Prosím o kontrolu logu - SYSTEM 99%

omist · Příspěvekod **omist** » 12 kvě 2010 10:18

Zdravím, prosím, skoukněte mi HJT log.

Mám HP DX 5150 a celou dobu šlape v pohodě, akorát poslední dva měsíce se mi objevuje závada, kdy procesor jede na 100% a v přehledu Správce úloh čtu, že 99% procesoru zaměstnává SYSTEM. To není dobře, protože tím pádem jede počítač jako šnek. Poprvé jsem to řešil přeinstalací driverů pro desku a grafiku a pomohlo to. Ale po tomto víkendu (a výpadku elektřiny) se závada objevila opět a i po reinstalaci uvedených a dalších driverů je stále SYSTEM 99%. Zkusil jsem dle helpline HP na webu upgradovat i BIOS – bez výsledku.Doufám, že se nepotvrdí podezření na nějakou hardwarou chybu desky, neb mi v poslední době začali i vynechávat usb vstupy (mám jich 8 a chvíli 4 nefungovaly, teď momentálně nefunguje žádný). DÍKY ZA POMOC :lookround:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:30, on 12.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.zive.cz
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - http://album.droxi.cz/moje-alba/ilt/ili ... oader2.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9034085953
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8dd34fc938ba8) (gupdate1c8dd34fc938ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9916 bytes

Reklama

Příspěvekod **jaro3** » 12 kvě 2010 17:14

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

omist · Příspěvekod **omist** » 13 kvě 2010 00:26

Díky, fixnuto, vyčištěno a tady je log z MbAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.5.2010 0:22:34
mbam-log-2010-05-13 (00-22-34).txt

Typ skenu: Rychlý sken
Skenované objekty: 143541
Uplynulý čas: 1 hodina(y), 1 minuta(y), 59 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

jinak jsem byl dneska v servise HP, vyloučili hardwarovou chybu a doporučili zkusit najít chybu v systému - dělají to pravděp. drivery, v nejhorším udělat čistou instalaci Win XP

Příspěvekod **jaro3** » 13 kvě 2010 02:24

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

omist · Příspěvekod **omist** » 13 kvě 2010 08:00

ComboFix 10-05-12.01 - Ondra 13.05.2010 3:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2494.1878 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Ondra\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Ondra\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Ondra\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\Ondra\Local Settings\Temp\sfareca00001.dll
c:\windows\jestertb.dll
c:\windows\system32\AbaleZip.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\skinboxer43.dll
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-13 do 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-12 11:43 . 2010-05-12 11:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-12 04:12 . 2010-05-12 04:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-11 18:33 . 2010-05-11 18:33 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-05-11 18:33 . 2010-05-11 18:33 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-05-11 18:21 . 2010-05-11 18:21 -------- d-----w- c:\program files\AMD
2010-05-11 17:59 . 2010-05-11 17:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-11 15:25 . 2010-05-12 04:12 -------- d-----w- c:\program files\ATI Technologies
2010-05-10 20:59 . 2010-05-10 20:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-29 03:48 . 2006-11-10 01:00 126976 ----a-r- c:\windows\system32\V0330Vfw.dll
2010-04-29 03:48 . 2007-04-30 01:10 266240 ----a-r- c:\windows\system32\V0330Cvw.dll
2010-04-29 03:48 . 2007-08-08 05:48 157696 ----a-r- c:\windows\system32\drivers\V0330Vid.sys
2010-04-29 03:48 . 2007-04-26 01:10 32768 ----a-r- c:\windows\system32\V0330Hwx.dll
2010-04-29 03:48 . 2007-04-24 01:10 36864 ----a-r- c:\windows\system32\V0330Pin.dll
2010-04-29 03:48 . 2006-12-13 02:35 4516 ----a-r- c:\windows\system32\drivers\V0330STB.SYS
2010-04-29 03:48 . 2005-07-07 01:07 36864 ----a-r- c:\windows\system32\CtCamMgr.dll
2010-04-29 03:19 . 2010-04-29 03:19 -------- d-----w- c:\program files\HydraVision
2010-04-29 03:18 . 2010-04-29 03:19 -------- d-----w- c:\program files\CCC
2010-04-29 03:15 . 2010-04-29 03:15 -------- d-----w- c:\program files\program files
2010-04-29 02:59 . 2010-04-29 02:59 -------- d-----w- c:\program files\ACE
2010-04-29 02:49 . 2010-05-12 07:28 -------- d-----w- c:\program files\Driver
2010-04-29 02:49 . 2010-04-29 03:19 -------- d-----w- c:\program files\CPanel
2010-04-29 02:38 . 2010-04-29 02:38 -------- d-----w- c:\program files\SBDrv
2010-04-29 02:38 . 2010-04-29 03:18 -------- d-----w- c:\program files\BIN
2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\windows\MATS
2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-04-21 17:02 . 2010-04-21 17:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 22:12 . 2010-04-14 22:12 -------- d-----w- c:\program files\VIA Technologies, INC
2010-04-14 21:21 . 2010-04-14 21:53 -------- d-----w- c:\program files\Chat_0330_1_12_01
2010-04-14 21:02 . 2007-04-30 01:03 32768 ----a-r- c:\windows\V0330Mon.exe
2010-04-14 21:02 . 2007-04-24 01:10 20480 ----a-r- c:\windows\V0330Cfg.exe
2010-04-14 11:55 . 2010-04-14 11:55 -------- d-----w- c:\program files\Trend Micro
2010-04-14 11:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 11:25 . 2010-05-11 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 11:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 10:28 . 2010-04-14 10:27 46423 ----a-w- c:\windows\system32\adildr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 03:19 . 2008-05-17 23:13 -------- d-----w- c:\program files\SpeedFan
2010-05-12 23:17 . 2009-01-01 10:49 -------- d-----w- c:\program files\DVDFab 5
2010-05-12 23:11 . 2007-09-11 23:09 -------- d-----w- c:\program files\CCleaner
2010-05-12 23:08 . 2009-07-20 03:35 -------- d-----w- c:\program files\UltraExplorer
2010-05-12 04:10 . 2007-08-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 21:04 . 2007-09-24 21:32 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 20:31 . 2008-12-03 23:06 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-05-11 18:13 . 2004-09-06 07:23 90726 ----a-w- c:\windows\system32\perfc005.dat
2010-05-11 18:13 . 2004-09-06 07:23 458644 ----a-w- c:\windows\system32\perfh005.dat
2010-05-05 04:16 . 2009-09-30 03:35 -------- d-----w- c:\program files\CDBurnerXP
2010-04-29 02:06 . 2007-09-10 19:52 -------- d-----r- c:\program files\Skype
2010-04-26 17:04 . 2010-02-20 23:46 -------- d-----w- c:\program files\uTorrent
2010-04-25 17:03 . 2010-03-16 10:54 -------- d-----w- c:\program files\MyDefrag v4.2.9
2010-04-21 17:03 . 2008-05-30 22:52 -------- d-----w- c:\program files\Recuva
2010-04-20 11:49 . 2008-01-24 23:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-16 04:31 . 2007-08-22 20:03 -------- d-----w- c:\program files\Google
2010-04-14 21:39 . 2009-10-13 19:50 -------- d-----w- c:\program files\Creative
2010-04-14 12:35 . 2009-01-19 10:02 -------- d-----w- c:\program files\Defraggler
2010-04-14 12:32 . 2008-01-13 23:09 -------- d-----w- c:\program files\Any Video Converter
2010-04-13 09:23 . 2009-12-20 00:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-13 01:20 . 2009-04-28 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-13 01:20 . 2010-04-13 01:20 -------- d-----w- c:\program files\Ape Ripper
2010-04-10 15:05 . 2010-04-10 15:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll
2010-03-31 11:24 . 2010-03-31 11:24 -------- d-----w- c:\program files\QuickTime
2010-03-31 11:08 . 2007-08-22 20:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-18 03:42 . 2010-03-18 03:42 -------- d-----w- c:\program files\EASEUS
2010-03-17 00:27 . 2010-03-17 00:27 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-03-16 22:45 . 2009-03-04 04:09 -------- d-----w- c:\program files\Opera
2010-03-16 22:19 . 2010-03-01 23:46 -------- d-----w- c:\program files\Mp3tag
2010-03-16 22:11 . 2008-11-05 19:43 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-10 06:17 . 2004-08-18 02:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 07:05 . 2009-03-19 16:01 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-25 06:18 . 2004-08-18 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 02:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 23:24 . 2009-10-28 03:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-20 23:24 . 2009-10-16 05:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-17 12:09 . 2004-08-18 02:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-18 02:00 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:24 . 2009-03-19 16:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 10:03 . 2010-03-11 04:14 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 02:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 8283A4D489B207991EFDC8328733D0BC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\p:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2008-11-12 19:08 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2008-11-12 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-19 11:40 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Ondra\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.10.2009 6:44 64288]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [12.1.2006 12:56 116264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.3.2009 18:01 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1285864]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [27.12.2008 0:32 14976]
S2 gupdate1c8dd34fc938ba8;Google Update Service (gupdate1c8dd34fc938ba8);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2008 21:49 133104]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10.4.2010 17:05 266544]
S3 PCAlertDriver;PCAlertDriver;\??\c:\biostools\NTGLM7X.sys --> c:\biostools\NTGLM7X.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12.9.2007 23:34 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12.9.2007 23:34 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12.9.2007 23:34 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12.9.2007 23:34 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12.9.2007 23:34 98568]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [29.4.2010 5:48 157696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 21:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-13 c:\windows\Tasks\User_Feed_Synchronization-{587E890E-4E85-46C0-AA8C-7270A63E678D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: tmo.cz\sms1.client
Trusted Zone: tmo.cz\sms2.client
Trusted Zone: zive.cz\www
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://album.droxi.cz/moje-alba/ilt/ili ... oader2.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 05:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1996079426-1009829794-1376712884-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1996079426-1009829794-1376712884-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{994F6A73-C730-945F-33DF-A6576B848D46}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Celkový čas: 2010-05-13 05:35:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-13 03:34

Před spuštěním: Volných bajtů: 99 113 918 464
Po spuštění: Volných bajtů: 99 287 740 416

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 44DE9AD6E56FB983A6E92319730527C9

Příspěvekod **jaro3** » 13 kvě 2010 10:02

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\program files\program files
c:\program files\BIN
c:\windows\MATS
c:\program files\Driver
c:\program files\Chat_0330_1_12_01

Driver::
PCAlertDriver
NTGLM7X
ProtoWall
ProtoWall Network Service

DDS::
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\AppPatch\matsshim.dll
c:\windows\system32\drivers\tcpip.sys

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

omist · Příspěvekod **omist** » 14 kvě 2010 00:56

ComboFix 10-05-12.01 - Ondra 13.05.2010 17:47:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2494.1916 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Ondra\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Ondra\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Ondra\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\Ondra\Local Settings\Temp\sfareca00001.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCALERTDRIVER
-------\Service_PCAlertDriver
-------\Service_ProtoWall

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-13 do 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-12 11:43 . 2010-05-12 11:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-12 04:12 . 2010-05-12 04:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-11 18:33 . 2010-05-11 18:33 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-05-11 18:33 . 2010-05-11 18:33 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-05-11 18:33 . 2010-05-11 18:33 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-05-11 18:21 . 2010-05-11 18:21 -------- d-----w- c:\program files\AMD
2010-05-11 17:59 . 2010-05-11 17:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-11 15:25 . 2010-05-12 04:12 -------- d-----w- c:\program files\ATI Technologies
2010-05-10 20:59 . 2010-05-10 20:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-29 03:48 . 2006-11-10 01:00 126976 ----a-r- c:\windows\system32\V0330Vfw.dll
2010-04-29 03:48 . 2007-04-30 01:10 266240 ----a-r- c:\windows\system32\V0330Cvw.dll
2010-04-29 03:48 . 2007-08-08 05:48 157696 ----a-r- c:\windows\system32\drivers\V0330Vid.sys
2010-04-29 03:48 . 2007-04-26 01:10 32768 ----a-r- c:\windows\system32\V0330Hwx.dll
2010-04-29 03:48 . 2007-04-24 01:10 36864 ----a-r- c:\windows\system32\V0330Pin.dll
2010-04-29 03:48 . 2006-12-13 02:35 4516 ----a-r- c:\windows\system32\drivers\V0330STB.SYS
2010-04-29 03:48 . 2005-07-07 01:07 36864 ----a-r- c:\windows\system32\CtCamMgr.dll
2010-04-29 03:19 . 2010-04-29 03:19 -------- d-----w- c:\program files\HydraVision
2010-04-29 03:18 . 2010-04-29 03:19 -------- d-----w- c:\program files\CCC
2010-04-29 03:15 . 2010-04-29 03:15 -------- d-----w- c:\program files\program files
2010-04-29 02:59 . 2010-04-29 02:59 -------- d-----w- c:\program files\ACE
2010-04-29 02:49 . 2010-05-12 07:28 -------- d-----w- c:\program files\Driver
2010-04-29 02:49 . 2010-04-29 03:19 -------- d-----w- c:\program files\CPanel
2010-04-29 02:38 . 2010-04-29 02:38 -------- d-----w- c:\program files\SBDrv
2010-04-29 02:38 . 2010-04-29 03:18 -------- d-----w- c:\program files\BIN
2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\windows\MATS
2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-04-21 17:02 . 2010-04-21 17:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 22:12 . 2010-04-14 22:12 -------- d-----w- c:\program files\VIA Technologies, INC
2010-04-14 21:21 . 2010-04-14 21:53 -------- d-----w- c:\program files\Chat_0330_1_12_01
2010-04-14 21:02 . 2007-04-30 01:03 32768 ----a-r- c:\windows\V0330Mon.exe
2010-04-14 21:02 . 2007-04-24 01:10 20480 ----a-r- c:\windows\V0330Cfg.exe
2010-04-14 11:55 . 2010-04-14 11:55 -------- d-----w- c:\program files\Trend Micro
2010-04-14 11:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 11:25 . 2010-05-11 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 11:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 10:28 . 2010-04-14 10:27 46423 ----a-w- c:\windows\system32\adildr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 22:29 . 2008-05-17 23:13 -------- d-----w- c:\program files\SpeedFan
2010-05-13 06:03 . 2007-09-11 23:09 -------- d-----w- c:\program files\CCleaner
2010-05-12 23:17 . 2009-01-01 10:49 -------- d-----w- c:\program files\DVDFab 5
2010-05-12 23:08 . 2009-07-20 03:35 -------- d-----w- c:\program files\UltraExplorer
2010-05-12 04:10 . 2007-08-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 21:04 . 2007-09-24 21:32 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 20:31 . 2008-12-03 23:06 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-05-11 18:13 . 2004-09-06 07:23 90726 ----a-w- c:\windows\system32\perfc005.dat
2010-05-11 18:13 . 2004-09-06 07:23 458644 ----a-w- c:\windows\system32\perfh005.dat
2010-05-05 04:16 . 2009-09-30 03:35 -------- d-----w- c:\program files\CDBurnerXP
2010-04-29 02:06 . 2007-09-10 19:52 -------- d-----r- c:\program files\Skype
2010-04-26 17:04 . 2010-02-20 23:46 -------- d-----w- c:\program files\uTorrent
2010-04-25 17:03 . 2010-03-16 10:54 -------- d-----w- c:\program files\MyDefrag v4.2.9
2010-04-21 17:03 . 2008-05-30 22:52 -------- d-----w- c:\program files\Recuva
2010-04-20 11:49 . 2008-01-24 23:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-16 04:31 . 2007-08-22 20:03 -------- d-----w- c:\program files\Google
2010-04-14 21:39 . 2009-10-13 19:50 -------- d-----w- c:\program files\Creative
2010-04-14 12:35 . 2009-01-19 10:02 -------- d-----w- c:\program files\Defraggler
2010-04-14 12:32 . 2008-01-13 23:09 -------- d-----w- c:\program files\Any Video Converter
2010-04-13 09:23 . 2009-12-20 00:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-13 01:20 . 2009-04-28 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-13 01:20 . 2010-04-13 01:20 -------- d-----w- c:\program files\Ape Ripper
2010-04-10 15:05 . 2010-04-10 15:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll
2010-03-31 11:24 . 2010-03-31 11:24 -------- d-----w- c:\program files\QuickTime
2010-03-31 11:08 . 2007-08-22 20:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-18 03:42 . 2010-03-18 03:42 -------- d-----w- c:\program files\EASEUS
2010-03-17 00:27 . 2010-03-17 00:27 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-03-16 22:45 . 2009-03-04 04:09 -------- d-----w- c:\program files\Opera
2010-03-16 22:19 . 2010-03-01 23:46 -------- d-----w- c:\program files\Mp3tag
2010-03-16 22:11 . 2008-11-05 19:43 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-10 06:17 . 2004-08-18 02:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 07:05 . 2009-03-19 16:01 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-25 06:18 . 2004-08-18 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 02:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 23:24 . 2009-10-28 03:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-20 23:24 . 2009-10-16 05:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-17 12:09 . 2004-08-18 02:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-18 02:00 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:24 . 2009-03-19 16:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\BIN ----

2008-11-12 18:43 . 2008-11-12 18:43 53248 ----a-w- c:\program files\BIN\AtiCIM.dll
2008-11-12 18:43 . 2008-11-12 18:43 128512 ----a-w- c:\program files\BIN\UpdatPnP.exe
2008-11-12 18:42 . 2008-11-12 18:42 123392 ----a-w- c:\program files\BIN\EnumDev.exe
2008-11-12 18:42 . 2008-11-12 18:42 397312 ----a-w- c:\program files\BIN\atiicdxx.dll
2008-11-12 18:42 . 2008-11-12 18:42 308224 ----a-w- c:\program files\BIN\atiicdxx.exe
2008-11-12 18:41 . 2008-11-12 18:41 6656 ----a-w- c:\program files\BIN\aticd64a.sys
2008-11-12 18:41 . 2008-11-12 18:41 6144 ----a-w- c:\program files\BIN\atiicdxx.sys
2008-11-12 18:41 . 2008-11-12 18:41 348160 ----a-w- c:\program files\BIN\aticds10.dll
2008-11-12 18:41 . 2008-11-12 18:41 73728 ----a-w- c:\program files\BIN\atricdxx.dft
2008-11-12 18:41 . 2008-11-12 18:41 73728 ----a-w- c:\program files\BIN\atricdxx.enu
2008-11-12 18:41 . 2008-11-12 18:41 34304 ----a-w- c:\program files\BIN\atricd6a.dft
2008-11-12 18:41 . 2008-11-12 18:41 34304 ----a-w- c:\program files\BIN\atricd6a.enu
2008-10-30 06:45 . 2008-10-30 06:45 180720 ----a-w- c:\program files\BIN\atiicdxx.dat
2008-10-30 06:45 . 2008-10-30 06:45 55808 ----a-w- c:\program files\BIN\atiicdxx.msi
2008-05-26 10:54 . 2008-05-26 10:54 24064 ----a-w- c:\program files\BIN\chipset.msi
2003-04-14 17:07 . 2003-04-14 17:07 7849 ----a-w- c:\program files\BIN\atiicdxx.vxd
2000-02-05 10:02 . 2000-02-05 10:02 11 ----a-w- c:\program files\BIN\atiicdxx.ini

---- Directory of c:\program files\Driver ----

2008-12-05 17:43 . 2008-12-05 17:43 112 ----a-w- c:\program files\Driver\XP_INF\atiiseag.ini
2008-12-05 17:43 . 2008-12-05 17:43 33750 ----a-w- c:\program files\Driver\XP_INF\CX_72992.cat
2008-12-02 16:04 . 2008-12-02 16:04 125062 ----a-w- c:\program files\Driver\XP_INF\CX_72992.inf
2008-12-02 16:04 . 2008-12-02 16:04 5476 ----a-w- c:\program files\Driver\Driver.dat
2008-12-02 16:04 . 2008-12-02 16:04 670 ----a-w- c:\program files\Driver\INSTALL.INI
2008-12-02 15:43 . 2008-12-02 15:43 3055 ----a-w- c:\program files\Driver\CX_72992.INI
2008-12-02 15:29 . 2008-12-02 15:29 2641 ----a-w- c:\program files\Driver\CX_72990.INI
2008-11-12 20:41 . 2008-11-12 20:41 2366221 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2mtag.sy_
2008-11-12 19:20 . 2008-11-12 19:20 425984 ----a-w- c:\program files\Driver\XP_INF\B_72069\atidemgx.dll
2008-11-12 19:19 . 2008-11-12 19:19 199611 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2dvag.dl_
2008-11-12 19:12 . 2008-11-12 19:12 4988793 ----a-w- c:\program files\Driver\XP_INF\B_72069\atioglxx.dl_
2008-11-12 19:08 . 2008-11-12 19:08 99871 ----a-w- c:\program files\Driver\XP_INF\B_72069\atipdlxx.dl_
2008-11-12 19:08 . 2008-11-12 19:08 16308 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2mdxx.ex_
2008-11-12 19:08 . 2008-11-12 19:08 28844 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2edxx.dl_
2008-11-12 19:07 . 2008-11-12 19:07 73971 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2evxx.dl_
2008-11-12 19:06 . 2008-11-12 19:06 315456 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2evxx.ex_
2008-11-12 19:05 . 2008-11-12 19:05 28699 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiddc.dl_
2008-11-12 18:55 . 2008-11-12 18:55 2049618 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati3duag.dl_
2008-11-12 18:47 . 2008-11-12 18:47 307200 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiiiexx.dll
2008-11-12 18:39 . 2008-11-12 18:39 1223584 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativvaxx.dl_
2008-11-12 18:39 . 2008-11-12 18:39 9995 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativvaxx.ca_
2008-11-12 18:39 . 2008-11-12 18:39 3107788 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativva5x.dat
2008-11-12 18:39 . 2008-11-12 18:39 887724 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativva6x.dat
2008-11-12 18:39 . 2008-11-12 18:39 3107788 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativvaxx.dat
2008-11-12 18:25 . 2008-11-12 18:25 29988 ----a-w- c:\program files\Driver\XP_INF\B_72069\amdpcom32.dl_
2008-11-12 18:21 . 2008-11-12 18:21 207418 ----a-w- c:\program files\Driver\XP_INF\B_72069\atikvmag.dl_
2008-11-12 18:20 . 2008-11-12 18:20 42893 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiadlxx.dl_
2008-11-12 18:19 . 2008-11-12 18:19 8348 ----a-w- c:\program files\Driver\XP_INF\B_72069\atitvo32.dl_
2008-11-12 18:19 . 2008-11-12 18:19 13624 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2erec.dl_
2008-11-12 18:18 . 2008-11-12 18:18 133826 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiok3x2.dl_
2008-11-12 18:13 . 2008-11-12 18:13 280140 ----a-w- c:\program files\Driver\XP_INF\B_72069\ati2cqag.dl_
2008-11-12 18:05 . 2008-11-12 18:05 3061831 ----a-w- c:\program files\Driver\data1.cab
2008-11-12 18:05 . 2008-11-12 18:05 48948 ----a-w- c:\program files\Driver\data1.hdr
2008-11-12 18:05 . 2008-11-12 18:05 512 ----a-w- c:\program files\Driver\data2.cab
2008-11-12 18:05 . 2008-11-12 18:05 344923 ----a-w- c:\program files\Driver\ikernel.ex_
2008-11-12 18:05 . 2008-11-12 18:05 482 ----a-w- c:\program files\Driver\layout.bin
2008-11-12 18:05 . 2008-11-12 18:05 139264 ----a-w- c:\program files\Driver\Setup.exe
2008-11-12 18:05 . 2008-11-12 18:05 452 ----a-w- c:\program files\Driver\Setup.ini
2008-11-12 18:05 . 2008-11-12 18:05 172558 ----a-w- c:\program files\Driver\setup.inx
2008-11-12 18:05 . 2008-11-12 18:05 772 ----a-w- c:\program files\Driver\setup.iss
2008-11-12 18:05 . 2008-11-12 18:05 308168 ----a-w- c:\program files\Driver\_setup.bmp
2008-10-30 06:45 . 2008-10-30 06:45 180720 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiicdxx.dat
2008-10-21 10:51 . 2008-10-21 10:51 71699 ----a-w- c:\program files\Driver\XP_INF\B_72069\atibrtmon.ex_
2008-10-21 09:40 . 2008-10-21 09:40 25085 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiodcli.ex_
2008-10-21 09:40 . 2008-10-21 09:40 48579 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiode.ex_
2008-10-17 06:19 . 2008-10-17 06:19 15079 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiogl.xml
2008-10-03 13:48 . 2008-10-03 13:48 527 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiode.exe.manifest
2008-09-29 13:22 . 2008-09-29 13:22 529 ----a-w- c:\program files\Driver\XP_INF\B_72069\atiodcli.exe.manifest
2007-08-31 06:20 . 2007-08-31 06:20 7167 ----a-w- c:\program files\Driver\XP_INF\B_72069\atifglpf.xml
2006-08-31 04:52 . 2006-08-31 04:52 22629 ----a-w- c:\program files\Driver\2KXP_INF\CX_35058.cat
2006-07-31 02:06 . 2006-07-31 02:06 112 ----a-w- c:\program files\Driver\2KXP_INF\atiiseag.ini
2006-07-26 13:20 . 2006-07-26 13:20 57457 ----a-w- c:\program files\Driver\2KXP_INF\CX_35058.inf
2006-07-26 13:20 . 2006-07-26 13:20 56033 ----a-w- c:\program files\Driver\2KXP_INF\C2_35058.inf
2006-07-26 13:20 . 2006-07-26 13:20 3055 ----a-w- c:\program files\Driver\CX_35058.INI
2006-07-26 13:00 . 2006-07-26 13:00 3075 ----a-w- c:\program files\Driver\C2_35058.INI
2006-07-22 17:30 . 2006-07-22 17:30 29024 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativvpxx.vp
2006-07-22 17:14 . 2006-07-22 17:14 163331 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2dvag.dl_
2006-07-22 17:13 . 2006-07-22 17:13 972532 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2mtag.sy_
2006-07-22 17:08 . 2006-07-22 17:08 62212 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atipdlxx.dl_
2006-07-22 17:08 . 2006-07-22 17:08 16312 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2mdxx.ex_
2006-07-22 17:08 . 2006-07-22 17:08 27729 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2edxx.dl_
2006-07-22 17:08 . 2006-07-22 17:08 33528 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2evxx.dl_
2006-07-22 17:07 . 2006-07-22 17:07 215886 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2evxx.ex_
2006-07-22 17:06 . 2006-07-22 17:06 28702 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atiddc.dl_
2006-07-22 17:01 . 2006-07-22 17:01 307200 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atiiiexx.dll
2006-07-22 16:59 . 2006-07-22 16:59 1495011 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati3duag.dl_
2006-07-22 16:53 . 2006-07-22 16:53 886957 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativvaxx.dl_
2006-07-22 16:46 . 2006-07-22 16:46 3118128 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atioglx1.dl_
2006-07-22 16:42 . 2006-07-22 16:42 2522207 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atioglxx.dl_
2006-07-22 16:40 . 2006-07-22 16:40 118085 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atikvmag.dl_
2006-07-22 16:39 . 2006-07-22 16:39 8347 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atitvo32.dl_
2006-07-22 16:38 . 2006-07-22 16:38 10835 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2erec.dl_
2006-07-22 16:35 . 2006-07-22 16:35 115302 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atidemgr.dl_
2006-07-22 16:34 . 2006-07-22 16:34 160063 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ati2cqag.dl_
2006-04-28 11:05 . 2006-04-28 11:05 127614 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atiicdxx.dat
2006-04-05 08:36 . 2006-04-05 08:36 6005 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\atifglpf.xml
2006-02-08 11:44 . 2006-02-08 11:44 1114674 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativcaxx.cpa
2006-02-08 11:44 . 2006-02-08 11:44 929 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativcaxx.vp
2005-10-14 05:10 . 2005-10-14 05:10 58560 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativckxx.vp
2005-02-23 09:10 . 2005-02-23 09:10 21070 ----a-w- c:\program files\Driver\2KXP_INF\CX_21098.cat
2005-02-18 09:58 . 2005-02-18 09:58 82246 ----a-w- c:\program files\Driver\2KXP_INF\CX_21098.inf
2005-02-18 09:57 . 2005-02-18 09:57 82097 ----a-w- c:\program files\Driver\2KXP_INF\C2_21098.inf
2005-02-18 09:56 . 2005-02-18 09:56 1792 ----a-w- c:\program files\Driver\CX_21098.INI
2005-02-18 09:54 . 2005-02-18 09:54 1792 ----a-w- c:\program files\Driver\C2_21098.INI
2005-02-08 21:31 . 2005-02-08 21:31 299008 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atiiiexx.dll
2005-02-08 21:10 . 2005-02-08 21:10 86649 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atidemgr.dl_
2005-02-08 20:50 . 2005-02-08 20:50 3107315 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atioglxx.dl_
2005-02-08 20:33 . 2005-02-08 20:33 143665 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2dvag.dl_
2005-02-08 20:33 . 2005-02-08 20:33 599588 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2mtag.sy_
2005-02-08 20:31 . 2005-02-08 20:31 49285 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atipdlxx.dl_
2005-02-08 20:31 . 2005-02-08 20:31 39672 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\oemdspif.dl_
2005-02-08 20:31 . 2005-02-08 20:31 15671 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2mdxx.ex_
2005-02-08 20:31 . 2005-02-08 20:31 26717 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2edxx.dl_
2005-02-08 20:31 . 2005-02-08 20:31 31834 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2evxx.dl_
2005-02-08 20:31 . 2005-02-08 20:31 184459 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2evxx.ex_
2005-02-08 20:30 . 2005-02-08 20:30 28127 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atiddc.dl_
2005-02-08 20:30 . 2005-02-08 20:30 1203173 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati3duag.dl_
2005-02-08 20:25 . 2005-02-08 20:25 238817 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ativvaxx.dl_
2005-02-08 20:23 . 2005-02-08 20:23 8901 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2erec.dl_
2005-02-08 20:23 . 2005-02-08 20:23 8347 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atitvo32.dl_
2005-02-08 20:21 . 2005-02-08 20:21 125902 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ati2cqag.dl_
2005-02-02 15:08 . 2005-02-02 15:08 9684 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atifglpf.xml
2004-12-20 16:48 . 2004-12-20 16:48 73845 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\atiicdxx.dat
2001-11-09 10:01 . 2001-11-09 10:01 12614 ----a-w- c:\program files\Driver\2KXP_INF\B_21066\ativcoxx.dl_
2001-11-09 08:01 . 2001-11-09 08:01 12614 ----a-w- c:\program files\Driver\XP_INF\B_72069\ativcoxx.dl_
2001-11-09 06:01 . 2001-11-09 06:01 12614 ----a-w- c:\program files\Driver\2KXP_INF\B_34944\ativcoxx.dl_

---- Directory of c:\program files\Chat_0330_1_12_01 ----

2010-04-14 21:21 . 2009-07-06 16:58 5366 ----a-w- c:\program files\Chat_0330_1_12_01\VF0330.UNS
2010-04-14 21:21 . 2002-05-08 15:59 201731 ----a-w- c:\program files\Chat_0330_1_12_01\VfwUpd.EXE
2010-04-14 21:21 . 2009-07-03 14:25 193408 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Vid64.sys
2010-04-14 21:21 . 2009-07-03 14:26 157728 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Vid.sys
2010-04-14 21:21 . 2009-07-06 17:07 62295 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Vid.inf
2010-04-14 21:21 . 2007-07-30 23:00 8704 ----a-w- c:\program files\Chat_0330_1_12_01\V0330VFW.DRV
2010-04-14 21:21 . 2006-11-09 23:00 126976 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Vfw.dll
2010-04-14 21:21 . 2006-12-13 08:35 4516 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Stb.sys
2010-04-14 21:21 . 2009-06-28 23:12 45056 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Twn.ds
2010-04-14 21:21 . 2009-07-03 09:38 57856 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Pin64.dll
2010-04-14 21:21 . 2009-07-02 23:12 40960 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Pin.dll
2010-04-14 21:21 . 2006-09-19 11:56 57656 ----a-w- c:\program files\Chat_0330_1_12_01\V0330PC.BMP
2010-04-14 21:21 . 2007-04-25 23:10 23552 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Hwx64.dll
2010-04-14 21:21 . 2007-04-29 23:03 32768 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Mon.exe
2010-04-14 21:21 . 2007-04-25 23:10 32768 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Hwx.dll
2010-04-14 21:21 . 2009-06-30 23:12 41472 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Ext64.crl
2010-04-14 21:21 . 2009-06-30 23:12 49152 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Ext.crl
2010-04-14 21:21 . 2009-06-30 23:12 108032 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Ext64.ax
2010-04-14 21:21 . 2007-04-30 07:45 20480 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Det.exe
2010-04-14 21:21 . 2009-06-30 23:12 98304 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Ext.ax
2010-04-14 21:21 . 2009-07-05 23:12 282624 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Cvw.dll
2010-04-14 21:21 . 2009-06-25 23:12 253952 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Cvw.crl
2010-04-14 21:21 . 2009-07-07 07:51 19183 ----a-w- c:\program files\Chat_0330_1_12_01\v0330.cat
2010-04-14 21:21 . 2006-08-28 12:22 188891 ----a-w- c:\program files\Chat_0330_1_12_01\V0330Cvw.bff
2010-04-14 21:21 . 2006-04-17 09:09 286720 ----a-w- c:\program files\Chat_0330_1_12_01\HookWnd.dll
2010-04-14 21:21 . 2010-01-07 14:54 68 ----a-w- c:\program files\Chat_0330_1_12_01\DISK.ID
2010-04-14 21:21 . 2007-02-15 11:26 811008 ----a-w- c:\program files\Chat_0330_1_12_01\cximage.dll
2010-04-14 21:21 . 2009-07-02 01:00 163840 ----a-w- c:\program files\Chat_0330_1_12_01\CTTwain.dll
2010-04-14 21:21 . 2007-11-28 00:50 200704 ----a-w- c:\program files\Chat_0330_1_12_01\CtTwain.crl
2010-04-14 21:21 . 2007-11-07 23:10 45056 ----a-w- c:\program files\Chat_0330_1_12_01\CtStpCD.dll
2010-04-14 21:21 . 2008-06-29 23:11 188416 ----a-w- c:\program files\Chat_0330_1_12_01\CtStpCD.crl
2010-04-14 21:21 . 2007-08-08 11:38 426 ----a-w- c:\program files\Chat_0330_1_12_01\CtRunApp.ini
2010-04-14 21:21 . 2009-07-06 16:58 896 ----a-w- c:\program files\Chat_0330_1_12_01\CtSetupX.ini
2010-04-14 21:21 . 2007-07-23 23:01 24576 ----a-w- c:\program files\Chat_0330_1_12_01\CtRunApp.exe
2010-04-14 21:21 . 2009-07-06 16:58 977 ----a-w- c:\program files\Chat_0330_1_12_01\CtDrvStp.ini
2010-04-14 21:21 . 2009-04-14 00:31 53248 ----a-w- c:\program files\Chat_0330_1_12_01\CtDrvStp.crl
2010-04-14 21:21 . 2009-04-14 00:31 102400 ----a-w- c:\program files\Chat_0330_1_12_01\CtDrvStp.exe
2010-04-14 21:21 . 2009-03-18 16:30 108032 ----a-w- c:\program files\Chat_0330_1_12_01\CtDrvIns64.exe
2010-04-14 21:21 . 2007-08-23 17:46 10752 ----a-w- c:\program files\Chat_0330_1_12_01\CtCamPin64.crl
2010-04-14 21:21 . 2009-03-18 16:30 94208 ----a-w- c:\program files\Chat_0330_1_12_01\CtDrvIns.exe
2010-04-14 21:21 . 2009-06-16 13:17 29184 ----a-w- c:\program files\Chat_0330_1_12_01\CtCamMgr64.dll
2010-04-14 21:21 . 2007-08-23 17:46 20480 ----a-w- c:\program files\Chat_0330_1_12_01\CtCamPin.crl
2010-04-14 21:21 . 2009-06-16 13:17 36864 ----a-w- c:\program files\Chat_0330_1_12_01\CtCamMgr.dll

---- Directory of c:\program files\program files ----

2003-11-20 15:01 . 2003-11-20 15:01 525824 ----a-w- c:\program files\program files\COMPAQ\SetRefresh\SetRefresh.exe

---- Directory of c:\windows\MATS ----

2010-04-10 15:05 . 2010-04-10 15:05 19760 ----a-w- c:\windows\MATS\MatsRes.dll
2010-04-10 15:05 . 2010-04-10 15:05 12080 ----a-w- c:\windows\MATS\de-DE\matsres.dll.mui
2010-04-10 15:05 . 2010-04-10 15:05 12592 ----a-w- c:\windows\MATS\es-ES\matsres.dll.mui
2010-04-10 15:05 . 2010-04-10 15:05 13104 ----a-w- c:\windows\MATS\fr-FR\matsres.dll.mui
2010-04-10 15:05 . 2010-04-10 15:05 11568 ----a-w- c:\windows\MATS\ja-JP\matsres.dll.mui
2010-04-10 15:05 . 2010-04-10 15:05 11056 ----a-w- c:\windows\MATS\zh-CN\matsres.dll.mui

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 8283A4D489B207991EFDC8328733D0BC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-13_03.20.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-13 17:02 . 2010-05-13 17:02 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_194.dat
+ 2010-05-13 17:02 . 2010-05-13 17:02 16384 c:\windows\Temp\Perflib_Perfdata_728.dat
+ 2007-08-22 11:05 . 2010-05-13 14:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-22 11:05 . 2010-05-12 21:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-13 14:58 . 2010-05-13 14:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-22 11:05 . 2010-05-12 21:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\p:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ondra^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2008-11-12 19:08 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2008-11-12 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-19 11:40 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Ondra\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.10.2009 6:44 64288]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [12.1.2006 12:56 116264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.3.2009 18:01 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1285864]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [27.12.2008 0:32 14976]
S2 gupdate1c8dd34fc938ba8;Google Update Service (gupdate1c8dd34fc938ba8);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2008 21:49 133104]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10.4.2010 17:05 266544]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12.9.2007 23:34 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12.9.2007 23:34 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12.9.2007 23:34 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12.9.2007 23:34 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12.9.2007 23:34 98568]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [29.4.2010 5:48 157696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 21:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-13 c:\windows\Tasks\User_Feed_Synchronization-{587E890E-4E85-46C0-AA8C-7270A63E678D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: tmo.cz\sms1.client
Trusted Zone: tmo.cz\sms2.client
Trusted Zone: zive.cz\www
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://album.droxi.cz/moje-alba/ilt/ili ... oader2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 00:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1996079426-1009829794-1376712884-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1996079426-1009829794-1376712884-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{994F6A73-C730-945F-33DF-A6576B848D46}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2010-05-14 00:43:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-13 22:43
ComboFix2.txt 2010-05-13 03:35

Před spuštěním: Volných bajtů: 99 286 093 824
Po spuštění: Volných bajtů: 99 370 074 112

- - End Of File - - 006824A5F593CCAA89084BEC5D21AAD5

omist · Příspěvekod **omist** » 14 kvě 2010 01:03

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:58:33, on 14.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.zive.cz
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - http://album.droxi.cz/moje-alba/ilt/ili ... oader2.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9034085953
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8dd34fc938ba8) (gupdate1c8dd34fc938ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8042 bytes

omist · Příspěvekod **omist** » 14 kvě 2010 04:08

Soubor matsshim.dll přijatý 2010.05.13 23:10:26 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.14.00 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.14 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4834 2010.05.14 -
DrWeb 5.0.2.03300 2010.05.14 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7487 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.13 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.14 -
Ikarus T3.1.1.84.0 2010.05.13 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.13 -
McAfee 5.400.0.1158 2010.05.14 -
McAfee-GW-Edition 2010.1 2010.05.13 -
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.13 -
Prevx 3.0 2010.05.14 -
Rising 22.47.03.04 2010.05.13 -
Sophos 4.53.0 2010.05.14 -
Sunbelt 6300 2010.05.14 -
Symantec 20101.1.0.89 2010.05.13 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.14 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -
Rozšiřující informace
File size: 65328 bytes
MD5...: b9d774f96c3a6299d8ebacf462faeab3
SHA1..: b841576811aef04977346f6cd8fa1398dc6aab80
SHA256: d18a4efb9a8ccfd7a6667c79a64d694d9f6c3457c8434b2670fcdb27218faf7b
ssdeep: 768:qf/pnrBJdL85M7WovZyMdvxn0VEUYKm+0krSwmUpa+DZTpP2b5sBRAc:krBJ
dL85Xo4AzUxR0k9o+VxkOD
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3bd9
timedatestamp.....: 0x4bc10737 (Sat Apr 10 23:18:15 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaf6d 0xb000 6.53 8a9a7df3ef1d8c3cb88ecf40ec21fb89
.data 0xc000 0x3184 0x1200 2.43 20038ba46c9a788e81b331a057933b84
.rsrc 0x10000 0x3f0 0x400 3.28 231fca564b796af62effee9b981d35f1
.reloc 0x11000 0x1932 0x1a00 3.44 ab8909711b42f648323a73be4b77077c

( 2 imports )
> ntdll.dll: RtlUnwind, RtlInterlockedPopEntrySList, RtlInitializeSListHead
> KERNEL32.dll: FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, VirtualQuery, GetSystemInfo, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, Sleep, InitializeCriticalSection, LoadLibraryExA, CompareStringW, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, VirtualProtect, OutputDebugStringA, CloseHandle, GetCurrentProcessId, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, SetLastError, SetFilePointer, GetLastError, DebugBreak, HeapFree, InterlockedDecrement, HeapAlloc, InterlockedIncrement, GetCommandLineA, GetVersionExA, HeapReAlloc, GetProcAddress, GetModuleHandleA, ExitProcess, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, VirtualAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCPInfo, GetACP, GetOEMCP, WriteFile, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

( 2 exports )
GetHookAPIs, NotifyShims
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Automated Troubleshooting Services
description..: Windows Compatibility DLL for Microsoft ATS
original name:
internal name:
file version.: 2.0.0000.26 (MSFixit.100410-1616)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

omist · Příspěvekod **omist** » 14 kvě 2010 04:09

Soubor tcpip.sys přijatý 2010.05.14 02:05:54 (UTC)
Současný stav: Dokončeno
Výsledek: 1/40 (2.5%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.14.00 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.14 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4834 2010.05.14 -
DrWeb 5.0.2.03300 2010.05.14 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7487 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.14 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.14 -
Ikarus T3.1.1.84.0 2010.05.14 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.14 -
McAfee 5.400.0.1158 2010.05.14 -
McAfee-GW-Edition 2010.1 2010.05.13 Heuristic.LooksLike.Trojan.Patched.I
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.14 -
Rising 22.47.04.00 2010.05.14 -
Sophos 4.53.0 2010.05.14 -
Sunbelt 6301 2010.05.14 -
Symantec 20101.1.0.89 2010.05.14 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.14 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -
Rozšiřující informace
File size: 361600 bytes
MD5...: cbeebeb899e31ef52b962cb31fc8ca5c
SHA1..: bb35759a536bbb8da3b21de5f450385b333e1c25
SHA256: 41f7af89da20be99b45ed8db714be0709547b93a2fc2421703eb288521122ec4
ssdeep: 6144:QJVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCzKLQ/xsczo:QDxTl2OzryZCA
Q4CQDQ/
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50d23
timedatestamp.....: 0x485b99ad (Fri Jun 20 11:51:09 2008)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3f05a 0x3f080 6.58 469827b02f4403f5236e017c0c4bc49a
.rdata 0x3f400 0x574 0x580 4.44 0eb5bdbba26ed4d079a201f965266cb4
.data 0x3f980 0xa4a4 0xa500 0.06 ea0c5005c163289d0c29ae80301cb86f
PAGE 0x49e80 0x1f85 0x2000 6.38 29223020b8202f58b61651e2099c84e8
PAGELK 0x4be80 0x6f2 0x700 6.19 d82540f4886ebcffb849774114194524
PAGEIPMc 0x4c580 0x2781 0x2800 6.43 bb13276e642dee8cf0a818967e06b022
.edata 0x4ed80 0x341 0x380 5.23 32781ababdbcd87358c1d1eb84509dd0
INIT 0x4f100 0x5936 0x5980 6.19 fcef6dffef02997844f4ea0ed6e144fe
.rsrc 0x54a80 0x3f0 0x400 3.41 3fd0d62483602aa6ce780c14866b4e39
.reloc 0x54e80 0x3590 0x3600 6.79 1e3ca28ef6ff9cf6fa16149dbf4fe144

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Protocol Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Příspěvekod **jaro3** » 14 kvě 2010 09:00

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\MATS\MatsRes.dll
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer (není již podmínkou)! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

omist · Příspěvekod **omist** » 14 kvě 2010 11:00

-----------------=============================================================================
Skener Dr.Web pro Windows v6.00.1 (6.00.1.03150)
© Doctor Web, Ltd., 1992-2009
Výpis událostí vytvořen: 2010-05-14, 05:41:27 [LIGHTHOUSE][Ondra]
Příkazový řádek: "C:\DOCUME~1\Ondra\LOCALS~1\Temp\RarSFX0\lh95dXP.exe" /lng:cs-scan /ini:setup_XP.ini /fast
Operační Systém: Windows XP Home Edition x86 (Build 2600), Service Pack 3
=============================================================================
DwShield nastartován
Verze jádra programu: 5.00 (5.00.2.03300)
Verze API: 2.02
------------------------------------------------------------
Statistika prohledávání
-----------------------------------------------------------------------------
Zkontrolováno: 6865
Infikovano: 0
Modifikaci: 0
Podezřelé: 0
Adware: 0
Dialery: 0
Joke: 0
Riskware: 0
Hacktool: 0
Vyléčen: 0
Smazán: 0
Přejmenován: 0
Přesunut: 0
Vynechán: 0
Rychlost prohledávání: 437 Kb/s
Doba prohledávání: 00:49:44
-----------------------------------------------------------------------------

=============================================================================
Celková statistika sezení
=============================================================================
Zkontrolováno: 6865
Infikovano: 0
Modifikaci: 0
Podezřelé: 0
Adware: 0
Dialery: 0
Joke: 0
Riskware: 0
Hacktool: 0
Vyléčen: 0
Smazán: 0
Přejmenován: 0
Přesunut: 0
Vynechán: 0
Rychlost prohledávání: 436 Kb/s
Doba prohledávání: 00:49:51
=============================================================================

Prosím o kontrolu logu - SYSTEM 99% Vyřešeno

Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Re: Prosím o kontrolu logu - SYSTEM 99%

Kdo je online