Prosím o kontrolu LOGu

koon · Příspěvekod **koon** » 11 led 2011 15:10

Zdravím,
prosím o kontrolu LOGu. Notebook je pomalý a šíleně hučí větrák...
Zde je LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:06:44, on 11.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7402 bytes

Reklama

Příspěvekod **memphisto** » 11 led 2011 15:32

Odinstaluj:
uTorrent toolbar
Conduit Engine

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

koon · Příspěvekod **koon** » 11 led 2011 17:42

Odinstalováno:
uTorrent toolbar
Conduit Engine

Projeto Dr. Web CureIt - smazán jeden vir.

LOG z MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.1.2011 17:22:06
mbam-log-2011-01-11 (17-22-01).txt

Typ kontroly: Rychlý test
Testované objekty: 139379
Uplynulý čas: 4 minut, 23 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **jaro3** » 11 led 2011 19:05

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

koon · Příspěvekod **koon** » 11 led 2011 22:28

LOG z ComboFixu:

ComboFix 11-01-10.08 - pt 11.01.2011 21:48:03.3.2 - x86 MINIMAL
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1652 [GMT 1:00]
SpuÜtýnř z: c:\users\pt\Desktop\udr×ba poŔÝtaŔe\ComboFix.exe
FW: F-Secure Profi Antivirus 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pt\AppData\Roaming\Local
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\voko_upr.avi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\voko_upr.avi.ddr

.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-11 do 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 20:56 . 2011-01-11 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 20:56 . 2011-01-11 20:56 -------- d-----w- c:\users\pt\AppData\Local\temp
2011-01-11 19:10 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{054E21AD-C9DA-4D0C-89C8-A45F76548B4F}\mpengine.dll
2011-01-11 16:31 . 2011-01-11 16:31 -------- d-----w- c:\users\pt\AppData\Local\Adobe
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\users\pt\AppData\Roaming\Malwarebytes
2011-01-11 16:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-11 16:15 . 2011-01-11 16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 16:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 14:58 . 2011-01-11 14:58 -------- d-----w- c:\users\pt\DoctorWeb
2011-01-11 14:49 . 2011-01-11 14:49 -------- d-----w- c:\users\pt\AppData\Local\GHISLER
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\program files\totalcmd
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\users\pt\AppData\Roaming\GHISLER
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-11 14:05 . 2011-01-11 14:05 388096 ----a-r- c:\users\pt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-11 14:05 . 2011-01-11 14:05 -------- d-----w- c:\program files\Trend Micro
2011-01-11 13:54 . 2011-01-11 13:55 -------- d-----w- c:\program files\CCleaner
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\ca-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\eu-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\vi-VN
2011-01-11 13:07 . 2011-01-11 13:07 -------- d-----w- c:\windows\system32\EventProviders
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\users\pt\AppData\Roaming\DivX
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-01-10 19:36 . 2011-01-10 19:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-10 19:23 . 2011-01-10 19:38 -------- d-----w- c:\program files\DivX
2011-01-10 19:22 . 2011-01-10 19:38 -------- d-----w- c:\programdata\DivX
2010-12-25 07:18 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-25 07:18 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-25 07:18 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- C:\extensions
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- c:\program files\uTorrent
2010-12-24 11:26 . 2011-01-03 18:11 -------- d-----w- c:\users\pt\AppData\Roaming\uTorrent
2010-12-24 10:18 . 2009-08-05 15:59 572512 ----a-w- c:\windows\system32\msvcp50.dll
2010-12-24 10:18 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-24 10:18 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-24 10:18 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-24 10:18 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-24 10:17 . 2011-01-11 20:23 -------- d-----w- c:\program files\F-Secure
2010-12-24 10:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-24 10:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-24 10:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-24 10:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-24 10:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-24 10:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-24 10:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-24 10:16 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-24 10:16 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-24 10:16 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-24 10:14 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-24 10:12 . 2010-12-24 10:16 -------- d-----w- c:\programdata\fssg
2010-12-24 10:11 . 2011-01-11 20:20 -------- d-----w- c:\programdata\f-secure
2010-12-24 10:10 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-24 10:07 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-20 18:11 . 2010-12-20 18:11 -------- d-----w- c:\program files\TO2SSM
2010-12-20 17:58 . 2010-12-20 18:14 -------- d-----w- c:\users\pt\AppData\Roaming\Motive
2010-12-20 17:58 . 2011-01-11 16:09 -------- d-----w- c:\program files\Common Files\Motive
2010-12-20 17:57 . 2010-12-24 10:28 -------- d-----w- c:\programdata\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 10:25 . 2008-12-22 15:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:55 . 2010-12-24 10:15 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-04 09:14 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-01-29 23975720]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-01-08 1331024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-12 01:22 155648 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-03-01 07:37 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-03-01 07:36 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 04:52 778240 ----a-w- c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:05 4669440 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:44 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2009-01-08 19:36 1331024 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]

--- OstatnÝ slu×by/ovladaŔe v pamýti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2010-04-06 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-04-04 10:48]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:07]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:07]

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{578B34F2-5ED2-425D-BB09-9D00B1B01D06}.job
- c:\windows\system32\msfeedssync.exe [2010-12-25 04:25]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 21:56
Windows 6.0.6002 Service Pack 2 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

C:\ADSM_PData_0150

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 1

**************************************************************************
.
--------------------- ZAMKNUT╔ KL═╚E V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkovř Ŕas: 2011-01-11 21:59:00
ComboFix-quarantined-files.txt 2011-01-11 20:58
ComboFix2.txt 2008-12-22 12:09

P°ed spuÜtýnÝm: Volnřch bajt¨: 44á691á017á728
Po spuÜtýnÝ: Volnřch bajt¨: 44á528á418á816

- - End Of File - - 0090C278909F937F291E0D6A937C7711

LOG z MbAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.1.2011 22:17:28
mbam-log-2011-01-11 (22-17-28).txt

Typ kontroly: Rychlý test
Testované objekty: 141428
Uplynulý čas: 3 minut, 19 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

koon · Příspěvekod **koon** » 11 led 2011 22:28

LOG z ComboFixu:

ComboFix 11-01-10.08 - pt 11.01.2011 21:48:03.3.2 - x86 MINIMAL
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1652 [GMT 1:00]
SpuÜtýnř z: c:\users\pt\Desktop\udr×ba poŔÝtaŔe\ComboFix.exe
FW: F-Secure Profi Antivirus 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pt\AppData\Roaming\Local
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\voko_upr.avi
c:\users\pt\AppData\Roaming\Local\Temp\DDM\Settings\voko_upr.avi.ddr

.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-11 do 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 20:56 . 2011-01-11 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 20:56 . 2011-01-11 20:56 -------- d-----w- c:\users\pt\AppData\Local\temp
2011-01-11 19:10 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{054E21AD-C9DA-4D0C-89C8-A45F76548B4F}\mpengine.dll
2011-01-11 16:31 . 2011-01-11 16:31 -------- d-----w- c:\users\pt\AppData\Local\Adobe
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\users\pt\AppData\Roaming\Malwarebytes
2011-01-11 16:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-11 16:15 . 2011-01-11 16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 16:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 14:58 . 2011-01-11 14:58 -------- d-----w- c:\users\pt\DoctorWeb
2011-01-11 14:49 . 2011-01-11 14:49 -------- d-----w- c:\users\pt\AppData\Local\GHISLER
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\program files\totalcmd
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\users\pt\AppData\Roaming\GHISLER
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-11 14:05 . 2011-01-11 14:05 388096 ----a-r- c:\users\pt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-11 14:05 . 2011-01-11 14:05 -------- d-----w- c:\program files\Trend Micro
2011-01-11 13:54 . 2011-01-11 13:55 -------- d-----w- c:\program files\CCleaner
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\ca-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\eu-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\vi-VN
2011-01-11 13:07 . 2011-01-11 13:07 -------- d-----w- c:\windows\system32\EventProviders
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\users\pt\AppData\Roaming\DivX
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-01-10 19:36 . 2011-01-10 19:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-10 19:23 . 2011-01-10 19:38 -------- d-----w- c:\program files\DivX
2011-01-10 19:22 . 2011-01-10 19:38 -------- d-----w- c:\programdata\DivX
2010-12-25 07:18 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-25 07:18 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-25 07:18 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- C:\extensions
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- c:\program files\uTorrent
2010-12-24 11:26 . 2011-01-03 18:11 -------- d-----w- c:\users\pt\AppData\Roaming\uTorrent
2010-12-24 10:18 . 2009-08-05 15:59 572512 ----a-w- c:\windows\system32\msvcp50.dll
2010-12-24 10:18 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-24 10:18 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-24 10:18 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-24 10:18 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-24 10:17 . 2011-01-11 20:23 -------- d-----w- c:\program files\F-Secure
2010-12-24 10:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-24 10:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-24 10:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-24 10:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-24 10:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-24 10:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-24 10:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-24 10:16 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-24 10:16 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-24 10:16 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-24 10:14 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-24 10:12 . 2010-12-24 10:16 -------- d-----w- c:\programdata\fssg
2010-12-24 10:11 . 2011-01-11 20:20 -------- d-----w- c:\programdata\f-secure
2010-12-24 10:10 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-24 10:07 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-20 18:11 . 2010-12-20 18:11 -------- d-----w- c:\program files\TO2SSM
2010-12-20 17:58 . 2010-12-20 18:14 -------- d-----w- c:\users\pt\AppData\Roaming\Motive
2010-12-20 17:58 . 2011-01-11 16:09 -------- d-----w- c:\program files\Common Files\Motive
2010-12-20 17:57 . 2010-12-24 10:28 -------- d-----w- c:\programdata\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 10:25 . 2008-12-22 15:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:55 . 2010-12-24 10:15 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-04 09:14 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-01-29 23975720]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-01-08 1331024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-12 01:22 155648 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-03-01 07:37 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-03-01 07:36 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 04:52 778240 ----a-w- c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:05 4669440 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:44 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2009-01-08 19:36 1331024 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]

--- OstatnÝ slu×by/ovladaŔe v pamýti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2010-04-06 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-04-04 10:48]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:07]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:07]

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{578B34F2-5ED2-425D-BB09-9D00B1B01D06}.job
- c:\windows\system32\msfeedssync.exe [2010-12-25 04:25]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 21:56
Windows 6.0.6002 Service Pack 2 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

C:\ADSM_PData_0150

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 1

**************************************************************************
.
--------------------- ZAMKNUT╔ KL═╚E V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkovř Ŕas: 2011-01-11 21:59:00
ComboFix-quarantined-files.txt 2011-01-11 20:58
ComboFix2.txt 2008-12-22 12:09

P°ed spuÜtýnÝm: Volnřch bajt¨: 44á691á017á728
Po spuÜtýnÝ: Volnřch bajt¨: 44á528á418á816

- - End Of File - - 0090C278909F937F291E0D6A937C7711

LOG z MbAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5504

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.1.2011 22:17:28
mbam-log-2011-01-11 (22-17-28).txt

Typ kontroly: Rychlý test
Testované objekty: 141428
Uplynulý čas: 3 minut, 19 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **jaro3** » 11 led 2011 22:51

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\CreateChoiceProcessTask.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=- 
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\acovcnt.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

koon · Příspěvekod **koon** » 11 led 2011 23:41

LOG z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:06:44, on 11.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7402 bytes

LOG z ComboFixu:
ComboFix 11-01-10.08 - pt 11.01.2011 23:17:51.4.2 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1434 [GMT 1:00]
SpuÜtýnř z: c:\users\pt\Desktop\udr×ba poŔÝtaŔe\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\users\pt\Desktop\CFScript.txt
FW: F-Secure Profi Antivirus 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\CreateChoiceProcessTask.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\CreateChoiceProcessTask.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-11 do 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 22:26 . 2011-01-11 22:28 -------- d-----w- c:\users\pt\AppData\Local\temp
2011-01-11 22:26 . 2011-01-11 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 19:20 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:20 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:20 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:20 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:20 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:20 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 19:19 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 19:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-11 19:10 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{054E21AD-C9DA-4D0C-89C8-A45F76548B4F}\mpengine.dll
2011-01-11 16:31 . 2011-01-11 16:31 -------- d-----w- c:\users\pt\AppData\Local\Adobe
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\users\pt\AppData\Roaming\Malwarebytes
2011-01-11 16:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 16:15 . 2011-01-11 16:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-11 16:15 . 2011-01-11 16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 16:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 14:58 . 2011-01-11 14:58 -------- d-----w- c:\users\pt\DoctorWeb
2011-01-11 14:49 . 2011-01-11 14:49 -------- d-----w- c:\users\pt\AppData\Local\GHISLER
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\program files\totalcmd
2011-01-11 14:47 . 2011-01-11 14:47 -------- d-----w- c:\users\pt\AppData\Roaming\GHISLER
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-01-11 14:47 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-11 14:05 . 2011-01-11 14:05 388096 ----a-r- c:\users\pt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-11 14:05 . 2011-01-11 14:05 -------- d-----w- c:\program files\Trend Micro
2011-01-11 13:54 . 2011-01-11 13:55 -------- d-----w- c:\program files\CCleaner
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\ca-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\eu-ES
2011-01-11 13:33 . 2011-01-11 13:34 -------- d-----w- c:\windows\system32\vi-VN
2011-01-11 13:07 . 2011-01-11 13:07 -------- d-----w- c:\windows\system32\EventProviders
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\users\pt\AppData\Roaming\DivX
2011-01-10 19:37 . 2011-01-10 19:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-01-10 19:36 . 2011-01-10 19:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-01-10 19:23 . 2011-01-10 19:38 -------- d-----w- c:\program files\DivX
2011-01-10 19:22 . 2011-01-10 19:38 -------- d-----w- c:\programdata\DivX
2010-12-25 07:18 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-25 07:18 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-25 07:18 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- C:\extensions
2010-12-24 11:27 . 2010-12-24 11:27 -------- d-----w- c:\program files\uTorrent
2010-12-24 11:26 . 2011-01-03 18:11 -------- d-----w- c:\users\pt\AppData\Roaming\uTorrent
2010-12-24 10:18 . 2009-08-05 15:59 572512 ----a-w- c:\windows\system32\msvcp50.dll
2010-12-24 10:18 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-24 10:18 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-24 10:18 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-24 10:18 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-24 10:17 . 2011-01-11 20:23 -------- d-----w- c:\program files\F-Secure
2010-12-24 10:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-24 10:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-24 10:16 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-24 10:16 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-24 10:16 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-24 10:16 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-24 10:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-24 10:16 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-24 10:16 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-24 10:16 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-24 10:14 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-24 10:12 . 2010-12-24 10:16 -------- d-----w- c:\programdata\fssg
2010-12-24 10:11 . 2011-01-11 20:20 -------- d-----w- c:\programdata\f-secure
2010-12-24 10:10 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-24 10:07 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-20 18:11 . 2010-12-20 18:11 -------- d-----w- c:\program files\TO2SSM
2010-12-20 17:58 . 2010-12-20 18:14 -------- d-----w- c:\users\pt\AppData\Roaming\Motive
2010-12-20 17:58 . 2011-01-11 16:09 -------- d-----w- c:\program files\Common Files\Motive
2010-12-20 17:57 . 2010-12-24 10:28 -------- d-----w- c:\programdata\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 22:28 . 2008-12-22 15:10 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:55 . 2010-12-24 10:15 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-04 09:14 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-01-29 23975720]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-01-08 1331024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-12 01:22 155648 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-03-01 07:37 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-03-01 07:36 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ----a-w- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 04:52 778240 ----a-w- c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:05 4669440 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:44 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2009-01-08 19:36 1331024 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{578B34F2-5ED2-425D-BB09-9D00B1B01D06}.job
- c:\windows\system32\msfeedssync.exe [2010-12-25 04:25]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 23:29
Windows 6.0.6002 Service Pack 2 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0

**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------

- - - - - - - > 'Explorer.exe'(2536)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-01-11 23:36:11 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-01-11 22:36
ComboFix2.txt 2011-01-11 20:59
ComboFix3.txt 2008-12-22 12:09

P°ed spuÜtýnÝm: Volnřch bajt¨: 42á172á178á432
Po spuÜtýnÝ: Volnřch bajt¨: 41á686á970á368

- - End Of File - - 8B45A5503497C43569ED9961B862110F

Cesta k Virustotal:
http://www.virustotal.com/file-scan/rep ... 1294781859

Příspěvekod **jaro3** » 12 led 2011 00:12

Ty toolbary si odinstaluj:
uTorrentBar Toolbar
Toolbar: Conduit Engine

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Napiš , jak to vypadá.

koon · Příspěvekod **koon** » 12 led 2011 13:21

Poslední HJT nebyl spuštěn jako správce, proto posílám ještě jeden LOG. Jinak PC už beží celkem dobře, ale větrák pořád šíleně hučí... může to být softwarový problém, nebo to chce vyčistit PC...
Ještě jednou posílám LOG z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:00, on 12.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 5827 bytes

Příspěvekod **jaro3** » 12 led 2011 14:20

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Spíš vyčistit nebo vyměnit ventilátor , můžeš zadat nové téma v sekci Problém s Hardwarem.

Pokud nejsou jiné problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

koon · Příspěvekod **koon** » 12 led 2011 15:18

Vyřešeno, mockrát díky. Větrák zkusím vyčistit a když tak dám vědět...

Prosím o kontrolu LOGu Vyřešeno

Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu

Re: Prosím o kontrolu LOGu Vyřešeno

Kdo je online