 2010-02-21 18:08 -------- d-----w- c:\program files\Analog Devices
2010-02-21 18:08 . 2005-09-26 15:20 49152 ------w- c:\windows\system32\DSndUp.exe
2010-02-21 18:08 . 2002-04-17 14:05 45056 ------w- c:\windows\system32\CleanUp.exe
2010-02-21 13:54 . 2010-02-21 13:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-21 13:29 . 2010-02-21 13:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-21 13:28 . 2010-02-21 13:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-21 13:19 . 2010-02-21 13:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-21 13:16 . 2010-03-04 00:06 -------- d-----w- c:\windows\ie8updates
2010-02-21 13:15 . 2010-02-21 13:16 -------- dc-h--w- c:\windows\ie8
2010-02-21 13:13 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-21 13:13 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-21 13:13 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-21 13:13 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-21 13:13 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-21 13:13 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-21 13:13 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-21 02:21 . 2010-02-21 02:21 -------- d-----w- c:\program files\Alwil Software
2010-02-21 01:08 . 2010-02-21 01:10 -------- d-----w- C:\Fraps
2010-02-21 00:41 . 2008-04-14 07:51 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-02-21 00:40 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-02-21 00:31 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-21 00:31 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-21 00:31 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-21 00:30 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-21 00:30 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-21 00:30 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-21 00:30 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-21 00:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-21 00:28 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-21 00:28 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-21 00:28 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-21 00:28 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-21 00:28 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-02-21 00:28 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-21 00:28 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-21 00:28 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-21 00:28 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-21 00:28 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-21 00:28 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-21 00:27 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-21 00:27 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-21 00:27 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-21 00:26 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-21 00:26 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-21 00:26 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-21 00:24 . 2010-03-04 00:07 -------- d--h--w- c:\windows\$hf_mig$
2010-02-20 15:56 . 2010-02-20 15:56 -------- d-----w- c:\program files\Zaparit
2010-02-19 22:00 . 2010-02-19 22:00 -------- d-----w- c:\program files\Games
2010-02-19 20:15 . 2010-02-19 20:15 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-19 20:15 . 2010-02-19 20:15 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-19 20:14 . 2010-02-19 20:14 -------- d-----w- c:\windows\system32\Futuremark
2010-02-19 20:14 . 2004-10-25 19:02 21664 ----a-w- c:\windows\system32\drivers\Entech.sys
2010-02-19 20:14 . 2004-06-22 14:44 5632 ----a-w- c:\windows\system32\drivers\Entech64.sys
2010-02-19 20:14 . 2001-11-19 18:05 3972 ----a-w- c:\windows\system32\drivers\PciBus.sys
2010-02-19 20:13 . 2010-02-19 20:13 -------- d-----w- c:\program files\Futuremark
2010-02-19 17:51 . 2010-02-19 17:51 -------- d-----w- c:\program files\Lavalys
2010-02-19 16:51 . 2004-08-14 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-02-19 16:42 . 2010-02-03 04:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-19 16:42 . 2010-02-03 03:40 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-19 16:42 . 2010-02-03 03:34 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-19 16:42 . 2010-02-03 03:34 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-19 16:42 . 2009-12-04 21:17 198341 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-19 16:42 . 2010-02-19 16:44 -------- d-----w- c:\program files\ATI
2010-02-16 19:02 . 2010-03-17 12:51 -------- d-----w- c:\program files\Webteh
2010-02-16 19:01 . 2010-02-16 19:00 737280 ----a-w- c:\windows\iun6002.exe
2010-02-16 19:01 . 2010-02-16 19:01 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-16 17:21 . 2010-02-16 17:21 -------- d-----w- c:\program files\CCleaner
2010-02-16 14:56 . 2010-02-16 15:04 -------- d-----w- c:\program files\ICQ6.5
2010-02-16 10:24 . 2010-02-16 10:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-02-16 09:12 . 2010-03-12 16:26 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-02-15 23:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 23:49 . 2010-03-17 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 23:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 21:32 . 2010-02-15 21:32 -------- d-----w- c:\program files\DIFX
2010-02-15 21:32 . 2010-02-15 21:32 -------- d-----w- c:\program files\USB TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 16:26 . 2010-02-15 09:03 -------- d-----w- c:\program files\World of Warcraft
2010-03-04 14:30 . 2001-10-25 14:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 14:30 . 2001-10-25 14:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2010-02-23 22:33 . 2002-09-06 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 00:45 . 2002-09-06 14:36 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-21 00:45 . 2002-09-06 14:36 3038 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-02-19 16:42 . 2002-09-06 15:12 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 09:33 . 2010-02-15 09:03 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-15 08:56 . 2010-02-15 08:56 -------- d-----w- c:\program files\Ventrilo
2010-02-15 08:56 . 2010-02-15 08:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-15 08:28 . 2002-09-06 14:36 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-03 04:52 . 2008-03-12 22:09 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2010-02-19 16:24 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2010-02-19 16:24 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2010-02-19 16:24 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 04:02 . 2010-02-19 16:24 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2008-03-12 20:55 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:39 . 2008-03-12 21:15 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2010-02-15 08:28 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:32 . 2010-02-19 16:24 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2010-02-19 16:24 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2010-02-19 16:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2010-02-19 16:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2010-02-19 16:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2010-02-19 16:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2010-02-19 16:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2010-02-19 16:24 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-02-19 16:24 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-02-19 16:24 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-02-19 16:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-02-19 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-02-19 16:24 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-02-19 16:24 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-02-19 16:24 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2008-03-12 20:24 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-12-31 16:50 . 2001-10-25 14:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-20 18:05 916480 ------w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0p

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.2.2010 23:29 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-03-04 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0yll70qk.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 19:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-329068152-2049760794-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,90,79,60,89,51,38,42,9e,ee,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,90,79,60,89,51,38,42,9e,ee,2d,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1904)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-17 19:23:40
ComboFix-quarantined-files.txt 2010-03-17 18:23

Před spuštěním: Volných bajtů: 103 016 960 000
Po spuštění: Volných bajtů: 103 046 742 016

- - End Of File - - BA12860A414CDA1025040C6DD434AD64

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\KB905474\wgasetup.exe
c:\windows\system32\ezsidmv.dat
c:\windows\Tasks\WGASetup.job


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Stáhni si z některého odkazu SysProt AntiRootkit:
Odkaz 1

Odkaz 2

Odkaz 3

Odkaz 4

Rozbal si ho na svojí plochu.
Spusť SysProt>> klikni na Log tab.
Zatrhni všechny čtverečky v sekci "Write to log" ( nedávej zatržítko na volbu "Hidden Objects Only").
Klikni na Create Log. Když se Tě zeptá na volbu skenu , vyber Scanning all drives >>klikni na na Start ( neklikej na "Ok" !).
Nech sken nerušeně běžet, až sken skončí , najdi log.txt ve složce SysProt . Zkopíruj sem prosím celý obsah toho logu.

[Luise]

ComboFix:

ComboFix 10-03-16.05 - Administrator 17.03.2010 22:29:01.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1554 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt

FILE ::
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\KB905474\wgasetup.exe"
"c:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat
c:\windows\system32\KB905474\wgasetup.exe
c:\windows\Tasks\WGASetup.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-13 08:23 . 2010-03-13 08:23 -------- d-----w- c:\program files\VideoLAN
2010-03-12 16:26 . 2010-03-12 16:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 15:24 . 2010-03-06 15:45 -------- d-----w- c:\program files\Silent Hill Homecoming
2010-03-04 00:06 . 2010-03-17 21:32 -------- d-----w- c:\windows\system32\KB905474
2010-03-04 00:06 . 2009-03-10 21:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\program files\CAPCOM
2010-02-28 14:18 . 2010-02-28 14:18 -------- d-----w- c:\program files\MSBuild
2010-02-28 14:15 . 2010-02-28 14:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-28 14:14 . 2010-02-28 14:14 -------- d-----w- c:\program files\Reference Assemblies
2010-02-28 14:14 . 2006-10-14 15:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-28 14:14 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-02-28 14:13 . 2010-02-28 14:13 -------- d-----w- c:\windows\system32\xlive
2010-02-28 14:13 . 2010-03-17 12:53 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-27 18:43 . 2010-02-27 18:43 -------- d-----w- c:\program files\Trend Micro
2010-02-25 16:16 . 2010-02-25 16:16 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 16:15 . 2010-02-25 16:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-25 16:13 . 2010-02-25 16:15 -------- d-----w- c:\windows\SHELLNEW
2010-02-25 16:13 . 2010-02-25 16:13 -------- d-----r- C:\MSOCache
2010-02-24 17:03 . 2010-03-17 12:52 -------- d-----w- c:\program files\DivX
2010-02-24 17:03 . 2010-02-24 17:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-24 12:45 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-24 12:34 . 2010-02-24 12:34 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 12:33 . 2010-02-24 12:33 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-23 22:40 . 2010-02-23 22:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-23 22:37 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-23 22:37 . 2010-02-23 22:37 -------- d-----w- c:\windows\Logs
2010-02-23 22:36 . 2010-02-23 22:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 22:36 . 2010-02-23 22:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-23 22:36 . 2010-02-24 12:33 -------- d-----w- c:\windows\system32\LogFiles
2010-02-23 22:36 . 2010-02-23 22:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-23 22:36 . 2010-02-23 22:36 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-23 22:33 . 2010-02-23 22:33 -------- d-----w- c:\program files\Ubisoft
2010-02-23 22:29 . 2010-02-23 22:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 18:08 . 2005-06-23 10:11 23552 ----a-r- c:\windows\system32\PostProc.dll
2010-02-21 18:08 . 2001-09-20 13:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2010-02-21 18:08 . 2005-10-11 16:07 393088 ----a-r- c:\windows\system32\drivers\senfilt.sys
2010-02-21 18:08 . 2005-03-05 20:53 127872 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2010-02-21 18:08 . 2005-10-06 17:21 141312 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2010-02-21 18:08 . 2005-05-04 08:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2010-02-21 18:08 . 2001-09-11 14:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2010-02-21 18:08 . 2010-02-21 18:08 -------- d-----w- c:\program files\Analog Devices
2010-02-21 18:08 . 2005-09-26 15:20 49152 ------w- c:\windows\system32\DSndUp.exe
2010-02-21 18:08 . 2002-04-17 14:05 45056 ------w- c:\windows\system32\CleanUp.exe
2010-02-21 13:29 . 2010-02-21 13:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-21 13:28 . 2010-02-21 13:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-21 13:19 . 2010-02-21 13:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-21 13:16 . 2010-03-04 00:06 -------- d-----w- c:\windows\ie8updates
2010-02-21 13:15 . 2010-02-21 13:16 -------- dc-h--w- c:\windows\ie8
2010-02-21 13:13 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-21 13:13 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-21 13:13 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-21 13:13 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-21 13:13 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-21 13:13 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-21 13:13 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-21 02:21 . 2010-02-21 02:21 -------- d-----w- c:\program files\Alwil Software
2010-02-21 01:08 . 2010-02-21 01:10 -------- d-----w- C:\Fraps
2010-02-21 00:41 . 2008-04-14 07:51 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-02-21 00:40 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-02-21 00:31 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-21 00:31 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-21 00:31 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-21 00:30 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-21 00:30 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-21 00:30 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-21 00:30 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-21 00:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-21 00:28 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-21 00:28 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-21 00:28 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-21 00:28 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-21 00:28 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-02-21 00:28 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-21 00:28 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-21 00:28 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-21 00:28 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-21 00:28 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-21 00:28 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-21 00:27 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-21 00:27 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-21 00:27 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-21 00:26 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-21 00:26 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-21 00:26 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-21 00:24 . 2010-03-04 00:07 -------- d--h--w- c:\windows\$hf_mig$
2010-02-20 15:56 . 2010-02-20 15:56 -------- d-----w- c:\program files\Zaparit
2010-02-19 22:00 . 2010-02-19 22:00 -------- d-----w- c:\program files\Games
2010-02-19 20:15 . 2010-02-19 20:15 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-19 20:15 . 2010-02-19 20:15 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-19 20:14 . 2010-02-19 20:14 -------- d-----w- c:\windows\system32\Futuremark
2010-02-19 20:14 . 2004-10-25 19:02 21664 ----a-w- c:\windows\system32\drivers\Entech.sys
2010-02-19 20:14 . 2004-06-22 14:44 5632 ----a-w- c:\windows\system32\drivers\Entech64.sys
2010-02-19 20:14 . 2001-11-19 18:05 3972 ----a-w- c:\windows\system32\drivers\PciBus.sys
2010-02-19 20:13 . 2010-02-19 20:13 -------- d-----w- c:\program files\Futuremark
2010-02-19 17:51 . 2010-02-19 17:51 -------- d-----w- c:\program files\Lavalys
2010-02-19 16:51 . 2004-08-14 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-02-19 16:42 . 2010-02-03 04:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-19 16:42 . 2010-02-03 03:40 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-19 16:42 . 2010-02-03 03:34 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-19 16:42 . 2010-02-03 03:34 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-19 16:42 . 2009-12-04 21:17 198341 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-19 16:42 . 2010-02-19 16:44 -------- d-----w- c:\program files\ATI
2010-02-16 19:02 . 2010-03-17 12:51 -------- d-----w- c:\program files\Webteh
2010-02-16 19:01 . 2010-02-16 19:00 737280 ----a-w- c:\windows\iun6002.exe
2010-02-16 19:01 . 2010-02-16 19:01 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-16 17:21 . 2010-02-16 17:21 -------- d-----w- c:\program files\CCleaner
2010-02-16 14:56 . 2010-02-16 15:04 -------- d-----w- c:\program files\ICQ6.5
2010-02-16 10:24 . 2010-02-16 10:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-02-16 09:12 . 2010-03-12 16:26 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-02-15 23:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 23:49 . 2010-03-17 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 23:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 16:26 . 2010-02-15 09:03 -------- d-----w- c:\program files\World of Warcraft
2010-03-04 14:30 . 2001-10-25 14:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 14:30 . 2001-10-25 14:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2010-02-23 22:33 . 2002-09-06 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 00:45 . 2002-09-06 14:36 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-21 00:45 . 2002-09-06 14:36 3038 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-02-19 16:42 . 2002-09-06 15:12 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 21:32 . 2010-02-15 21:32 -------- d-----w- c:\program files\DIFX
2010-02-15 21:32 . 2010-02-15 21:32 -------- d-----w- c:\program files\USB TV
2010-02-15 09:33 . 2010-02-15 09:03 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-15 08:56 . 2010-02-15 08:56 -------- d-----w- c:\program files\Ventrilo
2010-02-15 08:56 . 2010-02-15 08:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-15 08:28 . 2002-09-06 14:36 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-03 04:52 . 2008-03-12 22:09 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2010-02-19 16:24 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2010-02-19 16:24 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2010-02-19 16:24 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 04:02 . 2010-02-19 16:24 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2008-03-12 20:55 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:39 . 2008-03-12 21:15 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2010-02-15 08:28 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:32 . 2010-02-19 16:24 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2010-02-19 16:24 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2010-02-19 16:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2010-02-19 16:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2010-02-19 16:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2010-02-19 16:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2010-02-19 16:24 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2010-02-19 16:24 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-02-19 16:24 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-02-19 16:24 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-02-19 16:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-02-19 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-02-19 16:24 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-02-19 16:24 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-02-19 16:24 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2008-03-12 20:24 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-12-31 16:50 . 2001-10-25 14:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2002-09-20 18:05 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-17_18.22.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-17 18:32 . 2010-03-17 18:32 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-03-09 18:40 . 2010-03-09 18:40 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0p

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.2.2010 23:29 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0yll70qk.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 22:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-329068152-2049760794-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,90,79,60,89,51,38,42,9e,ee,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,90,79,60,89,51,38,42,9e,ee,2d,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-17 22:35:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-17 21:35
ComboFix2.txt 2010-03-17 18:23

Před spuštěním: Volných bajtů: 102 997 950 464
Po spuštění: Volných bajtů: 102 966 231 040

- - End Of File - - F29DCD952597A385002ECE17209EACBF

[Luise]

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:03, on 17.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 3420 bytes

[Luise]

SysProt:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 552
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 600
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 940
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1036
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1232
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1372
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1388
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1696
Hidden: No
Window Visible: No

Name: C:\Program Files\Analog Devices\Core\smax4pnp.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PID: 2024
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\svchost.exe
PID: 360
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrB.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2384
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2672
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 352
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Administrator\Plocha\SysProt\SysProt.exe
PID: 1868
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Administrator\Plocha\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AA42B000
Module End: AA436000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F49000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9F23000
Module End: B9F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9F0B000
Module End: B9F23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0D8000
Module End: BA0E1000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9EEB000
Module End: B9F0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9ED9000
Module End: B9EEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9EC2000
Module End: B9ED9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9E35000
Module End: B9EC2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9E08000
Module End: B9E35000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9DEE000
Module End: B9E08000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\processr.sys
Service Name: Processor
Module Base: BA288000
Module End: BA292000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BA3E0000
Module End: BA3E7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B9D92000
Module End: B9DA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Service Name: MTsensor
Module Base: BA5C8000
Module End: BA5CA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BA298000
Module End: BA2A5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA3E8000
Module End: BA3EE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys
Service Name: Serial
Module Base: BA2A8000
Module End: BA2B8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA574000
Module End: BA578000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: BA3F0000
Module End: BA3F5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B9D6E000
Module End: B9D92000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA3F8000
Module End: BA400000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9D46000
Module End: B9D6E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: BA2B8000
Module End: BA2C2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: B9C2A000
Module End: B9D46000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA2C8000
Module End: BA2D3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA2D8000
Module End: BA2E8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BA2E8000
Module End: BA2F7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ks.sys
Service Name: ---
Module Base: B9C07000
Module End: B9C2A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: B970E000
Module End: B9BC4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B96FA000
Module End: B970E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA6AA000
Module End: BA6AB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA2F8000
Module End: BA305000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA57C000
Module End: BA57F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B96E3000
Module End: B96FA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA308000
Module End: BA313000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA318000
Module End: BA324000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA400000
Module End: BA405000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B96D2000
Module End: B96E3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA128000
Module End: BA131000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA408000
Module End: BA40D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA410000
Module End: BA415000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B96A2000
Module End: B96D2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BA138000
Module End: BA142000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA420000
Module End: BA426000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA5D6000
Module End: BA5D8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: B961C000
Module End: B967A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA5A4000
Module End: BA5A8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA158000
Module End: BA162000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA168000
Module End: BA177000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA5DA000
Module End: BA5DC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\NVENETFD.sys
Service Name: NVENETFD
Module Base: BA188000
Module End: BA197000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Service Name: ADIHdAudAddService
Module Base: AD432000
Module End: AD458000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AD3E6000
Module End: AD40A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA198000
Module End: BA1A7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AEAudio.sys
Service Name: AEAudioService
Module Base: AD3C6000
Module End: AD3E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Senfilt.sys
Service Name: SenFiltService
Module Base: AD366000
Module End: AD3C6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA5E8000
Module End: BA5EA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA69A000
Module End: BA69B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA5EA000
Module End: BA5EC000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BA440000
Module End: BA446000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA5EC000
Module End: BA5EE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA5EE000
Module End: BA5F0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BA448000
Module End: BA44D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BA450000
Module End: BA458000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: BA54C000
Module End: BA54F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AD301000
Module End: AD314000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AD2A8000
Module End: AD301000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AD280000
Module End: AD2A8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AD25A000
Module End: AD280000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AD238000
Module End: AD25A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BA1C8000
Module End: BA1D1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BA1D8000
Module End: BA1E1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AD20D000
Module End: AD238000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AD19D000
Module End: AD20D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BA1E8000
Module End: BA1F3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: BA588000
Module End: BA58B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BA208000
Module End: BA211000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BA458000
Module End: BA45F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: BA590000
Module End: BA593000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Udfs.SYS
Service Name: Udfs
Module Base: AD0C4000
Module End: AD0D5000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AD0AC000
Module End: AD0C4000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5F0000
Module End: BA5F2000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B967E000
Module End: B9681000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA480000
Module End: BA485000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA703000
Module End: BA704000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AA57B000
Module End: AA57F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AA2EE000
Module End: AA303000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AA45B000
Module End: AA46A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A9D82000
Module End: A9DAF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: BA5F8000
Module End: BA5FA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A9D03000
Module End: A9D5A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A99CA000
Module End: A9A0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A983C000
Module End: A9867000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A9818000
Module End: A983C000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PATRIK-39Q18KJI:1084
Remote Address: LOCALHOST:1083
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI:1083
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI:1081
Remote Address: LOCALHOST:1080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI:1080
Remote Address: LOCALHOST:1081
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI:1029
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1096
Remote Address: 74.125.99.220:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1095
Remote Address: FX-IN-F102.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1094
Remote Address: FX-IN-F102.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1092
Remote Address: FX-IN-F157.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1091
Remote Address: FX-IN-F157.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PATRIK-39Q18KJI:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PATRIK-39Q18KJI:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: PATRIK-39Q18KJI:45301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrB.exe
State: NA

Local Address: PATRIK-39Q18KJI:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: PATRIK-39Q18KJI:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PATRIK-39Q18KJI:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PATRIK-39Q18KJI.RIOMAIL.CZ:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PATRIK-39Q18KJI:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PATRIK-39Q18KJI:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PATRIK-39Q18KJI:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[jaro3]

Po Avastu Ti tam zbyla složka:
c:\program files\Alwil Software tu můžeš smazat .
Nainstaluj si antivir, doporučuji Aviru Free, nezatěžuje tolik systém, jako Avast.
http://free-av.de/

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat


PC se jeví jako čisté bez nákaz , problém tedy bude v HW, bude třeba zkontrolovat HDD, RAM ,zdroj atd.
Tady je to vše, pokud problémy přetrvávají , zadej téma do sekce problémy s hardwarem..