preventivka - stav pc

martin.efres · Příspěvekod **martin.efres** » 20 srp 2010 18:45

Ahoj,chtel bych poprosit o kontrolu,nemam zadne problemy s pocitacem ,vse funguje ,jak ma ,jen jestli muze byt i lip

edit: Tak uz jo, Pocitac se pri sledovani HD filmu sam restartoval ,CPU je pri samotnem spusteni prohlizece zatizen na 67% ..
Posledni zmeny na PC za posledni 2dny:
Instalace nove graficke karty (HW)
Instalace Comodo Firewallu

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:09, on 2010-08-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6274 bytes

Reklama

Příspěvekod **jaro3** » 20 srp 2010 19:55

COMODO Internet Security ---pokud nepoužíváš jen firewall ,ale celý balík, tak odinstaluj Avast5

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

-Zkus defragmentaci.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

martin.efres · Příspěvekod **martin.efres** » 20 srp 2010 21:08

Comodo pouzivam samozrejme jen Firewall ,ikdyz je pro system docela narocny. Jinak Vycistil jsem pc CCleanerem,Registry Showerem,..)

zde je log:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4453

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-08-20 20:59:52
mbam-log-2010-08-20 (20-59-52).txt

Typ skenu: Rychlý sken
Skenované objekty: 151726
Uplynulý čas: 26 minuta(y), 43 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **jaro3** » 20 srp 2010 21:13

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

martin.efres · Příspěvekod **martin.efres** » 21 srp 2010 10:58

Zde je log z Combofixu ,..hned po tom jsem obnovil stav pocitace pred 2 dny pac mi nesel net,takze bych to asi mel udelat cely znova?

ComboFix 10-08-19.02 - Butterfly 2010-08-21 10:18:44.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.552 [GMT 2:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Help\nvcpar.hlp-nv1467
c:\windows\Help\nvcpar.hlp-nv19233
c:\windows\Help\nvcpar.hlp-nv22406
c:\windows\Help\nvcpcs.hlp-nv1471
c:\windows\Help\nvcpcs.hlp-nv19233
c:\windows\Help\nvcpcs.hlp-nv22406
c:\windows\Help\nvcpda.hlp-nv1474
c:\windows\Help\nvcpda.hlp-nv19233
c:\windows\Help\nvcpda.hlp-nv22409
c:\windows\Help\nvcpde.hlp-nv1474
c:\windows\Help\nvcpde.hlp-nv19233
c:\windows\Help\nvcpde.hlp-nv22409
c:\windows\Help\nvcpel.hlp-nv1474
c:\windows\Help\nvcpel.hlp-nv19233
c:\windows\Help\nvcpel.hlp-nv22409
c:\windows\Help\nvcpeng.hlp-nv1477
c:\windows\Help\nvcpeng.hlp-nv19233
c:\windows\Help\nvcpeng.hlp-nv22409
c:\windows\Help\nvcpes.hlp-nv1477
c:\windows\Help\nvcpes.hlp-nv19233
c:\windows\Help\nvcpes.hlp-nv22409
c:\windows\Help\nvcpesm.hlp-nv1481
c:\windows\Help\nvcpesm.hlp-nv19233
c:\windows\Help\nvcpesm.hlp-nv22409
c:\windows\Help\nvcpfi.hlp-nv1481
c:\windows\Help\nvcpfi.hlp-nv19236
c:\windows\Help\nvcpfi.hlp-nv22409
c:\windows\Help\nvcpfr.hlp-nv1481
c:\windows\Help\nvcpfr.hlp-nv19236
c:\windows\Help\nvcpfr.hlp-nv22409
c:\windows\Help\nvcphe.hlp-nv1481
c:\windows\Help\nvcphe.hlp-nv19236
c:\windows\Help\nvcphe.hlp-nv22409
c:\windows\Help\nvcphu.hlp-nv1484
c:\windows\Help\nvcphu.hlp-nv19236
c:\windows\Help\nvcphu.hlp-nv22409
c:\windows\Help\nvcpit.hlp-nv1484
c:\windows\Help\nvcpit.hlp-nv19236
c:\windows\Help\nvcpit.hlp-nv22409
c:\windows\Help\nvcpja.hlp-nv1487
c:\windows\Help\nvcpja.hlp-nv19236
c:\windows\Help\nvcpja.hlp-nv22409
c:\windows\Help\nvcpko.hlp-nv1487
c:\windows\Help\nvcpko.hlp-nv19236
c:\windows\Help\nvcpko.hlp-nv22409
c:\windows\Help\nvcpl.hlp-nv1487
c:\windows\Help\nvcpl.hlp-nv19236
c:\windows\Help\nvcpl.hlp-nv22409
c:\windows\Help\nvcpnl.hlp-nv1490
c:\windows\Help\nvcpnl.hlp-nv19236
c:\windows\Help\nvcpnl.hlp-nv22409
c:\windows\Help\nvcpno.hlp-nv1490
c:\windows\Help\nvcpno.hlp-nv19236
c:\windows\Help\nvcpno.hlp-nv22409
c:\windows\Help\nvcppl.hlp-nv1490
c:\windows\Help\nvcppl.hlp-nv19236
c:\windows\Help\nvcppl.hlp-nv22412
c:\windows\Help\nvcppt.hlp-nv1490
c:\windows\Help\nvcppt.hlp-nv19236
c:\windows\Help\nvcppt.hlp-nv22412
c:\windows\Help\nvcpptb.hlp-nv1494
c:\windows\Help\nvcpptb.hlp-nv19236
c:\windows\Help\nvcpptb.hlp-nv22412
c:\windows\Help\nvcpru.hlp-nv1494
c:\windows\Help\nvcpru.hlp-nv19236
c:\windows\Help\nvcpru.hlp-nv22412
c:\windows\Help\nvcpsk.hlp-nv1494
c:\windows\Help\nvcpsk.hlp-nv19236
c:\windows\Help\nvcpsk.hlp-nv22412
c:\windows\Help\nvcpsl.hlp-nv1497
c:\windows\Help\nvcpsl.hlp-nv19236
c:\windows\Help\nvcpsl.hlp-nv22412
c:\windows\Help\nvcpsv.hlp-nv1497
c:\windows\Help\nvcpsv.hlp-nv19236
c:\windows\Help\nvcpsv.hlp-nv22412
c:\windows\Help\nvcpth.hlp-nv1497
c:\windows\Help\nvcpth.hlp-nv19236
c:\windows\Help\nvcpth.hlp-nv22412
c:\windows\Help\nvcptr.hlp-nv1497
c:\windows\Help\nvcptr.hlp-nv19236
c:\windows\Help\nvcptr.hlp-nv22412
c:\windows\Help\nvcpzhc.hlp-nv1497
c:\windows\Help\nvcpzhc.hlp-nv19236
c:\windows\Help\nvcpzhc.hlp-nv22412
c:\windows\Help\nvcpzht.hlp-nv1497
c:\windows\Help\nvcpzht.hlp-nv19239
c:\windows\Help\nvcpzht.hlp-nv22412

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-20 20:08 . 2010-08-21 08:03 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-08-20 16:52 . 2010-08-20 16:52 -------- d-----w- c:\documents and settings\Butterfly\DoctorWeb
2010-08-19 20:12 . 2010-08-19 20:12 -------- d-----w- C:\VritualRoot
2010-08-19 20:09 . 2010-08-19 20:09 -------- d-----w- c:\program files\COMODO
2010-08-19 19:14 . 2010-08-19 19:29 -------- d-----w- c:\program files\Sunbelt Software
2010-08-19 17:54 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:50 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:50 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:50 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:49 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:47 . 2010-08-19 17:49 -------- d-----w- c:\program files\Alwil Software
2010-08-19 12:51 . 2010-07-27 11:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-08-18 14:13 . 2010-08-18 14:13 -------- d-----w- C:\ATI
2010-08-18 13:00 . 2010-08-18 14:14 -------- d-----w- c:\program files\ATI
2010-08-18 12:39 . 2010-08-18 14:15 -------- d-----w- c:\program files\ATI Technologies
2010-08-16 09:13 . 2010-08-16 09:13 -------- d-----w- C:\PFiles
2010-08-15 10:50 . 2010-08-18 12:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-07 08:19 . 2009-06-16 17:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-08-07 08:19 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-08-07 08:19 . 2006-10-27 15:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-08-06 21:55 . 2010-08-06 22:00 217 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-08-05 07:14 . 2010-08-05 07:15 -------- d-----w- c:\windows\NV35361800.TMP
2010-08-04 08:12 . 2010-08-04 08:12 -------- d-----w- c:\windows\NV23721612.TMP
2010-08-01 12:53 . 2010-08-01 13:00 -------- d-----w- c:\windows\NV33763424.TMP
2010-08-01 11:58 . 2010-08-01 11:58 -------- d-----w- c:\windows\NV40402576.TMP
2010-07-30 21:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-30 20:58 . 2010-07-30 21:49 -------- d-----w- c:\program files\Image-Line
2010-07-30 20:14 . 2010-07-30 20:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-30 16:16 . 2010-07-30 16:18 -------- d-----w- c:\program files\Sony
2010-07-30 16:12 . 2010-07-30 16:12 -------- d-----w- c:\program files\Sony Setup
2010-07-28 19:47 . 2010-07-28 19:47 -------- d-----w- c:\program files\Futuremark
2010-07-27 21:21 . 2010-07-27 21:21 -------- d-----w- c:\program files\Zoner
2010-07-25 09:26 . 2010-07-25 09:26 -------- d-----w- c:\documents and settings\Butterfly\.thumbnails
2010-07-25 09:20 . 2010-08-07 07:38 -------- d-----w- c:\documents and settings\Butterfly\.gimp-2.6
2010-07-25 09:18 . 2010-07-25 09:18 -------- d-----w- c:\program files\GIMP-2.0
2010-07-24 17:17 . 2010-07-24 20:08 -------- d-----w- c:\program files\Yahoo!
2010-07-23 08:42 . 2010-07-23 09:06 -------- d-----w- c:\windows\nvidia icons
2010-07-23 07:01 . 2010-07-23 07:01 -------- d-----w- c:\windows\NV30123024.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 19:42 . 2010-03-08 11:38 -------- d-----w- c:\program files\Steam
2010-08-19 19:47 . 2010-02-12 21:12 -------- d-----w- c:\program files\Google
2010-08-19 19:35 . 2010-07-01 09:01 -------- d-----w- c:\program files\QuickTime
2010-08-19 18:21 . 2010-07-17 17:53 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-08-19 12:52 . 2010-08-19 12:52 -------- d-----w- c:\program files\Realtek
2010-08-19 12:52 . 2010-02-09 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 12:29 . 2010-02-11 16:04 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-08-19 09:01 . 2010-06-06 07:45 -------- d-----w- c:\program files\Defraggler
2010-08-19 08:58 . 2010-07-04 12:24 -------- d-----w- c:\program files\FileHippo.com
2010-08-18 21:09 . 2010-03-04 21:09 -------- d-----w- c:\program files\Samsung
2010-08-18 20:31 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-08-18 20:29 . 2010-04-03 08:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-18 14:14 . 2010-08-18 14:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-18 13:07 . 2010-07-20 11:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 12:10 . 2001-10-25 14:00 79424 ----a-w- c:\windows\system32\perfc005.dat
2010-08-13 12:10 . 2001-10-25 14:00 432386 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:51 . 2010-07-17 19:26 -------- d-----w- c:\program files\Panda Security
2010-08-08 09:45 . 2010-07-20 11:25 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-07 15:13 . 2010-03-27 20:28 -------- d-----w- c:\program files\Trillian
2010-08-06 22:00 . 2010-02-17 18:37 133520 ----a-w- c:\windows\BricoPackUninst.cmd
2010-08-04 10:27 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc93b.tmp
2010-08-04 10:25 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc9a9.tmp
2010-08-04 10:22 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc60f.tmp
2010-08-02 09:54 . 2010-06-13 09:04 -------- d-----w- c:\program files\Safari
2010-07-29 18:29 . 2010-02-27 09:18 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-28 19:50 . 2010-03-04 16:17 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-28 19:50 . 2010-03-04 16:17 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-28 16:27 . 2010-08-19 12:52 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-28 16:27 . 2010-08-19 12:52 359016 ----a-w- c:\windows\vncutil.exe
2010-07-28 16:27 . 2010-08-19 12:52 1833576 ----a-w- c:\windows\SkyTel.exe
2010-07-28 16:27 . 2010-08-19 12:52 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-28 16:27 . 2010-08-19 12:52 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-28 16:27 . 2010-02-14 08:00 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-07-28 16:27 . 2010-08-19 12:52 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-07-28 16:27 . 2010-08-19 12:52 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-28 16:27 . 2010-08-19 12:52 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-07-28 16:27 . 2010-08-19 12:52 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-27 08:27 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-07-27 06:30 . 2010-08-15 09:44 8466432 ----a-w- c:\windows\system32\nsuD.tmp
2010-07-22 20:01 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-07-22 08:03 . 2010-07-22 08:03 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-07-21 09:03 . 2010-02-28 21:24 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-17 17:58 . 2010-04-24 08:05 -------- d-----w- c:\program files\DivX
2010-07-17 17:56 . 2010-07-17 17:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 17:55 . 2010-04-24 08:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 17:38 . 2010-07-10 09:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1(2)
2010-07-17 17:38 . 2010-07-10 09:24 -------- d-----w- c:\program files\Common Files\Java(2)
2010-07-17 17:37 . 2010-07-17 17:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-17 17:34 . 2010-07-17 17:34 -------- d-----w- c:\program files\All Ten Fingers
2010-07-17 17:34 . 2010-07-15 17:58 -------- d-----w- c:\program files\All Ten Fingers(2)
2010-07-15 14:36 . 2010-04-12 18:53 -------- d-----w- c:\program files\Valve
2010-07-09 22:38 . 2010-08-15 13:29 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys-nv1245
2010-07-09 11:18 . 2010-02-12 21:17 -------- d-----w- c:\program files\Common Files\CyberLink
2010-07-09 11:17 . 2010-03-20 11:58 -------- d-----w- c:\program files\IObit
2010-07-07 02:27 . 2010-04-11 19:18 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2010-08-18 14:14 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2010-08-18 14:14 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2010-08-18 14:14 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2010-08-18 14:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2010-04-11 19:23 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2010-04-11 19:23 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2010-08-18 14:14 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2010-08-18 14:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2010-08-18 14:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2010-08-18 14:14 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-08-18 14:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2010-04-11 19:23 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2010-08-18 14:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2010-08-18 14:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2010-08-18 14:14 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2010-08-18 14:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2010-08-18 14:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2010-08-18 14:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2010-04-11 19:23 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-06 11:58 . 2010-02-27 09:19 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-17 20:21 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-04 21:18 . 2010-07-01 10:25 -------- d-----w- c:\program files\Trend Micro
2010-07-04 14:36 . 2010-07-04 14:36 55572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-04 13:01 . 2010-02-16 20:34 -------- d-----w- c:\program files\7-Zip
2010-07-04 12:45 . 2010-02-19 15:16 -------- d-----w- c:\program files\AIMP2
2010-07-04 12:40 . 2010-02-20 09:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----r- c:\program files\Skype
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----w- c:\program files\Common Files\Skype
2010-07-02 20:25 . 2010-06-07 18:39 -------- d-----w- c:\program files\WinUtilities
2010-07-02 20:08 . 2010-07-02 20:08 -------- d-----w- c:\program files\FreeTime
2010-07-01 08:49 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-07-01 08:39 . 2010-06-17 14:05 -------- d-----w- c:\program files\Opera 10.60 Beta
2010-06-30 12:33 . 2010-03-21 11:47 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 08:35 . 2010-03-03 21:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-28 17:25 . 2010-02-24 16:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
.

------- Sigcheck -------

[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 15:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Butterfly\\Dokumenty\\My DAP Downloads\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Flow\\Flow.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2010-02-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-02-21 52224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-08-19 165456]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-09 13696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-06-01 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-08-19 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-19 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-06-13 23456]
S3 esihdrv;esihdrv; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-03-17 18944]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2010-03-17 11520]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-28 697328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zobrazit originál
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-08-21 10:31:18
ComboFix-quarantined-files.txt 2010-08-21 08:31

Před spuštěním: Volných bajtů: 74,836,160,512
Po spuštění: Volných bajtů: 74,971,860,992

Current=48 Default=48 Failed=47 LastKnownGood=49 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49
- - End Of File - - 5DBE73993D5CBE05DD8D38B8A9F670D3

Příspěvekod **jaro3** » 21 srp 2010 11:28

Přesně tak , udělej vše znovu.

Příště většinou stačí několikrát restartovat PC a bude to v pořádku.

martin.efres · Příspěvekod **martin.efres** » 21 srp 2010 13:00

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4456

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-08-21 12:03:45
mbam-log-2010-08-21 (12-03-45).txt

Typ skenu: Rychlý sken
Skenované objekty: 151159
Uplynulý čas: 8 minuta(y), 49 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

ComboFix 10-08-19.02 - Butterfly 2010-08-21 12:42:53.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.623 [GMT 2:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 10:08 . 2010-08-21 10:09 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-08-21 08:44 . 2010-08-21 08:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-21 08:15 . 2010-08-21 08:43 -------- d-----w- C:\ComboFix(2)
2010-08-20 20:08 . 2010-08-21 08:43 -------- d-----w- C:\32788R22FWJFW(2)
2010-08-20 16:52 . 2010-08-20 16:52 -------- d-----w- c:\documents and settings\Butterfly\DoctorWeb
2010-08-19 20:12 . 2010-08-19 20:12 -------- d-----w- C:\VritualRoot
2010-08-19 20:09 . 2010-08-19 20:09 -------- d-----w- c:\program files\COMODO
2010-08-19 19:14 . 2010-08-19 19:29 -------- d-----w- c:\program files\Sunbelt Software
2010-08-19 17:54 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:50 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:50 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:50 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:49 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:47 . 2010-08-19 17:49 -------- d-----w- c:\program files\Alwil Software
2010-08-19 12:51 . 2010-07-27 11:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-08-18 14:13 . 2010-08-18 14:13 -------- d-----w- C:\ATI
2010-08-18 13:00 . 2010-08-18 14:14 -------- d-----w- c:\program files\ATI
2010-08-18 12:39 . 2010-08-18 14:15 -------- d-----w- c:\program files\ATI Technologies
2010-08-16 09:13 . 2010-08-16 09:13 -------- d-----w- C:\PFiles
2010-08-15 10:50 . 2010-08-18 12:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-07 08:19 . 2009-06-16 17:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-08-07 08:19 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-08-07 08:19 . 2006-10-27 15:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-08-06 21:55 . 2010-08-06 22:00 217 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-08-05 07:14 . 2010-08-05 07:15 -------- d-----w- c:\windows\NV35361800.TMP
2010-08-04 08:12 . 2010-08-04 08:12 -------- d-----w- c:\windows\NV23721612.TMP
2010-08-01 12:53 . 2010-08-01 13:00 -------- d-----w- c:\windows\NV33763424.TMP
2010-08-01 11:58 . 2010-08-01 11:58 -------- d-----w- c:\windows\NV40402576.TMP
2010-07-30 21:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-30 20:58 . 2010-07-30 21:49 -------- d-----w- c:\program files\Image-Line
2010-07-30 20:14 . 2010-07-30 20:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-30 16:16 . 2010-07-30 16:18 -------- d-----w- c:\program files\Sony
2010-07-30 16:12 . 2010-07-30 16:12 -------- d-----w- c:\program files\Sony Setup
2010-07-28 19:47 . 2010-07-28 19:47 -------- d-----w- c:\program files\Futuremark
2010-07-27 21:21 . 2010-07-27 21:21 -------- d-----w- c:\program files\Zoner
2010-07-25 09:26 . 2010-07-25 09:26 -------- d-----w- c:\documents and settings\Butterfly\.thumbnails
2010-07-25 09:20 . 2010-08-07 07:38 -------- d-----w- c:\documents and settings\Butterfly\.gimp-2.6
2010-07-25 09:18 . 2010-07-25 09:18 -------- d-----w- c:\program files\GIMP-2.0
2010-07-24 17:17 . 2010-07-24 20:08 -------- d-----w- c:\program files\Yahoo!
2010-07-23 08:42 . 2010-07-23 09:06 -------- d-----w- c:\windows\nvidia icons
2010-07-23 07:01 . 2010-07-23 07:01 -------- d-----w- c:\windows\NV30123024.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 10:25 . 2010-03-08 11:38 -------- d-----w- c:\program files\Steam
2010-08-19 19:47 . 2010-02-12 21:12 -------- d-----w- c:\program files\Google
2010-08-19 19:35 . 2010-07-01 09:01 -------- d-----w- c:\program files\QuickTime
2010-08-19 18:21 . 2010-07-17 17:53 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-08-19 12:52 . 2010-08-19 12:52 -------- d-----w- c:\program files\Realtek
2010-08-19 12:52 . 2010-02-09 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 12:29 . 2010-02-11 16:04 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-08-19 09:01 . 2010-06-06 07:45 -------- d-----w- c:\program files\Defraggler
2010-08-19 08:58 . 2010-07-04 12:24 -------- d-----w- c:\program files\FileHippo.com
2010-08-18 21:09 . 2010-03-04 21:09 -------- d-----w- c:\program files\Samsung
2010-08-18 20:31 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-08-18 20:29 . 2010-04-03 08:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-18 14:14 . 2010-08-18 14:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-18 13:07 . 2010-07-20 11:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-13 12:10 . 2001-10-25 14:00 79424 ----a-w- c:\windows\system32\perfc005.dat
2010-08-13 12:10 . 2001-10-25 14:00 432386 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:51 . 2010-07-17 19:26 -------- d-----w- c:\program files\Panda Security
2010-08-08 09:45 . 2010-07-20 11:25 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-07 15:13 . 2010-03-27 20:28 -------- d-----w- c:\program files\Trillian
2010-08-06 22:00 . 2010-02-17 18:37 133520 ----a-w- c:\windows\BricoPackUninst.cmd
2010-08-04 10:27 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc93b.tmp
2010-08-04 10:25 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc9a9.tmp
2010-08-04 10:22 . 2010-04-14 17:05 106496 ----a-w- c:\windows\DUMPc60f.tmp
2010-08-02 09:54 . 2010-06-13 09:04 -------- d-----w- c:\program files\Safari
2010-07-29 18:29 . 2010-02-27 09:18 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-28 19:50 . 2010-03-04 16:17 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-28 19:50 . 2010-03-04 16:17 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-28 16:27 . 2010-08-19 12:52 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-28 16:27 . 2010-08-19 12:52 359016 ----a-w- c:\windows\vncutil.exe
2010-07-28 16:27 . 2010-08-19 12:52 1833576 ----a-w- c:\windows\SkyTel.exe
2010-07-28 16:27 . 2010-08-19 12:52 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-28 16:27 . 2010-08-19 12:52 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-28 16:27 . 2010-02-14 08:00 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-07-28 16:27 . 2010-08-19 12:52 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-07-28 16:27 . 2010-08-19 12:52 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-28 16:27 . 2010-08-19 12:52 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-07-28 16:27 . 2010-08-19 12:52 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-27 08:27 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-07-27 06:30 . 2010-08-15 09:44 8466432 ----a-w- c:\windows\system32\nsuD.tmp
2010-07-22 20:01 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-07-22 08:03 . 2010-07-22 08:03 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-07-21 09:03 . 2010-02-28 21:24 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-17 17:58 . 2010-04-24 08:05 -------- d-----w- c:\program files\DivX
2010-07-17 17:56 . 2010-07-17 17:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 17:55 . 2010-04-24 08:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 17:38 . 2010-07-10 09:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1(2)
2010-07-17 17:38 . 2010-07-10 09:24 -------- d-----w- c:\program files\Common Files\Java(2)
2010-07-17 17:37 . 2010-07-17 17:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-17 17:34 . 2010-07-17 17:34 -------- d-----w- c:\program files\All Ten Fingers
2010-07-17 17:34 . 2010-07-15 17:58 -------- d-----w- c:\program files\All Ten Fingers(2)
2010-07-15 14:36 . 2010-04-12 18:53 -------- d-----w- c:\program files\Valve
2010-07-09 22:38 . 2010-08-15 13:29 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys-nv1245
2010-07-09 11:18 . 2010-02-12 21:17 -------- d-----w- c:\program files\Common Files\CyberLink
2010-07-09 11:17 . 2010-03-20 11:58 -------- d-----w- c:\program files\IObit
2010-07-07 02:27 . 2010-04-11 19:18 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2010-08-18 14:14 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2010-08-18 14:14 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2010-08-18 14:14 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2010-08-18 14:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2010-04-11 19:23 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2010-04-11 19:23 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2010-08-18 14:14 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2010-08-18 14:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2010-08-18 14:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2010-08-18 14:14 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-08-18 14:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2010-04-11 19:23 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2010-08-18 14:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2010-08-18 14:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2010-08-18 14:14 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2010-08-18 14:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2010-08-18 14:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2010-08-18 14:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2010-04-11 19:23 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-06 11:58 . 2010-02-27 09:19 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-17 20:21 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-04 21:18 . 2010-07-01 10:25 -------- d-----w- c:\program files\Trend Micro
2010-07-04 14:36 . 2010-07-04 14:36 55572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-04 13:01 . 2010-02-16 20:34 -------- d-----w- c:\program files\7-Zip
2010-07-04 12:45 . 2010-02-19 15:16 -------- d-----w- c:\program files\AIMP2
2010-07-04 12:40 . 2010-02-20 09:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----r- c:\program files\Skype
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----w- c:\program files\Common Files\Skype
2010-07-02 20:25 . 2010-06-07 18:39 -------- d-----w- c:\program files\WinUtilities
2010-07-02 20:08 . 2010-07-02 20:08 -------- d-----w- c:\program files\FreeTime
2010-07-01 08:49 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-07-01 08:39 . 2010-06-17 14:05 -------- d-----w- c:\program files\Opera 10.60 Beta
2010-06-30 12:33 . 2010-03-21 11:47 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 08:35 . 2010-03-03 21:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-28 17:25 . 2010-02-24 16:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
.

------- Sigcheck -------

[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 15:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Butterfly\\Dokumenty\\My DAP Downloads\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Flow\\Flow.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2010-02-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-02-21 52224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-08-19 165456]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-09 13696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-06-01 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-08-19 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-19 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-06-13 23456]
S3 esihdrv;esihdrv; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-03-17 18944]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2010-03-17 11520]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-28 697328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zobrazit originál
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 12:51
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-08-21 12:55:47
ComboFix-quarantined-files.txt 2010-08-21 10:55
ComboFix2.txt 2010-08-21 08:31

Před spuštěním: Volných bajtů: 74,946,211,840
Po spuštění: Volných bajtů: 74,883,813,376

Current=48 Default=48 Failed=47 LastKnownGood=49 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49
- - End Of File - - 5A2B65FC65E0E3EF80B01A3D1AA3A4D6

Příspěvekod **jaro3** » 21 srp 2010 22:48

Odinstaluj:
Panda Security pokud už nemáš , nech.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\ezsidmv.dat
c:\windows\ativpsrm.bin
c:\windows\system32\d3d9caps.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
cc:\windows\system32\d3d8caps.dat
c:\windows\DUMPc93b.tmp
c:\windows\DUMPc9a9.tmp
c:\windows\DUMPc60f.tmp
c:\windows\ALCMTR.EXE
c:\windows\system32\nsuD.tmp
c:\windows\system32\mlfcache.dat
C:\32788R22FWJFW.1.tmp

Folder::
C:\32788R22FWJFW.1.tmp
c:\program files\Panda Security

Driver::
esihdrv

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\wuauclt.exe
c:\windows\explorer.exe

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

martin.efres · Příspěvekod **martin.efres** » 21 srp 2010 23:45

Pise mi to "instalace se nezdarila" ,psalo mi to uz predtim,ale nevim jak jsem to predtim vyresil. Muzu to udelat v nouzovem rezimu?Je v tom rozdil?

http://www.virustotal.com/file-scan/rep ... 1282249551
http://www.virustotal.com/file-scan/rep ... 1281896451

Příspěvekod **jaro3** » 22 srp 2010 00:02

"instalace se nezdarila" , jaká instalace, čeho?

pokud je to Combofix , tak můžeš v nouzáku , ale neměli by být žádné problémy , proč by to nešlo v normálním.

martin.efres · Příspěvekod **martin.efres** » 22 srp 2010 10:29

ComboFixu,,

http://img810.imageshack.us/f/11568970.jpg/

ComboFix 10-08-19.02 - Butterfly 2010-08-22 10:08:12.6.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.758 [GMT 2:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Butterfly\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"C:\32788R22FWJFW.1.tmp"
"c:\windows\ALCMTR.EXE"
"c:\windows\ativpsrm.bin"
"c:\windows\DUMPc60f.tmp"
"c:\windows\DUMPc93b.tmp"
"c:\windows\DUMPc9a9.tmp"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\mlfcache.dat"
"c:\windows\system32\nsuD.tmp"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW.1.tmp
c:\32788r22fwjfw.1.tmp\Assoc.cmd
c:\32788r22fwjfw.1.tmp\Auto-RC.cmd
c:\32788r22fwjfw.1.tmp\av.cmd
c:\32788r22fwjfw.1.tmp\av.vbs
c:\32788r22fwjfw.1.tmp\AWF.cmd
c:\32788r22fwjfw.1.tmp\badclsid.c
c:\32788r22fwjfw.1.tmp\Boot-Rk.cmd
c:\32788r22fwjfw.1.tmp\Boot.bat
c:\32788r22fwjfw.1.tmp\BootDrv.vbs
c:\32788r22fwjfw.1.tmp\BootSect.dll
c:\32788r22fwjfw.1.tmp\c.bat
c:\32788r22fwjfw.1.tmp\Catch-sub.cmd
c:\32788r22fwjfw.1.tmp\catchme.cfxxe
c:\32788r22fwjfw.1.tmp\CF-Script.cmd
c:\32788r22fwjfw.1.tmp\clsid.c
c:\32788r22fwjfw.1.tmp\cmd.cfxxe
c:\32788r22fwjfw.1.tmp\Combobatch.bat
c:\32788r22fwjfw.1.tmp\ComboFix-Download.cfxxe
c:\32788r22fwjfw.1.tmp\Create.cmd
c:\32788r22fwjfw.1.tmp\Creg.dat
c:\32788r22fwjfw.1.tmp\CregC.cmd
c:\32788r22fwjfw.1.tmp\CregC.dat
c:\32788r22fwjfw.1.tmp\CSet.cmd
c:\32788r22fwjfw.1.tmp\dd.cfxxe
c:\32788r22fwjfw.1.tmp\ddsDo.sed
c:\32788r22fwjfw.1.tmp\DelClsid.bat
c:\32788r22fwjfw.1.tmp\DelClsid64.bat
c:\32788r22fwjfw.1.tmp\Dnl.dat
c:\32788r22fwjfw.1.tmp\DPF.str
c:\32788r22fwjfw.1.tmp\DrvRun.vbs
c:\32788r22fwjfw.1.tmp\dumphive.cfxxe
c:\32788r22fwjfw.1.tmp\embedded.sed
c:\32788r22fwjfw.1.tmp\ERDNT.e_e
c:\32788r22fwjfw.1.tmp\ERDNTDOS.LOC
c:\32788r22fwjfw.1.tmp\ERDNTWIN.LOC
c:\32788r22fwjfw.1.tmp\ERUNT.cfxxe
c:\32788r22fwjfw.1.tmp\ERUNT.LOC
c:\32788r22fwjfw.1.tmp\Exe.reg
c:\32788r22fwjfw.1.tmp\extract.cfxxe
c:\32788r22fwjfw.1.tmp\FD-SV.cmd
c:\32788r22fwjfw.1.tmp\ffdefstr.dll
c:\32788r22fwjfw.1.tmp\FileKill.cfxxe
c:\32788r22fwjfw.1.tmp\files.pif
c:\32788r22fwjfw.1.tmp\Fin.dat
c:\32788r22fwjfw.1.tmp\FIND3M.bat
c:\32788r22fwjfw.1.tmp\FIXLSP.bat
c:\32788r22fwjfw.1.tmp\FKMGen.cmd
c:\32788r22fwjfw.1.tmp\GetHive.cmd
c:\32788r22fwjfw.1.tmp\grep.cfxxe
c:\32788r22fwjfw.1.tmp\gsar.cfxxe
c:\32788r22fwjfw.1.tmp\handle.cfxxe
c:\32788r22fwjfw.1.tmp\hidec.exe
c:\32788r22fwjfw.1.tmp\history.bat
c:\32788r22fwjfw.1.tmp\hwid.pif
c:\32788r22fwjfw.1.tmp\CHCP.bat
c:\32788r22fwjfw.1.tmp\iexplore.exe
c:\32788r22fwjfw.1.tmp\image001.gif
c:\32788r22fwjfw.1.tmp\Install-RC.cmd
c:\32788r22fwjfw.1.tmp\katch.cmd
c:\32788r22fwjfw.1.tmp\Kill-All.cmd
c:\32788r22fwjfw.1.tmp\Lang.bat
c:\32788r22fwjfw.1.tmp\License\Curl - license.txt
c:\32788r22fwjfw.1.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.1.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.1.tmp\License\FI - license.txt
c:\32788r22fwjfw.1.tmp\License\iexplore.exe
c:\32788r22fwjfw.1.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.1.tmp\License\ncmd.cfxxe
c:\32788r22fwjfw.1.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.1.tmp\License\streamtools.zip
c:\32788r22fwjfw.1.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.1.tmp\License\UnxUtilsDist.pif
c:\32788r22fwjfw.1.tmp\License\Zip - license.txt
c:\32788r22fwjfw.1.tmp\List-B.bat
c:\32788r22fwjfw.1.tmp\List-C.bat
c:\32788r22fwjfw.1.tmp\List-D.bat
c:\32788r22fwjfw.1.tmp\List.bat
c:\32788r22fwjfw.1.tmp\lnkread.vbs
c:\32788r22fwjfw.1.tmp\LocalService.dat
c:\32788r22fwjfw.1.tmp\LocalServiceNetworkRestricted.dat
c:\32788r22fwjfw.1.tmp\LocalSystemNetworkRestricted.dat
c:\32788r22fwjfw.1.tmp\mbr.cfxxe
c:\32788r22fwjfw.1.tmp\md5sum.pif
c:\32788r22fwjfw.1.tmp\md5sum00.pif
c:\32788r22fwjfw.1.tmp\MoveIt.bat
c:\32788r22fwjfw.1.tmp\mtee.cfxxe
c:\32788r22fwjfw.1.tmp\mynul.dat
c:\32788r22fwjfw.1.tmp\n.pif
c:\32788r22fwjfw.1.tmp\N_\13287
c:\32788r22fwjfw.1.tmp\N_\14576
c:\32788r22fwjfw.1.tmp\N_\15744
c:\32788r22fwjfw.1.tmp\N_\20089
c:\32788r22fwjfw.1.tmp\N_\227
c:\32788r22fwjfw.1.tmp\N_\3937
c:\32788r22fwjfw.1.tmp\N_\5350
c:\32788r22fwjfw.1.tmp\N_\7683
c:\32788r22fwjfw.1.tmp\ncmd.com
c:\32788r22fwjfw.1.tmp\ND_.bat
c:\32788r22fwjfw.1.tmp\ndis_combofix.dat
c:\32788r22fwjfw.1.tmp\netsvc.bad.dat
c:\32788r22fwjfw.1.tmp\netsvc.dat
c:\32788r22fwjfw.1.tmp\netsvc.vista.dat
c:\32788r22fwjfw.1.tmp\netsvc.xp.dat
c:\32788r22fwjfw.1.tmp\NetworkService.dat
c:\32788r22fwjfw.1.tmp\NirCmd.cfxxe
c:\32788r22fwjfw.1.tmp\NirCmd.chm
c:\32788r22fwjfw.1.tmp\NircmdB.exe
c:\32788r22fwjfw.1.tmp\NirCmdC.cfxxe
c:\32788r22fwjfw.1.tmp\NT-OS.cmd
c:\32788r22fwjfw.1.tmp\OSid.vbs
c:\32788r22fwjfw.1.tmp\OsVer
c:\32788r22fwjfw.1.tmp\P.cmd
c:\32788r22fwjfw.1.tmp\pausep.cfxxe
c:\32788r22fwjfw.1.tmp\PEV.cfxxe
c:\32788r22fwjfw.1.tmp\pev.exe
c:\32788r22fwjfw.1.tmp\Policies.dat
c:\32788r22fwjfw.1.tmp\powp.dat
c:\32788r22fwjfw.1.tmp\prep.done
c:\32788r22fwjfw.1.tmp\Prep.inf
c:\32788r22fwjfw.1.tmp\Purity.dat
c:\32788r22fwjfw.1.tmp\pv.com
c:\32788r22fwjfw.1.tmp\pv.exe
c:\32788r22fwjfw.1.tmp\RCLink.dat
c:\32788r22fwjfw.1.tmp\REGDACL.sed
c:\32788r22fwjfw.1.tmp\RegDo.sed
c:\32788r22fwjfw.1.tmp\region.dat
c:\32788r22fwjfw.1.tmp\RegScan.cmd
c:\32788r22fwjfw.1.tmp\RegScan64.cmd
c:\32788r22fwjfw.1.tmp\restore_pt.vbs
c:\32788r22fwjfw.1.tmp\Rkey.cmd
c:\32788r22fwjfw.1.tmp\rogues.dat
c:\32788r22fwjfw.1.tmp\run2.sed
c:\32788r22fwjfw.1.tmp\Rust.str
c:\32788r22fwjfw.1.tmp\safeboot.dat
c:\32788r22fwjfw.1.tmp\safeboot.def.dat
c:\32788r22fwjfw.1.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.1.tmp\Safeboot.def.w7.dat
c:\32788r22fwjfw.1.tmp\sed.cfxxe
c:\32788r22fwjfw.1.tmp\Set.txt
c:\32788r22fwjfw.1.tmp\SetEnvmt.bat
c:\32788r22fwjfw.1.tmp\setpath.cfxxe
c:\32788r22fwjfw.1.tmp\SnapShot.cmd
c:\32788r22fwjfw.1.tmp\SRestore.cmd
c:\32788r22fwjfw.1.tmp\srizbi.md5
c:\32788r22fwjfw.1.tmp\SuppScan.cmd
c:\32788r22fwjfw.1.tmp\svc_wht.dat
c:\32788r22fwjfw.1.tmp\SvcDrv.vbs
c:\32788r22fwjfw.1.tmp\svchost.dat
c:\32788r22fwjfw.1.tmp\svchost.vista.dat
c:\32788r22fwjfw.1.tmp\svchost.w7.dat
c:\32788r22fwjfw.1.tmp\svchost.w7.x64.dat
c:\32788r22fwjfw.1.tmp\SWREG.cfxxe
c:\32788r22fwjfw.1.tmp\swreg.exe
c:\32788r22fwjfw.1.tmp\swsc.cfxxe
c:\32788r22fwjfw.1.tmp\swxcacls.cfxxe
c:\32788r22fwjfw.1.tmp\system_ini.dat
c:\32788r22fwjfw.1.tmp\tail.cfxxe
c:\32788r22fwjfw.1.tmp\toolbar.sed
c:\32788r22fwjfw.1.tmp\Update-CF.cmd
c:\32788r22fwjfw.1.tmp\VerCF.bat
c:\32788r22fwjfw.1.tmp\VInfo
c:\32788r22fwjfw.1.tmp\VInfo2
c:\32788r22fwjfw.1.tmp\Vipev.dat
c:\32788r22fwjfw.1.tmp\vistaMcode.dat
c:\32788r22fwjfw.1.tmp\vistareg.dat
c:\32788r22fwjfw.1.tmp\vun.dat
c:\32788r22fwjfw.1.tmp\VwinTemp.dacl
c:\32788r22fwjfw.1.tmp\w_sock.dll
c:\32788r22fwjfw.1.tmp\w2k_sock.dll
c:\32788r22fwjfw.1.tmp\w2kreg.dat
c:\32788r22fwjfw.1.tmp\w7Mcode.dat
c:\32788r22fwjfw.1.tmp\w7reg.dat
c:\32788r22fwjfw.1.tmp\Wmi_rem.vbs
c:\32788r22fwjfw.1.tmp\XP.mac
c:\32788r22fwjfw.1.tmp\xpmcode.dat
c:\32788r22fwjfw.1.tmp\xpreg.dat
c:\32788r22fwjfw.1.tmp\XPSBoot.reg
c:\32788r22fwjfw.1.tmp\zDomain.dat
c:\32788r22fwjfw.1.tmp\zhsvc.dat
c:\32788r22fwjfw.1.tmp\zip.cfxxe
c:\program files\Panda Security
c:\windows\ALCMTR.EXE
c:\windows\ativpsrm.bin
c:\windows\DUMPc60f.tmp
c:\windows\DUMPc93b.tmp
c:\windows\DUMPc9a9.tmp
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\nsuD.tmp
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-22 do 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 07:59 . 2010-08-22 08:00 -------- d-----w- C:\32788R22FWJFW.5.tmp
2010-08-21 21:52 . 2010-08-22 07:59 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-08-21 21:50 . 2010-08-21 21:52 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-08-21 21:49 . 2010-08-21 21:50 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-08-21 16:40 . 2010-08-21 21:37 -------- d-----w- C:\Downloads
2010-08-21 16:40 . 2010-08-21 16:40 -------- d-----w- c:\program files\Orbitdownloader
2010-08-21 16:36 . 2010-08-21 16:37 -------- d-----w- c:\program files\Free Download Manager
2010-08-21 08:44 . 2010-08-21 08:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-21 08:15 . 2010-08-21 08:43 -------- d-----w- C:\ComboFix(2)
2010-08-20 20:08 . 2010-08-21 08:43 -------- d-----w- C:\32788R22FWJFW(2)
2010-08-20 16:52 . 2010-08-20 16:52 -------- d-----w- c:\documents and settings\Butterfly\DoctorWeb
2010-08-19 20:12 . 2010-08-19 20:12 -------- d-----w- C:\VritualRoot
2010-08-19 20:09 . 2010-08-19 20:09 -------- d-----w- c:\program files\COMODO
2010-08-19 19:14 . 2010-08-19 19:29 -------- d-----w- c:\program files\Sunbelt Software
2010-08-19 17:54 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-19 17:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-19 17:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-19 17:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-19 17:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-19 17:50 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-19 17:50 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-19 17:50 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-19 17:49 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-19 17:47 . 2010-08-19 17:49 -------- d-----w- c:\program files\Alwil Software
2010-08-19 12:51 . 2010-07-27 11:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-08-18 14:13 . 2010-08-18 14:13 -------- d-----w- C:\ATI
2010-08-18 13:00 . 2010-08-18 14:14 -------- d-----w- c:\program files\ATI
2010-08-18 12:39 . 2010-08-18 14:15 -------- d-----w- c:\program files\ATI Technologies
2010-08-16 09:13 . 2010-08-16 09:13 -------- d-----w- C:\PFiles
2010-08-15 10:50 . 2010-08-18 12:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-07 08:19 . 2009-06-16 17:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-08-07 08:19 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-08-07 08:19 . 2006-10-27 15:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-08-06 21:55 . 2010-08-06 22:00 217 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-08-05 07:14 . 2010-08-05 07:15 -------- d-----w- c:\windows\NV35361800.TMP
2010-08-04 08:12 . 2010-08-04 08:12 -------- d-----w- c:\windows\NV23721612.TMP
2010-08-01 12:53 . 2010-08-01 13:00 -------- d-----w- c:\windows\NV33763424.TMP
2010-08-01 11:58 . 2010-08-01 11:58 -------- d-----w- c:\windows\NV40402576.TMP
2010-07-30 21:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-07-30 20:58 . 2010-07-30 21:49 -------- d-----w- c:\program files\Image-Line
2010-07-30 16:16 . 2010-07-30 16:18 -------- d-----w- c:\program files\Sony
2010-07-30 16:12 . 2010-07-30 16:12 -------- d-----w- c:\program files\Sony Setup
2010-07-28 19:47 . 2010-07-28 19:47 -------- d-----w- c:\program files\Futuremark
2010-07-27 21:21 . 2010-07-27 21:21 -------- d-----w- c:\program files\Zoner
2010-07-25 09:26 . 2010-07-25 09:26 -------- d-----w- c:\documents and settings\Butterfly\.thumbnails
2010-07-25 09:20 . 2010-08-07 07:38 -------- d-----w- c:\documents and settings\Butterfly\.gimp-2.6
2010-07-25 09:18 . 2010-07-25 09:18 -------- d-----w- c:\program files\GIMP-2.0
2010-07-24 17:17 . 2010-07-24 20:08 -------- d-----w- c:\program files\Yahoo!
2010-07-23 08:42 . 2010-07-23 09:06 -------- d-----w- c:\windows\nvidia icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 21:30 . 2010-03-08 11:38 -------- d-----w- c:\program files\Steam
2010-08-21 16:58 . 2010-07-17 17:53 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-08-19 19:47 . 2010-02-12 21:12 -------- d-----w- c:\program files\Google
2010-08-19 19:35 . 2010-07-01 09:01 -------- d-----w- c:\program files\QuickTime
2010-08-19 12:52 . 2010-08-19 12:52 -------- d-----w- c:\program files\Realtek
2010-08-19 12:52 . 2010-02-09 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-19 12:29 . 2010-02-11 16:04 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-08-19 09:01 . 2010-06-06 07:45 -------- d-----w- c:\program files\Defraggler
2010-08-19 08:58 . 2010-07-04 12:24 -------- d-----w- c:\program files\FileHippo.com
2010-08-18 21:09 . 2010-03-04 21:09 -------- d-----w- c:\program files\Samsung
2010-08-18 20:31 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-08-18 20:29 . 2010-04-03 08:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-08 09:45 . 2010-07-20 11:25 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-07 15:13 . 2010-03-27 20:28 -------- d-----w- c:\program files\Trillian
2010-08-06 22:00 . 2010-02-17 18:37 133520 ----a-w- c:\windows\BricoPackUninst.cmd
2010-08-02 09:54 . 2010-06-13 09:04 -------- d-----w- c:\program files\Safari
2010-07-29 18:29 . 2010-02-27 09:18 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-28 19:50 . 2010-03-04 16:17 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-28 19:50 . 2010-03-04 16:17 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-28 16:27 . 2010-08-19 12:52 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-28 16:27 . 2010-08-19 12:52 359016 ----a-w- c:\windows\vncutil.exe
2010-07-28 16:27 . 2010-08-19 12:52 1833576 ----a-w- c:\windows\SkyTel.exe
2010-07-28 16:27 . 2010-08-19 12:52 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-28 16:27 . 2010-08-19 12:52 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-28 16:27 . 2010-02-14 08:00 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-07-28 16:27 . 2010-08-19 12:52 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-07-28 16:27 . 2010-08-19 12:52 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-28 16:27 . 2010-08-19 12:52 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-28 16:27 . 2010-08-19 12:52 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-27 08:27 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-07-22 20:01 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-07-22 08:03 . 2010-07-22 08:03 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-07-21 09:03 . 2010-02-28 21:24 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-17 17:58 . 2010-04-24 08:05 -------- d-----w- c:\program files\DivX
2010-07-17 17:56 . 2010-07-17 17:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 17:55 . 2010-04-24 08:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 17:38 . 2010-07-10 09:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1(2)
2010-07-17 17:38 . 2010-07-10 09:24 -------- d-----w- c:\program files\Common Files\Java(2)
2010-07-17 17:37 . 2010-07-17 17:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-17 17:34 . 2010-07-17 17:34 -------- d-----w- c:\program files\All Ten Fingers
2010-07-17 17:34 . 2010-07-15 17:58 -------- d-----w- c:\program files\All Ten Fingers(2)
2010-07-15 14:36 . 2010-04-12 18:53 -------- d-----w- c:\program files\Valve
2010-07-09 22:38 . 2010-08-15 13:29 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys-nv1245
2010-07-09 11:18 . 2010-02-12 21:17 -------- d-----w- c:\program files\Common Files\CyberLink
2010-07-09 11:17 . 2010-03-20 11:58 -------- d-----w- c:\program files\IObit
2010-07-07 02:27 . 2010-04-11 19:18 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2010-08-18 14:14 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2010-08-18 14:14 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2010-08-18 14:14 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2010-08-18 14:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2010-04-11 19:23 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2010-04-11 19:23 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2010-08-18 14:14 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2010-08-18 14:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2010-08-18 14:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2010-08-18 14:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2010-08-18 14:14 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-08-18 14:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2010-04-11 19:23 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2010-08-18 14:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2010-08-18 14:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2010-08-18 14:14 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2010-08-18 14:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2010-08-18 14:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2010-08-18 14:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2010-04-11 19:23 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2010-08-18 14:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2010-08-18 14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-06 11:58 . 2010-02-27 09:19 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-17 20:21 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-04 21:18 . 2010-07-01 10:25 -------- d-----w- c:\program files\Trend Micro
2010-07-04 13:01 . 2010-02-16 20:34 -------- d-----w- c:\program files\7-Zip
2010-07-04 12:45 . 2010-02-19 15:16 -------- d-----w- c:\program files\AIMP2
2010-07-04 12:40 . 2010-02-20 09:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----r- c:\program files\Skype
2010-07-04 12:33 . 2010-07-04 12:33 -------- d-----w- c:\program files\Common Files\Skype
2010-07-02 20:25 . 2010-06-07 18:39 -------- d-----w- c:\program files\WinUtilities
2010-07-02 20:08 . 2010-07-02 20:08 -------- d-----w- c:\program files\FreeTime
2010-07-01 08:49 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-07-01 08:39 . 2010-06-17 14:05 -------- d-----w- c:\program files\Opera 10.60 Beta
2010-06-30 12:33 . 2010-03-21 11:47 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 08:35 . 2010-03-03 21:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-28 17:25 . 2010-02-24 16:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-28 08:00 . 2010-06-30 08:34 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-26 08:02 . 2010-02-28 20:04 -------- d-----w- c:\program files\PKR
2010-06-24 12:27 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2010-03-21 11:47 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 19:30 . 2010-06-23 19:30 -------- d-----w- c:\program files\XP TCPIP Repair
2010-06-23 19:08 . 2010-06-23 19:08 -------- d-----w- c:\program files\VS Revo Group
2010-06-21 15:27 . 2010-03-21 11:47 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-17 13:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-09 21:13 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-17 13:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 21:07 . 2010-06-13 21:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
.

------- Sigcheck -------

[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-21_10.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 08:17 . 2010-08-22 08:17 16384 c:\windows\temp\Perflib_Perfdata_7a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 15:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Butterfly\\Dokumenty\\My DAP Downloads\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Flow\\Flow.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2010-02-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-02-21 52224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-08-19 165456]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-09 13696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-06-01 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-08-19 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-19 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-06-13 23456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-03-17 18944]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2010-03-17 11520]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-28 697328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Zobrazit originál
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 10:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-08-22 10:23:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-22 08:23
ComboFix2.txt 2010-08-21 10:55
ComboFix3.txt 2010-08-21 08:31

Před spuštěním: Volných bajtů: 74,346,016,768
Po spuštění: Volných bajtů: 74,216,357,888

Current=48 Default=48 Failed=47 LastKnownGood=49 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49
- - End Of File - - AC7EEC52ABF1DBFEE14F59AF46314286

Příspěvekod **jaro3** » 22 srp 2010 11:24

Protože tam máš dva Combofixy...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\d3d8caps.dat

Folder::
C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW(2)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

preventivka - stav pc Vyřešeno

preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Re: preventivka - stav pc

Kdo je online