Prosím o kontrolu logu

SoNyX · Příspěvekod **SoNyX** » 08 říj 2010 20:02

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:42, on 8.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Plocha\TempCore\Core Temp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\Owner\Plocha\TempCore\Core Temp.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file:///C:/Program%20Files/EA%20SPORTS/FIFA%202004/update.1.1/patchx2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7936332984
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 8457 bytes

Reklama

Příspěvekod **memphisto** » 08 říj 2010 21:27

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7936332984
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

SoNyX · Příspěvekod **SoNyX** » 09 říj 2010 15:14

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8.10.2010 21:46:53
mbam-log-2010-10-08 (21-46-53).txt

Typ skenu: Rychlý sken
Skenované objekty: 125534
Uplynulý čas: 5 minuta(y), 33 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Owner\pod.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

----
P.S.: Je lepší ATF Cleaner či CCleaner ?

Příspěvekod **memphisto** » 09 říj 2010 15:27

Každý je na něco jiného, takže řiď se příkazy. CCleaner čistí registry, odinstalovává apod. ATF je pouze čistič.

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

SoNyX · Příspěvekod **SoNyX** » 09 říj 2010 18:10

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.10.2010 17:59:55
mbam-log-2010-10-09 (17-59-55).txt

Typ skenu: Rychlý sken
Skenované objekty: 126322
Uplynulý čas: 7 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe

"%1") -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Owner\pod.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

SoNyX · Příspěvekod **SoNyX** » 09 říj 2010 19:28

Logu od ComboFixu se asi nedočkáme.
Jel jsem podle pokynů a tak mi to restartlo PC. Po startu systému se mi objevil ComboFix, vytvořil bod obnovy, stáhl konzoli zotavení (nebo něco takového) a pak jel všech 50 fází, pak sem si všiml textu "mažu soubory:" a ejhle modrá obrazovka, tak sem restartoval PC.
Vypl rezidentní śtít a zapl znova ComboFix, ten se spustil přímo v systému a jel znova 50 fází, pak restartoval PC a na C: se akorát objevila složka s ikonkou "tento počítač" s názvem ComboFix. Nikde žádný Combofix.txt, akorát mi teď po každém startu systému vyhodí chybu něco s Microsoft Windows.
------------------------
Zkusím ho spustit v nouzovém režimu :)

SoNyX · Příspěvekod **SoNyX** » 09 říj 2010 20:12

Aleluja, dočkal jsem se :)
A omlouvám se za triple post :/
----------------------------------------------------

ComboFix 10-10-08.01 - Owner 09.10.2010 19:51:02.6.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2495.2205 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Data aplikací\PriceGong
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Owner\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Owner\video-converter-ultimate5.exe
C:\install.exe
c:\program files\INSTALL.LOG
c:\windows\system32\_000010_.tmp.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-09 do 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 15:48 . 2010-10-09 15:51 -------- d-----w- c:\program files\Uplink
2010-10-08 19:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 19:40 . 2010-10-08 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 19:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-08 17:56 . 2010-10-08 17:56 388096 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-05 11:48 . 2010-10-05 11:48 -------- d-----w- C:\found.000
2010-09-28 15:43 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-09-28 15:43 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-09-28 15:42 . 2009-03-20 08:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-09-28 15:42 . 2009-03-20 08:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-09-28 15:42 . 2009-03-20 08:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-09-28 15:42 . 2010-09-28 15:42 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-09-28 15:41 . 2009-03-31 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-09-28 15:41 . 2009-03-31 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-09-28 15:41 . 2009-03-31 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-09-28 15:41 . 2010-09-28 15:41 -------- d-----w- c:\program files\MarkAny
2010-09-28 15:41 . 2010-09-28 15:43 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-28 15:40 . 2010-09-28 15:43 -------- d-----w- c:\program files\Samsung
2010-09-24 14:54 . 2010-09-24 14:56 -------- d-----w- c:\program files\Free SMTP Server
2010-09-10 18:01 . 2010-09-10 18:01 10240 ----a-w- c:\documents and settings\Owner\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 17:52 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-10-09 17:52 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-10-08 19:34 . 2009-08-24 20:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-28 15:41 . 2009-03-24 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 15:38 . 2009-03-25 08:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-27 10:50 . 2009-03-24 22:09 188152 ----a-w- c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\FlashGot.exe
2010-09-15 15:02 . 2009-03-24 23:19 -------- d-----w- c:\program files\Opera
2010-09-11 11:09 . 2009-07-09 17:53 -------- d-----w- c:\program files\ESET
2010-09-11 10:53 . 2009-03-28 17:49 -------- d-----w- c:\program files\JetAudio
2010-09-11 10:50 . 2009-06-08 16:59 -------- d-----w- c:\program files\Apple Software Update
2010-09-11 10:44 . 2010-05-15 20:24 -------- d-----w- c:\program files\Google
2010-09-11 10:43 . 2009-04-11 13:15 -------- d-----w- c:\program files\NCH Software
2010-09-11 10:43 . 2009-03-24 22:16 -------- d-----w- c:\program files\BSplayerPro
2010-09-11 10:43 . 2009-04-23 17:32 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-11 10:40 . 2010-05-20 12:58 -------- d-----w- c:\program files\Share Rapid Uploader
2010-09-10 17:29 . 2010-06-22 12:28 -------- d-----w- c:\program files\Rockstar Custom Tracks
2010-09-10 17:19 . 2010-04-21 13:34 -------- d-----w- c:\program files\IObit
2010-09-10 11:02 . 2010-07-20 16:30 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-03 21:07 . 2010-06-30 10:41 -------- d-----w- c:\program files\Valve
2010-08-30 17:22 . 2010-01-26 14:28 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-08-24 20:30 . 2010-07-03 14:53 -------- d-----w- c:\program files\ICQ7.2
2010-08-19 22:02 . 2010-05-02 13:44 1 ----a-w- c:\documents and settings\Owner\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-18 21:37 . 2009-03-24 22:34 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-18 21:30 . 2009-10-20 16:11 -------- d-----w- c:\program files\Trainer Maker 4 for Windows
2010-08-18 21:30 . 2009-04-23 17:35 -------- d-----w- c:\program files\The FilmMachine
2010-08-18 21:29 . 2009-03-25 07:27 -------- d-----r- c:\program files\Skype
2010-08-18 15:36 . 2009-03-27 19:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-17 20:26 . 2010-08-17 20:24 5267 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-08-17 20:26 . 2009-03-24 22:18 72066 -c--a-w- c:\windows\BricoPackUninst.cmd
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-24 17:03 . 2010-07-24 17:03 1449984 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{87C24822-389C-45AA-9E75-0757B8F1A892}\kaiEngine.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 14:20 . 2009-04-13 16:17 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 18:46 . 2010-07-16 16:25 165232 ---ha-w- c:\documents and settings\Owner\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2003-12-18 09:33 . 2009-08-31 12:08 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-08-31 12:08 10960 -c--a-w- c:\program files\EULA.txt
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2010-06-24 . C082E5EC8E50C92E23E3464EF7F05410 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . EC110FF1423C821FC7D135AAA2A89B10 . 6225408 . . [8.00.6001.18939] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-06-24 . EC110FF1423C821FC7D135AAA2A89B10 . 6225408 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[7] 2010-06-24 . 5110C2044FF335AC363EECEA920F6DF2 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 06B941C7749A9F071444B4C7563F36B5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . 3F88F981AA7BC20744E0D2C699F500EF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . F6B19C3520F8F33ED4E86B97E5FED45A . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . 8BE0CC683F604CA2DA29589DA96D6FD1 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . B459C87AA60BADADF3F0887737889CFF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 3E902BD4D0EFB9E73C515DD3DEB6003B . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 8097658FEC4E7E65C8A63E6B7B2B0921 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . F343C3CE6026ADE482D48B2D4F881A1D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . D6DA6137433E02999C1229DC692250CD . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 53FF3AE6C6C6F7888E845C6A755D5C09 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 3BABDB8AAEED25E0EFE23561C1A2BCE1 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . E96A0BE36C7FAE3539B162C6F1A1800C . 6210560 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2006-03-02 . CA71E7A74C41D1435D47E1A33A433230 . 3511296 . . [6.00.2900.2853] . . c:\windows\ie8\mshtml.dll
[-] 2006-02-21 . CDD766C610E7DE86CCE91CD339C79BCF . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

[7] 2010-06-24 . D2B5FCDB99A3321C1B9B8A12A6D56AD8 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 715F435D75352E23FD6B72234B5520A2 . 907264 . . [8.00.6001.18939] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-06-24 . 715F435D75352E23FD6B72234B5520A2 . 907264 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[7] 2010-06-24 . EF345C39AD3FBBD239627EDD99793CF1 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-06 . B7ECEF0CCF63119356E174A78C185171 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . 72064DA077E9D6912F39438D97CC0C60 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 4A4C190879347A0064731F39610F1F72 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . 75A4A1378971D84FF6A7D766F4A7BC59 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 37CFE7928711C8157CF4D191F0EF5F69 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . F658908845F3EB727FEF4769ED0E52FE . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . FCD887F2BA15CD8D95F8D70766D42739 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 0C20BF283DE5BA50060240383B8AA41C . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 9122013C5668D967C4AE7F52252898DE . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2006-03-02 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-03-02 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Core Temp"="c:\documents and settings\Owner\Plocha\TempCore\Core Temp.exe" [2009-08-04 378384]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-09 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2010-10-5 125952]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Nabídka Start^Programy^Po spuštění^PSPdisp.lnk]
path=c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\PSPdisp.lnk
backup=c:\windows\pss\PSPdisp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-06-05 11:38 468408 ----a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PSPdisp\\bin\\app\\PSPdisp.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.1.101/255.255.255.255:Enabled:@xpsp2res.dll,-22004
"6112:TCP"= 6112:TCP:Battle.net
"6112:UDP"= 6112:UDP:Battle.net
"80:UDP"= 80:UDP:80
"8000:TCP"= 8000:TCP:Vysílání
"8000:UDP"= 8000:UDP:Vysílání
"8001:TCP"= 8001:TCP:Vysílání
"8001:UDP"= 8001:UDP:Vysílání
"6113:TCP"= 6113:TCP:GHost
"6113:UDP"= 6113:UDP:GHost
"5900:TCP"= 5900:TCP:VNC
"5900:UDP"= 5900:UDP:VNC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [24.4.2010 19:43 53760]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28.9.2010 17:41 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2010 22:24 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28.9.2010 17:41 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp [?]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [3.5.2007 1:48 55296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [28.1.2010 16:14 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 oflpydin;oflpydin;\??\c:\docume~1\Owner\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\Owner\LOCALS~1\Temp\oflpydin.sys [?]
S3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [13.2.2010 17:19 3072]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [26.1.2010 16:28 36928]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [28.9.2010 17:42 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [28.9.2010 17:42 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [28.9.2010 17:42 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [17.7.2009 19:43 23480]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [16.4.2009 14:15 500736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.3.2009 8:56 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-SONYX-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-10 12:09]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 20:24]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 20:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - prefs.js: browser.search.selectedEngine - Torrentz Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-10-09 20:00:57
ComboFix-quarantined-files.txt 2010-10-09 18:00

Před spuštěním: Volných bajtů: 17 780 924 416
Po spuštění: Volných bajtů: 17 785 442 304

- - End Of File - - 5FAC1C1755B550BCC38960EEC4E42BAB

Příspěvekod **memphisto** » 10 říj 2010 14:45

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

Folder::
C:\found.000

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... -us&query=
FF - prefs.js: browser.search.selectedEngine - Torrentz Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

SoNyX · Příspěvekod **SoNyX** » 10 říj 2010 15:33

ComboFix 10-10-08.01 - Owner 10.10.2010 15:17:30.8.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2495.2205 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\file0000.chk
c:\found.000\file0001.chk
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-10 do 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-09 15:48 . 2010-10-10 12:52 -------- d-----w- c:\program files\Uplink
2010-10-08 19:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 19:40 . 2010-10-08 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 19:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-08 17:56 . 2010-10-08 17:56 388096 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 15:43 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-09-28 15:43 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-09-28 15:42 . 2009-03-20 08:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-09-28 15:42 . 2009-03-20 08:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-09-28 15:42 . 2009-03-20 08:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-09-28 15:42 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-09-28 15:42 . 2010-09-28 15:42 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-09-28 15:41 . 2009-03-31 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-09-28 15:41 . 2009-03-31 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-09-28 15:41 . 2009-03-31 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-09-28 15:41 . 2010-09-28 15:41 -------- d-----w- c:\program files\MarkAny
2010-09-28 15:41 . 2010-09-28 15:43 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-28 15:40 . 2010-09-28 15:43 -------- d-----w- c:\program files\Samsung
2010-09-24 14:54 . 2010-09-24 14:56 -------- d-----w- c:\program files\Free SMTP Server
2010-09-10 18:01 . 2010-09-10 18:01 10240 ----a-w- c:\documents and settings\Owner\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 19:34 . 2009-08-24 20:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-28 15:41 . 2009-03-24 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 15:38 . 2009-03-25 08:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-27 10:50 . 2009-03-24 22:09 188152 ----a-w- c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\FlashGot.exe
2010-09-15 15:02 . 2009-03-24 23:19 -------- d-----w- c:\program files\Opera
2010-09-11 11:09 . 2009-07-09 17:53 -------- d-----w- c:\program files\ESET
2010-09-11 10:53 . 2009-03-28 17:49 -------- d-----w- c:\program files\JetAudio
2010-09-11 10:50 . 2009-06-08 16:59 -------- d-----w- c:\program files\Apple Software Update
2010-09-11 10:44 . 2010-05-15 20:24 -------- d-----w- c:\program files\Google
2010-09-11 10:43 . 2009-04-11 13:15 -------- d-----w- c:\program files\NCH Software
2010-09-11 10:43 . 2009-03-24 22:16 -------- d-----w- c:\program files\BSplayerPro
2010-09-11 10:43 . 2009-04-23 17:32 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-11 10:40 . 2010-05-20 12:58 -------- d-----w- c:\program files\Share Rapid Uploader
2010-09-10 17:29 . 2010-06-22 12:28 -------- d-----w- c:\program files\Rockstar Custom Tracks
2010-09-10 17:19 . 2010-04-21 13:34 -------- d-----w- c:\program files\IObit
2010-09-10 11:02 . 2010-07-20 16:30 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-03 21:07 . 2010-06-30 10:41 -------- d-----w- c:\program files\Valve
2010-08-30 17:22 . 2010-01-26 14:28 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-08-24 20:30 . 2010-07-03 14:53 -------- d-----w- c:\program files\ICQ7.2
2010-08-19 22:02 . 2010-05-02 13:44 1 ----a-w- c:\documents and settings\Owner\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-18 21:37 . 2009-03-24 22:34 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-18 21:30 . 2009-10-20 16:11 -------- d-----w- c:\program files\Trainer Maker 4 for Windows
2010-08-18 21:30 . 2009-04-23 17:35 -------- d-----w- c:\program files\The FilmMachine
2010-08-18 21:29 . 2009-03-25 07:27 -------- d-----r- c:\program files\Skype
2010-08-18 15:36 . 2009-03-27 19:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-17 20:26 . 2010-08-17 20:24 5267 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-08-17 20:26 . 2009-03-24 22:18 72066 -c--a-w- c:\windows\BricoPackUninst.cmd
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-24 17:03 . 2010-07-24 17:03 1449984 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{87C24822-389C-45AA-9E75-0757B8F1A892}\kaiEngine.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 14:20 . 2009-04-13 16:17 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-18 18:46 . 2010-07-16 16:25 165232 ---ha-w- c:\documents and settings\Owner\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2003-12-18 09:33 . 2009-08-31 12:08 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-08-31 12:08 10960 -c--a-w- c:\program files\EULA.txt
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2010-06-24 . C082E5EC8E50C92E23E3464EF7F05410 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . EC110FF1423C821FC7D135AAA2A89B10 . 6225408 . . [8.00.6001.18939] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-06-24 . EC110FF1423C821FC7D135AAA2A89B10 . 6225408 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[7] 2010-06-24 . 5110C2044FF335AC363EECEA920F6DF2 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 06B941C7749A9F071444B4C7563F36B5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . 3F88F981AA7BC20744E0D2C699F500EF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . F6B19C3520F8F33ED4E86B97E5FED45A . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . 8BE0CC683F604CA2DA29589DA96D6FD1 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . B459C87AA60BADADF3F0887737889CFF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 3E902BD4D0EFB9E73C515DD3DEB6003B . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . 8097658FEC4E7E65C8A63E6B7B2B0921 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . F343C3CE6026ADE482D48B2D4F881A1D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . D6DA6137433E02999C1229DC692250CD . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 54E07F3B4EEF71607437367BA1922F6A . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 53FF3AE6C6C6F7888E845C6A755D5C09 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 3BABDB8AAEED25E0EFE23561C1A2BCE1 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . E96A0BE36C7FAE3539B162C6F1A1800C . 6210560 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2006-03-02 . CA71E7A74C41D1435D47E1A33A433230 . 3511296 . . [6.00.2900.2853] . . c:\windows\ie8\mshtml.dll
[-] 2006-02-21 . CDD766C610E7DE86CCE91CD339C79BCF . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

[7] 2010-06-24 . D2B5FCDB99A3321C1B9B8A12A6D56AD8 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 715F435D75352E23FD6B72234B5520A2 . 907264 . . [8.00.6001.18939] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-06-24 . 715F435D75352E23FD6B72234B5520A2 . 907264 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[7] 2010-06-24 . EF345C39AD3FBBD239627EDD99793CF1 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-06 . B7ECEF0CCF63119356E174A78C185171 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . 72064DA077E9D6912F39438D97CC0C60 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 4A4C190879347A0064731F39610F1F72 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . 75A4A1378971D84FF6A7D766F4A7BC59 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 37CFE7928711C8157CF4D191F0EF5F69 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . F658908845F3EB727FEF4769ED0E52FE . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 0B1AA91DFEDB1298FF7D93EBA45F8DB5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . FCD887F2BA15CD8D95F8D70766D42739 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 0C20BF283DE5BA50060240383B8AA41C . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 9122013C5668D967C4AE7F52252898DE . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . BFD199B9F007F6934D7C4C43F5507286 . 905728 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2006-03-02 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2006-03-02 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-09_17.59.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2010-10-09 17:52 68156 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-09 18:03 68156 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-09 18:03 435260 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-10-09 17:52 435260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Core Temp"="c:\documents and settings\Owner\Plocha\TempCore\Core Temp.exe" [2009-08-04 378384]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-09 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2010-10-5 125952]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Nabídka Start^Programy^Po spuštění^PSPdisp.lnk]
path=c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\PSPdisp.lnk
backup=c:\windows\pss\PSPdisp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-06-05 11:38 468408 ----a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PSPdisp\\bin\\app\\PSPdisp.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.1.101/255.255.255.255:Enabled:@xpsp2res.dll,-22004
"6112:TCP"= 6112:TCP:Battle.net
"6112:UDP"= 6112:UDP:Battle.net
"80:UDP"= 80:UDP:80
"8000:TCP"= 8000:TCP:Vysílání
"8000:UDP"= 8000:UDP:Vysílání
"8001:TCP"= 8001:TCP:Vysílání
"8001:UDP"= 8001:UDP:Vysílání
"6113:TCP"= 6113:TCP:GHost
"6113:UDP"= 6113:UDP:GHost
"5900:TCP"= 5900:TCP:VNC
"5900:UDP"= 5900:UDP:VNC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [24.4.2010 19:43 53760]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28.9.2010 17:41 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.5.2010 22:24 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28.9.2010 17:41 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp [?]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [3.5.2007 1:48 55296]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [28.1.2010 16:14 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 oflpydin;oflpydin;\??\c:\docume~1\Owner\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\Owner\LOCALS~1\Temp\oflpydin.sys [?]
S3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [13.2.2010 17:19 3072]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [26.1.2010 16:28 36928]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [28.9.2010 17:42 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [28.9.2010 17:42 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [28.9.2010 17:42 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [17.7.2009 19:43 23480]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S3 ZD1211BU(TP-LINK);TL-WN422G Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [16.4.2009 14:15 500736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.3.2009 8:56 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-SONYX-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-10 12:09]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 20:24]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 20:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4rjh5hdr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\NLE143C.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-299502267-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-10-10 15:27:10
ComboFix-quarantined-files.txt 2010-10-10 13:27
ComboFix2.txt 2010-10-09 18:00

Před spuštěním: Volných bajtů: 17 796 026 368
Po spuštění: Volných bajtů: 17 791 041 536

- - End Of File - - F0E722343160B20536E94757CAFE5203

--------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:30:48, on 10.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Documents and Settings\Owner\Plocha\TempCore\Core Temp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\Owner\Plocha\TempCore\Core Temp.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Owner\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file:///C:/Program%20Files/EA%20SPORTS/FIFA%202004/update.1.1/patchx2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 6936 bytes

Příspěvekod **memphisto** » 10 říj 2010 15:53

v logu fixni:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Jak se chová PC?

SoNyX · Příspěvekod **SoNyX** » 10 říj 2010 16:20

Zatím jsem si nevšiml žádné změny :smile:

E: Možná rychlejší bootování :idea:

Příspěvekod **memphisto** » 11 říj 2010 10:23

Já jsem nesliboval, že pojede jak raketa :smile:

Pro zrychlení nabíhání můžeš ještě použít url=http://malwarebytes.org/StartUpLite.exe]StarUpLite[/url] a defragmentovat disk

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online