Prosím o kontrolu.

liborek · Příspěvekod **liborek** » 27 dub 2010 22:27

V jiném topicu řeším problém se spouštěním modů na Crysis a NETFRamework.Chci zkusit i kontrolu zde.Online jsem tam nic nenašel,ale kdo ví.Díky.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:43, on 27.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Programy\Programy základ\Záloha programy-XP\bezpečnost\Hijack\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5DPVO.exe" /REG
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8289 bytes

Reklama

Příspěvekod **jaro3** » 28 dub 2010 08:31

Odinstaluj Spyware Terminator, stačí AVG9..

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5DPVO.exe" /REG
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

liborek · Příspěvekod **liborek** » 28 dub 2010 18:52

zde log s TDDS.Nevím co se stalo ale nezobrazuje se mi korektně internet.Jen základní bílé stránky.Asi víte o co jde.

18:48:24:031 3544 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
18:48:24:031 3544 ================================================================================
18:48:24:031 3544 SystemInfo:

18:48:24:031 3544 OS Version: 5.1.2600 ServicePack: 2.0
18:48:24:031 3544 Product type: Workstation
18:48:24:031 3544 ComputerName: SARUSA
18:48:24:031 3544 UserName: slim
18:48:24:031 3544 Windows directory: C:\WINDOWS
18:48:24:031 3544 Processor architecture: Intel x86
18:48:24:031 3544 Number of processors: 2
18:48:24:031 3544 Page size: 0x1000
18:48:24:031 3544 Boot type: Normal boot
18:48:24:031 3544 ================================================================================
18:48:24:031 3544 UnloadDriverW: NtUnloadDriver error 2
18:48:24:031 3544 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:48:24:062 3544 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:48:24:062 3544 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:48:24:062 3544 wfopen_ex: Trying to KLMD file open
18:48:24:062 3544 wfopen_ex: File opened ok (Flags 2)
18:48:24:062 3544 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:48:24:062 3544 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:48:24:062 3544 wfopen_ex: Trying to KLMD file open
18:48:24:062 3544 wfopen_ex: File opened ok (Flags 2)
18:48:24:062 3544 Initialize success
18:48:24:062 3544
18:48:24:062 3544 Scanning Services ...
18:48:24:406 3544 Raw services enum returned 368 services
18:48:24:406 3544
18:48:24:406 3544 Scanning Kernel memory ...
18:48:24:406 3544 Devices to scan: 11
18:48:24:406 3544
18:48:24:406 3544 Driver Name: Disk
18:48:24:406 3544 IRP_MJ_CREATE : B811EC30
18:48:24:406 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:406 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:406 3544 IRP_MJ_READ : B8118D9B
18:48:24:406 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:406 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:406 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:406 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:406 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:406 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:406 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:406 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_POWER : B811AEF3
18:48:24:406 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:406 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:406 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:406 3544
18:48:24:406 3544 Driver Name: Disk
18:48:24:406 3544 IRP_MJ_CREATE : B811EC30
18:48:24:406 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:406 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:406 3544 IRP_MJ_READ : B8118D9B
18:48:24:406 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:406 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:406 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:406 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:406 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:406 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:406 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:406 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_POWER : B811AEF3
18:48:24:406 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:406 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:406 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:406 3544
18:48:24:406 3544 Driver Name: usbstor
18:48:24:406 3544 IRP_MJ_CREATE : 8A5BE500
18:48:24:406 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:406 3544 IRP_MJ_CLOSE : 8A5BE500
18:48:24:406 3544 IRP_MJ_READ : 8A5BE500
18:48:24:406 3544 IRP_MJ_WRITE : 8A5BE500
18:48:24:406 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:406 3544 IRP_MJ_FLUSH_BUFFERS : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:406 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_DEVICE_CONTROL : 8A5BE500
18:48:24:406 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A5BE500
18:48:24:406 3544 IRP_MJ_SHUTDOWN : 804F4282
18:48:24:406 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:406 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:406 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:406 3544 IRP_MJ_POWER : 8A5BE500
18:48:24:406 3544 IRP_MJ_SYSTEM_CONTROL : 8A5BE500
18:48:24:406 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:406 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:406 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: usbstor
18:48:24:421 3544 IRP_MJ_CREATE : 8A5BE500
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : 8A5BE500
18:48:24:421 3544 IRP_MJ_READ : 8A5BE500
18:48:24:421 3544 IRP_MJ_WRITE : 8A5BE500
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : 8A5BE500
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A5BE500
18:48:24:421 3544 IRP_MJ_SHUTDOWN : 804F4282
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : 8A5BE500
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : 8A5BE500
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: Disk
18:48:24:421 3544 IRP_MJ_CREATE : B811EC30
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:421 3544 IRP_MJ_READ : B8118D9B
18:48:24:421 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:421 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : B811AEF3
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: Disk
18:48:24:421 3544 IRP_MJ_CREATE : B811EC30
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:421 3544 IRP_MJ_READ : B8118D9B
18:48:24:421 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:421 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : B811AEF3
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: Disk
18:48:24:421 3544 IRP_MJ_CREATE : B811EC30
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:421 3544 IRP_MJ_READ : B8118D9B
18:48:24:421 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:421 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : B811AEF3
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: Disk
18:48:24:421 3544 IRP_MJ_CREATE : B811EC30
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:421 3544 IRP_MJ_READ : B8118D9B
18:48:24:421 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:421 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : B811AEF3
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:421 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:421 3544
18:48:24:421 3544 Driver Name: Disk
18:48:24:421 3544 IRP_MJ_CREATE : B811EC30
18:48:24:421 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:421 3544 IRP_MJ_CLOSE : B811EC30
18:48:24:421 3544 IRP_MJ_READ : B8118D9B
18:48:24:421 3544 IRP_MJ_WRITE : B8118D9B
18:48:24:421 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:421 3544 IRP_MJ_FLUSH_BUFFERS : B8119366
18:48:24:421 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:421 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_DEVICE_CONTROL : B811944D
18:48:24:421 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CFC3
18:48:24:421 3544 IRP_MJ_SHUTDOWN : B8119366
18:48:24:421 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:421 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:421 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:421 3544 IRP_MJ_POWER : B811AEF3
18:48:24:421 3544 IRP_MJ_SYSTEM_CONTROL : B811FA24
18:48:24:421 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:421 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:421 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:437 3544 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:48:24:437 3544
18:48:24:437 3544 Driver Name: JRAID
18:48:24:437 3544 IRP_MJ_CREATE : 8A8411F8
18:48:24:437 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:437 3544 IRP_MJ_CLOSE : 8A8411F8
18:48:24:437 3544 IRP_MJ_READ : 804F4282
18:48:24:437 3544 IRP_MJ_WRITE : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:437 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:437 3544 IRP_MJ_FLUSH_BUFFERS : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_DEVICE_CONTROL : 8A8411F8
18:48:24:437 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A8411F8
18:48:24:437 3544 IRP_MJ_SHUTDOWN : 804F4282
18:48:24:437 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:437 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:437 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:437 3544 IRP_MJ_POWER : 8A8411F8
18:48:24:437 3544 IRP_MJ_SYSTEM_CONTROL : 8A8411F8
18:48:24:437 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:437 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:437 3544 C:\WINDOWS\system32\DRIVERS\jraid.sys - Verdict: 1
18:48:24:437 3544
18:48:24:437 3544 Driver Name: atapi
18:48:24:437 3544 IRP_MJ_CREATE : 8A8B31F8
18:48:24:437 3544 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
18:48:24:437 3544 IRP_MJ_CLOSE : 8A8B31F8
18:48:24:437 3544 IRP_MJ_READ : 804F4282
18:48:24:437 3544 IRP_MJ_WRITE : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_SET_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_EA : 804F4282
18:48:24:437 3544 IRP_MJ_SET_EA : 804F4282
18:48:24:437 3544 IRP_MJ_FLUSH_BUFFERS : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
18:48:24:437 3544 IRP_MJ_DIRECTORY_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_DEVICE_CONTROL : 8A8B31F8
18:48:24:437 3544 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A8B31F8
18:48:24:437 3544 IRP_MJ_SHUTDOWN : 804F4282
18:48:24:437 3544 IRP_MJ_LOCK_CONTROL : 804F4282
18:48:24:437 3544 IRP_MJ_CLEANUP : 804F4282
18:48:24:437 3544 IRP_MJ_CREATE_MAILSLOT : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_SECURITY : 804F4282
18:48:24:437 3544 IRP_MJ_SET_SECURITY : 804F4282
18:48:24:437 3544 IRP_MJ_POWER : 8A8B31F8
18:48:24:437 3544 IRP_MJ_SYSTEM_CONTROL : 8A8B31F8
18:48:24:437 3544 IRP_MJ_DEVICE_CHANGE : 804F4282
18:48:24:437 3544 IRP_MJ_QUERY_QUOTA : 804F4282
18:48:24:437 3544 IRP_MJ_SET_QUOTA : 804F4282
18:48:24:453 3544 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
18:48:24:453 3544
18:48:24:453 3544 Completed
18:48:24:453 3544
18:48:24:453 3544 Results:
18:48:24:453 3544 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:48:24:453 3544 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:48:24:453 3544 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:48:24:453 3544
18:48:24:453 3544 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:48:24:453 3544 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:48:24:453 3544 KLMD(ARK) unloaded successfully

liborek · Příspěvekod **liborek** » 28 dub 2010 18:55

Dobrý.Zrovna jsem aktualizoval firefox tak se to opravilo. :wink:

liborek · Příspěvekod **liborek** » 28 dub 2010 19:01

Jo ještě v HJT už tentokrát nebyl tento řádek
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5DPVO.exe" /REG

liborek · Příspěvekod **liborek** » 28 dub 2010 19:03

log z mbam:
dekMalwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verze databáze: 4046

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.4.2010 19:00:35
mbam-log-2010-04-28 (19-00-35).txt

Typ skenu: Rychlý sken
Skenované objekty: 117356
Uplynulý čas: 3 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **jaro3** » 28 dub 2010 20:29

Vypni rez. ochrany u AVG9+ deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

liborek · Příspěvekod **liborek** » 28 dub 2010 21:04

Spustil jsem ComboFix .Musel jsem v nouzovém režimu.Když dojel restartoval se počítač do normálníhop režimu a žádný log po něm nezůstal .Ovšem na c:\ mám jakousi složku Qoobox a ikonku jako Tento počítač ovšem označenou ComboFix na kterou když kliknu tak se mi zobrazí taky to samé co pod ikonou Teno počítač.

liborek · Příspěvekod **liborek** » 28 dub 2010 22:06

Tak na podruhé to snad vyšlo.

ComboFix 10-04-28.01 - slim 28.04.2010 21:50:39.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3582.3257 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\slim\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-28 do 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-27 21:00:03 . 2010-04-27 21:00:03 -------- d-----w- C:\WINDOWS\system32\URTTEMP
2010-04-27 20:50:19 . 2010-04-27 20:50:19 -------- d-----w- C:\Program Files\Microsoft.NET
2010-04-26 20:56:07 . 2010-04-26 20:56:07 -------- d-----w- C:\WINDOWS\system32\cs-CZ
2010-04-26 20:54:42 . 2010-04-26 20:54:42 -------- d-----w- C:\WINDOWS\system32\XPSViewer
2010-04-26 20:54:40 . 2010-04-26 20:54:40 -------- d-----w- C:\Program Files\MSBuild
2010-04-26 20:54:35 . 2010-04-26 20:54:35 -------- d-----w- C:\Program Files\Reference Assemblies
2010-04-26 19:02:48 . 2010-04-26 19:02:48 -------- d-----w- C:\Program Files\Electronic Arts
2010-04-10 18:29:57 . 2010-04-10 18:29:59 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-04-05 22:13:22 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-05 22:12:57 . 2006-06-29 11:07:36 14048 ------w- C:\WINDOWS\system32\spmsg2.dll
2010-04-05 22:10:44 . 2010-04-05 22:10:44 -------- d-----w- C:\Program Files\MSXML 6.0
2010-04-04 06:22:52 . 2010-04-04 06:23:04 -------- d-----w- C:\Program Files\TweakRAM
2010-03-31 19:21:40 . 2010-03-31 19:21:40 -------- d-----r- C:\Documents and Settings\Administrator.SARUSA\Oblíbené položky
2010-03-30 19:24:37 . 2006-03-02 12:00:00 137216 ----a-w- C:\WINDOWS\system32\T.COM
2010-03-30 19:24:36 . 2006-03-02 12:00:00 147968 ----a-w- C:\WINDOWS\R.COM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 19:52:23 . 2010-04-28 19:52:23 6724 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-04-28 19:52:23 . 2006-03-02 12:00:00 498244 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-04-28 19:52:23 . 2006-03-02 12:00:00 102488 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-04-28 19:47:13 . 2010-04-28 18:42:38 330 ----a-w- C:\WINDOWS\system32\drivers\fwdrv.err
2010-04-27 20:20:11 . 2009-06-29 17:12:11 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-20 17:37:33 . 2008-08-18 16:13:13 242896 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-04-06 20:27:17 . 2008-08-18 16:04:45 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-04-06 20:23:55 . 2009-04-14 21:09:09 -------- d-----w- C:\Program Files\CCleaner
2010-03-29 22:46:30 . 2009-06-29 17:12:12 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45:52 . 2009-06-29 17:12:14 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-03-24 22:27:08 . 2010-02-07 20:15:36 -------- d-----w- C:\Program Files\ABBYY FineReader 6.0 Sprint
2010-03-24 19:51:07 . 2010-03-24 19:50:04 -------- d-----w- C:\Program Files\Corel
2010-03-21 19:53:58 . 2009-06-29 22:01:36 -------- d-----w- C:\Program Files\TuneUp Utilities 2008
2010-03-20 21:34:46 . 2009-04-19 18:01:15 22328 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010-03-20 21:34:35 . 2009-04-19 18:00:58 103736 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-20 21:00:30 . 2010-03-20 21:00:30 143360 ----a-w- C:\WINDOWS\system32\UAService7.exe
2010-03-18 14:47:22 . 2010-03-18 14:47:22 17760 ----a-w- C:\WINDOWS\system32\aspnet_counters.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 771424 ----a-w- C:\WINDOWS\system32\msvcr100_clr0400.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 70472 ----a-w- C:\WINDOWS\system32\dxva2.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 486216 ----a-w- C:\WINDOWS\system32\evr.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 99176 ----a-w- C:\WINDOWS\system32\PresentationHostProxy.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 49488 ----a-w- C:\WINDOWS\system32\netfxperf.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 295264 ----a-w- C:\WINDOWS\system32\PresentationHost.exe
2010-03-14 21:28:40 . 2008-09-07 19:18:07 -------- d-----w- C:\Program Files\Pinnacle
2010-03-13 17:31:27 . 2010-03-13 17:31:27 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2010-03-13 17:31:26 . 2008-08-18 16:13:10 29512 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-03-13 17:31:21 . 2008-08-18 16:13:11 216200 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-03-12 19:09:09 . 2010-03-12 19:09:09 -------- d-----w- C:\Program Files\Futuremark
2010-03-12 14:50:53 . 2010-03-12 14:45:09 -------- d-----w- C:\Program Files\ATI Technologies
2010-02-01 15:14:54 . 2008-08-18 16:04:42 1247776 ----a-w- C:\WINDOWS\RtlExUpd.dll
2009-07-14 00:16:26 . 2009-07-14 00:16:26 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16:26 . 2009-07-14 00:16:26 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 12:44:18 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 12:08:36 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 09:33:10 16132608]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 22:26:02 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 17:31:27 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf C:\Program Files\iolo\System Mechanic 6

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SW24"=C:\WINDOWS\system32\sw24.exe
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"F:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"F:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [28.10.2008 16:47:04 40368]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [18.7.2006 12:02:50 284184]
S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18.8.2008 20:07:47 717296]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [18.8.2008 18:13:11 216200]
S1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [18.8.2008 18:13:13 242896]
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [18.7.2006 12:02:52 91672]
S2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [13.3.2010 19:31:21 916760]
S2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [13.3.2010 19:31:24 308064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16:28 130384]
S2 IS360service;IS360service;C:\Program Files\IObit\IObit Security 360\is360srv.exe [31.8.2009 22:17:51 311568]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [22.11.2009 20:59:58 1684736]
S3 MOUSEWDFilter;MOUSEWDFilter;C:\WINDOWS\system32\drivers\MOUSEWD.SYS [5.10.2009 19:44:08 6528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16:28 753504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09:12 . 2008-06-20 07:09:12]

2010-01-29 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2010-01-14 21:01:07 . 2009-12-14 11:09:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\Download Express\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\Download Express\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~1\Download Express\mdpph.dll
FF - ProfilePath - C:\Documents and Settings\slim\Data aplikací\Mozilla\Firefox\Profiles\s1fk0q14.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/cs/
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Documents and Settings\slim\Data aplikací\Mozilla\Firefox\Profiles\s1fk0q14.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScript
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - C:\Documents and Settings\slim\Plocha\Kontrola

Příspěvekod **jaro3** » 28 dub 2010 22:42

V tom první skenu se nic nemazalo?
Nenašel si tam dva logy?
C:\Combofix.txt

Máš AVG9 , ale vidím tam dva soubory z AVG8:
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [18.8.2008 18:13:11 216200]
S1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [18.8.2008 18:13:13 242896]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

liborek · Příspěvekod **liborek** » 28 dub 2010 23:21

1.Nic jsem nemazal.Ale když to jelo poprvé,tak jsem u toho nebyl a přišel až už byl restartovaný počítač,a když jsem u toho seděl tak se mě to ptalo jestli chci zůstat v nouzáku což jsem odklepl,ale když jsem u toho nebyl je možný,že se to samo vypnulo a tak se ten log neobjevil.
2.AVG8 jsem jen updatoval na 9 .Nevím co tam dělají ty soubory-smazat?
3.Ten ComboFix musím opět v nouzovém režimu?

liborek · Příspěvekod **liborek** » 28 dub 2010 23:42

Takkže normálně nešel, pustil jsem to v nouzovým.
Tady je ComboFix
ComboFix 10-04-28.01 - slim 28.04.2010 23:29:13.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3582.3259 [GMT 2:00]
Spuštěný z: c:\documents and settings\slim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\slim\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-28 do 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-27 21:00 . 2010-04-27 21:00 -------- d-----w- c:\windows\system32\URTTEMP
2010-04-27 20:50 . 2010-04-27 20:50 -------- d-----w- c:\program files\Microsoft.NET
2010-04-26 20:56 . 2010-04-26 20:56 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-26 20:54 . 2010-04-26 20:54 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-26 20:54 . 2010-04-26 20:54 -------- d-----w- c:\program files\MSBuild
2010-04-26 20:54 . 2010-04-26 20:54 -------- d-----w- c:\program files\Reference Assemblies
2010-04-26 19:02 . 2010-04-26 19:02 -------- d-----w- c:\program files\Electronic Arts
2010-04-10 18:29 . 2010-04-10 18:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-05 22:13 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-05 22:12 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-05 22:10 . 2010-04-05 22:10 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 06:22 . 2010-04-04 06:23 -------- d-----w- c:\program files\TweakRAM
2010-03-31 19:21 . 2010-03-31 19:21 -------- d-----r- c:\documents and settings\Administrator.SARUSA\Oblíbené položky
2010-03-30 19:24 . 2006-03-02 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-03-30 19:24 . 2006-03-02 12:00 147968 ----a-w- c:\windows\R.COM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 21:30 . 2006-03-02 12:00 498244 ----a-w- c:\windows\system32\perfh005.dat
2010-04-28 21:30 . 2006-03-02 12:00 102488 ----a-w- c:\windows\system32\perfc005.dat
2010-04-28 21:25 . 2010-04-28 18:42 495 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-04-27 20:20 . 2009-06-29 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 17:37 . 2008-08-18 16:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-06 20:27 . 2008-08-18 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 20:23 . 2009-04-14 21:09 -------- d-----w- c:\program files\CCleaner
2010-03-29 22:46 . 2009-06-29 17:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-06-29 17:12 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 22:27 . 2010-02-07 20:15 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-03-24 19:51 . 2010-03-24 19:50 -------- d-----w- c:\program files\Corel
2010-03-21 19:53 . 2009-06-29 22:01 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-03-20 21:34 . 2009-04-19 18:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-20 21:34 . 2009-04-19 18:00 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 21:00 . 2010-03-20 21:00 143360 ----a-w- c:\windows\system32\UAService7.exe
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-14 21:28 . 2008-09-07 19:18 -------- d-----w- c:\program files\Pinnacle
2010-03-13 17:31 . 2010-03-13 17:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 17:31 . 2008-08-18 16:13 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 17:31 . 2008-08-18 16:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 19:09 . 2010-03-12 19:09 -------- d-----w- c:\program files\Futuremark
2010-03-12 14:50 . 2010-03-12 14:45 -------- d-----w- c:\program files\ATI Technologies
2010-02-01 15:14 . 2008-08-18 16:04 1247776 ----a-w- c:\windows\RtlExUpd.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 17:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SW24"=c:\windows\system32\sw24.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"f:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"f:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"f:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [28.10.2008 16:47 40368]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.8.2008 20:07 717296]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18.8.2008 18:13 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18.8.2008 18:13 242896]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13.3.2010 19:31 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.3.2010 19:31 308064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [31.8.2009 22:17 311568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.11.2009 20:59 1684736]
S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [5.10.2009 19:44 6528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]

2010-01-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\Download Express\mdpph.dll
FF - ProfilePath - c:\documents and settings\slim\Data aplikací\Mozilla\Firefox\Profiles\s1fk0q14.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/cs/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\slim\Data aplikací\Mozilla\Firefox\Profiles\s1fk0q14.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\documents and settings\slim\Plocha\Kontrola

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 23:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1979792683-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,b4,9c,02,3e,c9,b2,b5,f3,67,4b,3c,3f,6c,04,75,ae,c3,b1,88,16,17,f9,
34,95,19,df,cd,0c,b5,e5,be,17,c4,0f,49,ae,2d,c5,ac,f2,fc,fe,a3,16,5a,b4,42,\
"??"=hex:a9,ae,d0,c9,f6,95,f8,00,85,8d,5f,19,89,cf,ee,ac

[HKEY_USERS\S-1-5-21-343818398-1979792683-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ce,0a,e8,ce,e4,d6,f2,50,9a,9c,1c,78,98,61,9e,1c,44,8d,70,94,af,
c4,27,97,e2,b4,6a,4a,fe,cf,94,3c,35,99,57,55,a7,03,46,18,3d,e3,db,73,ec,a1,\
"rkeysecu"=hex:ea,1b,8d,d5,17,32,a9,9c,ad,ee,40,b8,f4,81,8c,0b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(276)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-04-28 23:35:05
ComboFix-quarantined-files.txt 2010-04-28 21:35

Před spuštěním: Volných bajtů: 47 282 372 608
Po spuštění: Volných bajtů: 47 247 056 896

- - End Of File - - 6CD3E55FC9EB59566C60D2F23401E0E7

a tady HJt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:23, on 28.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\slim\Plocha\Kontrola,čištění\Hijack\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6839 bytes

Prosím o kontrolu. Vyřešeno

Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Re: Prosím o kontrolu.

Kdo je online