kontrola stařenky v práci... Vyřešeno

[John.Ross]

Nevím proč, ale extras log nevyjel , neobjevil se...

[Reklama]

[John.Ross]

zkoušel jsem to dvakrát a nevyjel... :(

[John.Ross]

zkoušel jsem to dvakrát a nevyjel... :(

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (jrjsmvutg) -- File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpzsetup.LNK = File not found

:Files

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[John.Ross]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service jrjsmvutg stopped successfully!
Service jrjsmvutg deleted successfully!
File File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpzsetup.LNK moved successfully.
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Táta
->Temp folder emptied: 3074573 bytes
->Temporary Internet Files folder emptied: 379615 bytes
->Google Chrome cache emptied: 39099596 bytes
->Flash cache emptied: 1254 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 50270 bytes

Total Files Cleaned = 41,00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 03012012_184504

Files\Folders moved on Reboot...
C:\Documents and Settings\Táta\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...




jdu pokračovat

[jaro3]

Fajn..

Pokud budou problémy s CF:

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[John.Ross]

Combofix nešel odinstalovat, tak smazán, provedeno veškeré čištění, ccleaner 2x (pro jistotu ) stažen nový CF a zase hlásil při nabýhání že AVG rezident je zapnut (no to PC je úplný kripl) a tady je log.


ComboFix 12-03-01.01 - Táta 01.03.2012 20:16:37.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.360 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tßta\Plocha\ComboFix.exe
AV: Antivirový systém AVG 7.0.289 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-01 do 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 19:01 . 2012-03-01 19:01 -------- d-----w- c:\program files\CCleaner
2012-03-01 13:39 . 2012-03-01 14:05 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-03-01 13:39 . 2012-03-01 13:39 88 --sh--r- c:\documents and settings\All Users\Data aplikací\F458A35D9E.sys
2012-02-29 23:25 . 2012-02-29 23:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 10:31 . 2012-02-29 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-02-29 10:31 . 2012-02-29 10:31 -------- d-----w- c:\program files\Common Files\Protexis
2012-02-29 10:24 . 2012-02-29 10:24 -------- d-----w- c:\program files\Common Files\Corel
2012-02-29 10:21 . 2012-02-29 10:21 -------- d-----w- c:\program files\Corel
2012-02-29 09:51 . 2012-02-29 09:51 -------- d-----w- c:\program files\GIMP-2.0
2012-02-28 15:58 . 2012-02-28 15:58 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\ESET
2012-02-28 15:58 . 2012-02-28 15:58 -------- d-----w- c:\documents and settings\Táta\Data aplikací\ESET
2012-02-28 15:55 . 2012-02-28 15:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-02-28 15:52 . 2012-02-28 15:52 -------- d-----w- c:\program files\ESET
2012-02-28 15:52 . 2012-02-28 15:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-02-28 12:36 . 2003-04-10 13:46 260096 ----a-w- c:\windows\system32\richtx32.ocx
2012-02-28 12:36 . 2001-11-20 16:09 278528 ----a-w- c:\windows\system32\mejlovani.dll
2012-02-28 12:36 . 1998-06-23 20:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-02-28 12:36 . 1996-06-13 18:24 53760 ----a-w- c:\windows\system32\ZlibTool.ocx
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files\2HCS
2012-02-28 07:19 . 2012-02-28 07:19 -------- d-----w- c:\program files\TeamViewer
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 22:11 . 2012-02-26 22:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-26 20:29 . 2012-02-26 20:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2012-02-26 17:49 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2012-02-22 09:23 . 2012-02-22 09:23 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\PCHealth
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\program files\MSBuild
2012-02-22 09:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-22 09:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-22 09:03 . 2012-02-22 09:04 -------- d-----w- C:\f50b39369c4fcb2f0514f47cc9f0
2012-02-21 15:02 . 2012-02-21 15:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2012-02-21 14:28 . 2012-02-21 14:28 -------- d-sh--w- c:\documents and settings\Táta\IECompatCache
2012-02-21 14:23 . 2012-02-21 14:23 -------- d-sh--w- c:\documents and settings\Táta\PrivacIE
2012-02-21 14:20 . 2012-02-21 14:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 14:19 . 2012-02-21 14:19 -------- d-sh--w- c:\documents and settings\Táta\IETldCache
2012-02-21 14:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 14:07 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 14:07 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 14:07 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 14:02 . 2012-02-21 14:07 -------- dc-h--w- c:\windows\ie8
2012-02-21 10:49 . 2012-02-21 10:49 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\Microsoft Help
2012-02-21 10:09 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-21 10:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-21 10:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-21 10:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-21 10:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-21 10:04 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-21 10:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-21 10:03 . 2012-02-21 10:03 -------- d-----w- c:\program files\HP
2012-02-21 10:00 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-21 10:00 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-21 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-21 09:55 . 2012-02-21 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-02-21 09:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-21 09:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-21 09:55 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-21 09:55 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-21 09:54 . 2012-02-21 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-02-21 09:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-21 09:52 . 2012-02-21 09:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-21 09:52 . 2007-04-10 11:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-02-21 09:52 . 2010-08-10 13:02 81408 ----a-w- c:\windows\system32\E_TD4BHEE.DLL
2012-02-21 09:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-21 09:40 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-21 09:40 . 2008-04-21 21:15 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1F3.tmp
2012-02-21 09:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-21 09:31 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-20 11:54 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-02-20 11:26 . 2012-02-20 11:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-02-20 11:16 . 2012-02-20 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 09:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-02-20 08:49 . 2012-02-20 08:49 -------- d-----w- C:\output
2012-02-20 08:31 . 2012-02-20 10:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\PhotoScape
2012-02-20 08:29 . 2012-02-20 08:30 -------- d-----w- c:\program files\PhotoScape
2012-02-20 08:21 . 2012-02-20 08:24 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Filter Forge 3
2012-02-20 07:48 . 2012-02-09 13:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-17 11:00 . 2012-02-17 11:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Mikrotik
2012-02-15 12:18 . 2012-03-01 14:23 -------- d-----w- c:\documents and settings\Táta\.gimp-2.6
2012-02-15 11:42 . 2012-02-15 11:42 -------- d-----w- c:\program files\XnView
2012-02-15 10:44 . 2012-02-15 10:44 -------- d-----w- c:\documents and settings\Táta\Data aplikací\inkscape
2012-02-15 10:40 . 2012-02-15 10:43 -------- d-----w- c:\program files\Inkscape
2012-02-09 13:45 . 2012-02-15 12:37 -------- d-----w- c:\documents and settings\Táta\Data aplikací\XnView
2012-02-09 12:26 . 2012-02-09 12:26 -------- d-----w- c:\documents and settings\Táta\Data aplikací\OpenOffice.org
2012-02-09 09:29 . 2008-04-14 07:52 33792 ------w- c:\windows\system32\mmcperf.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-09 09:23 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-02-09 09:23 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\SBD files
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- c:\program files\Cutting Technologies
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\Hsprint
2012-02-08 12:05 . 2010-07-12 13:49 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-02-08 12:05 . 2010-07-12 13:49 67400 ----a-w- c:\windows\system32\ftcserco.dll
2012-02-08 12:05 . 2010-07-12 13:48 73032 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-02-08 12:05 . 2010-07-12 13:50 198464 ----a-w- c:\windows\system32\ftd2xx.dll
2012-02-08 12:05 . 2010-07-12 13:50 105288 ----a-w- c:\windows\system32\ftbusui.dll
2012-02-08 12:05 . 2010-07-12 13:49 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-02-08 12:05 . 2010-07-12 13:49 60104 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-02-06 14:05 . 2012-02-06 14:05 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-06 08:56 . 2012-02-06 08:56 -------- d-----w- c:\documents and settings\Táta\Data aplikací\DWGeditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:25 . 2007-12-23 20:16 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-09 13:13 . 2011-11-05 22:22 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2007 15:05 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2005 9:21 14912]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [28.2.2012 8:19 2886528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 14:13 1529152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [13.10.2011 17:33 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S2 tscmgmt;Terminal Server Connection Manager;c:\windows\system32\tscmgmt.exe [17.8.2004 14:49 8192]
S3 abvqjki;abvqjki;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 adsgsq;adsgsq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afbdk;afbdk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 afnwhsr;afnwhsr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 bzrzxjbh;bzrzxjbh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cbzhyf;cbzhyf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ckacgrmz;ckacgrmz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 corivuw;corivuw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cwxhmm;cwxhmm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cyphqy;cyphqy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 daxbhk;daxbhk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dbtxmk;dbtxmk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dvhzf;dvhzf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 egkusi;egkusi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 eizcej;eizcej;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evlwjmsh;evlwjmsh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 evqzsnunx;evqzsnunx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjlfi;fjlfi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fjqefsb;fjqefsb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaxxmgbq;gaxxmgbq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gfpoqbde;gfpoqbde;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gghjl;gghjl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gipaixwn;gipaixwn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S3 hiylzjrij;hiylzjrij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hjqbqwcm;hjqbqwcm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 hkzrnouy;hkzrnouy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\KraKen\LOCALS~1\Temp\idrmkl.sys [?]
S3 igsiij;igsiij;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ihkad;ihkad;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ijhnsamdx;ijhnsamdx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ipstvh;ipstvh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jlqqui;jlqqui;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jpdezojbe;jpdezojbe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jqcrrfw;jqcrrfw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jscptory;jscptory;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jygrwuyz;jygrwuyz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 legvkhdh;legvkhdh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ljepgj;ljepgj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lvtcdcz;lvtcdcz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lzqhtqb;lzqhtqb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 mlnbpedm;mlnbpedm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ncnks;ncnks;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ngtdzciy;ngtdzciy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nrmxzyvl;nrmxzyvl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 obmszr;obmszr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ohrjjjs;ohrjjjs;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 okesmnu;okesmnu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ompsejc;ompsejc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pepxxn;pepxxn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pllgjgn;pllgjgn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pnfxbja;pnfxbja;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ptzls;ptzls;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvknfa;pvknfa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pvwbcrisk;pvwbcrisk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pymcfu;pymcfu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qigwd;qigwd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qkfidfax;qkfidfax;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qqvapatz;qqvapatz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qtgmhikf;qtgmhikf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 quivrcl;quivrcl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rbownqwm;rbownqwm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rplwjiamu;rplwjiamu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys --> c:\windows\system32\DRIVERS\sbusb.sys [?]
S3 smmufitk;smmufitk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sonhzw;sonhzw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 spvmqe;spvmqe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sqylkl;sqylkl;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 stomqt;stomqt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 sucuwcj;sucuwcj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 suwwbzoeb;suwwbzoeb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tdoke;tdoke;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tgdfz;tgdfz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tnbefu;tnbefu;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tuxhrel;tuxhrel;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tvvdndsqg;tvvdndsqg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tzsduqj;tzsduqj;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 uavdcvo;uavdcvo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ucuexm;ucuexm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vtnxuxin;vtnxuxin;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wegoiriil;wegoiriil;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wwyflsegb;wwyflsegb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xgwua;xgwua;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xhsyvhxbw;xhsyvhxbw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xifcqf;xifcqf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xplvdwbsy;xplvdwbsy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xyfnzrdb;xyfnzrdb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yabmg;yabmg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yekth;yekth;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ygbmst;ygbmst;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yogggdcub;yogggdcub;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yulpqlqk;yulpqlqk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yzziw;yzziw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zjwvgxh;zjwvgxh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zrlwa;zrlwa;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jrjsmvutg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-01 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abvqjki]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
"hakldljdbhiffoka"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
"iaembbacnagcgmlgko"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]
"jagmmnjpcbhbpkdimncd"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,
70,6f,67,00,00
"iagmonlbhblleoomno"=hex:6a,61,69,6c,65,6d,69,6c,6f,66,62,6d,6c,6f,62,6d,6a,70,
6f,67,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(516)
c:\program files\TeamViewer\Version7\tv_w32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-03-01 20:27:13
ComboFix-quarantined-files.txt 2012-03-01 19:27
.
Před spuštěním: Volných bajtů: 19 411 705 856
Po spuštění: Volných bajtů: 19 349 409 792
.
- - End Of File - - 303F219CF707D801087C4F9F263DB60C

[jaro3]

Hm , zajímavý..

Nejprve tohle:
Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , vlož číslo 1 a dej Enter.
- Program skenuje PC. Za chvíli se ukáže log s názvem RKreport.txt , celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát.Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

***********************************************************************************************************************************************

Stáhni si rkill
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
SecCenter::
AV: Antivirový systém AVG 7.0.289 *Enabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}

File::
c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
c:\documents and settings\All Users\Data aplikací\F458A35D9E.sys
c:\program files\Windows NT\Accessories\SET1F3.tmp

Driver::
guyohzch
jrjsmvutg
TeamViewer7
abvqjki
adsgsq
afbdk
afnwhsr
bzrzxjbh
cbzhyf
ckacgrmz
corivuw
cwxhmm
cyphqy
daxbhk
dbtxmk
dvhzf
egkusi
eizcej
evlwjmsh
evqzsnunx
fjlfi
fjqefsb
gaxxmgbq
gfpoqbde
gghjl
gipaixwn
hiylzjrij
hkzrnouy
idrmkl
igsiij
ihkad
ijhnsamdx
ipstvh
jlqqui
jpdezojbe
jqcrrfw
jscptory
jygrwuyz
legvkhdh
ljepgj
lvtcdcz
lzqhtqb
mlnbpedm
ncnks
ngtdzciy
nrmxzyvl
obmszr
ohrjjjs
okesmnu
ompsejc
pepxxn
pllgjgn
pnfxbja
ptzls
pvknfa
pvwbcrisk
pymcfu
qigwd
qkfidfax
qqvapatz
qtgmhikf
quivrcl
rbownqwm
rplwjiamu
sbusb
smmufitk
sonhzw
spvmqe
sqylkl
stomqt
sucuwcj
suwwbzoeb
tdoke
tgdfz
tnbefu
tuxhrel
tvvdndsqg
tzsduqj
uavdcvo
ucuexm
vtnxuxin
wegoiriil
wwyflsegb
xgwua
xhsyvhxbw
xifcqf
xplvdwbsy
xyfnzrdb
yabmg
yekth
ygbmst
yogggdcub
yulpqlqk
yzziw
zjwvgxh
zrlwa
jrjsmvutg

NetSvcs::
jrjsmvutg

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adsgsq]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afbdk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\afnwhsr]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\bzrzxjbh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbzhyf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ckacgrmz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\corivuw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cwxhmm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cyphqy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\daxbhk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dbtxmk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dvhzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\egkusi]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\eizcej]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evlwjmsh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\evqzsnunx]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjlfi]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\fjqefsb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gaxxmgbq]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gfpoqbde]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gghjl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\gipaixwn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hiylzjrij]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hjqbqwcm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hkzrnouy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\igsiij]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ihkad]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ijhnsamdx]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ipstvh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jlqqui]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jpdezojbe]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jqcrrfw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jscptory]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jygrwuyz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\legvkhdh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ljepgj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lvtcdcz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lzqhtqb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mlnbpedm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ncnks]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ngtdzciy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nrmxzyvl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\obmszr]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohrjjjs]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\okesmnu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ompsejc]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pepxxn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pllgjgn]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pnfxbja]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ptzls]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvknfa]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pvwbcrisk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pymcfu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qigwd]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qkfidfax]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qqvapatz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\qtgmhikf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\quivrcl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rbownqwm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rplwjiamu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\smmufitk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sonhzw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\spvmqe]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sqylkl]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stomqt]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sucuwcj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\suwwbzoeb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tdoke]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tgdfz]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tnbefu]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tuxhrel]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tvvdndsqg]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\tzsduqj]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uavdcvo]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ucuexm]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vtnxuxin]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wegoiriil]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wwyflsegb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xgwua]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xhsyvhxbw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xifcqf]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xplvdwbsy]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xyfnzrdb]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yabmg]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yekth]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ygbmst]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yogggdcub]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yulpqlqk]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yzziw]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zjwvgxh]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\zrlwa]
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\jrjsmvutg]

FixCSet::

RegNull::
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]

RegLock::
[HKEY_USERS\S-1-5-21-1757981266-1292428093-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{473CC802-2DB2-B9EC-A114-6D587B64B552}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{473CC802-2DB2-B9EC-A114-6D587B64B552}\InProcServer32*]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[John.Ross]

Posílám poslední log:


ComboFix 12-03-01.01 - Táta 01.03.2012 21:15:20.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.215 [GMT 1:00]
Spuštěný z: c:\documents and settings\Táta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Táta\Plocha\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\documents and settings\All Users\Data aplikací\F458A35D9E.sys"
"c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys"
"c:\program files\Windows NT\Accessories\SET1F3.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IDRMKL
-------\Legacy_TEAMVIEWER7
-------\Service_abvqjki
-------\Service_adsgsq
-------\Service_afbdk
-------\Service_afnwhsr
-------\Service_bzrzxjbh
-------\Service_cbzhyf
-------\Service_ckacgrmz
-------\Service_corivuw
-------\Service_cwxhmm
-------\Service_cyphqy
-------\Service_daxbhk
-------\Service_dbtxmk
-------\Service_dvhzf
-------\Service_egkusi
-------\Service_eizcej
-------\Service_evlwjmsh
-------\Service_evqzsnunx
-------\Service_fjlfi
-------\Service_fjqefsb
-------\Service_gaxxmgbq
-------\Service_gfpoqbde
-------\Service_gghjl
-------\Service_gipaixwn
-------\Service_hiylzjrij
-------\Service_hkzrnouy
-------\Service_idrmkl
-------\Service_igsiij
-------\Service_ihkad
-------\Service_ijhnsamdx
-------\Service_ipstvh
-------\Service_jlqqui
-------\Service_jpdezojbe
-------\Service_jqcrrfw
-------\Service_jscptory
-------\Service_jygrwuyz
-------\Service_legvkhdh
-------\Service_ljepgj
-------\Service_lvtcdcz
-------\Service_lzqhtqb
-------\Service_mlnbpedm
-------\Service_ncnks
-------\Service_ngtdzciy
-------\Service_nrmxzyvl
-------\Service_obmszr
-------\Service_ohrjjjs
-------\Service_okesmnu
-------\Service_ompsejc
-------\Service_pepxxn
-------\Service_pllgjgn
-------\Service_pnfxbja
-------\Service_ptzls
-------\Service_pvknfa
-------\Service_pvwbcrisk
-------\Service_pymcfu
-------\Service_qigwd
-------\Service_qkfidfax
-------\Service_qqvapatz
-------\Service_qtgmhikf
-------\Service_quivrcl
-------\Service_rbownqwm
-------\Service_rplwjiamu
-------\Service_sbusb
-------\Service_smmufitk
-------\Service_sonhzw
-------\Service_spvmqe
-------\Service_sqylkl
-------\Service_stomqt
-------\Service_sucuwcj
-------\Service_suwwbzoeb
-------\Service_tdoke
-------\Service_TeamViewer7
-------\Service_tgdfz
-------\Service_tnbefu
-------\Service_tuxhrel
-------\Service_tvvdndsqg
-------\Service_tzsduqj
-------\Service_uavdcvo
-------\Service_ucuexm
-------\Service_vtnxuxin
-------\Service_wegoiriil
-------\Service_wwyflsegb
-------\Service_xgwua
-------\Service_xhsyvhxbw
-------\Service_xifcqf
-------\Service_xplvdwbsy
-------\Service_xyfnzrdb
-------\Service_yabmg
-------\Service_yekth
-------\Service_ygbmst
-------\Service_yogggdcub
-------\Service_yulpqlqk
-------\Service_yzziw
-------\Service_zjwvgxh
-------\Service_zrlwa
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-02 do 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-01 19:01 . 2012-03-01 19:01 -------- d-----w- c:\program files\CCleaner
2012-03-01 13:39 . 2012-03-01 14:05 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-03-01 13:39 . 2012-03-01 13:39 88 --sh--r- c:\documents and settings\All Users\Data aplikací\F458A35D9E.sys
2012-02-29 23:25 . 2012-02-29 23:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 10:31 . 2012-02-29 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-02-29 10:31 . 2012-02-29 10:31 -------- d-----w- c:\program files\Common Files\Protexis
2012-02-29 10:24 . 2012-02-29 10:24 -------- d-----w- c:\program files\Common Files\Corel
2012-02-29 10:21 . 2012-02-29 10:21 -------- d-----w- c:\program files\Corel
2012-02-29 09:51 . 2012-02-29 09:51 -------- d-----w- c:\program files\GIMP-2.0
2012-02-28 15:58 . 2012-02-28 15:58 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\ESET
2012-02-28 15:58 . 2012-02-28 15:58 -------- d-----w- c:\documents and settings\Táta\Data aplikací\ESET
2012-02-28 15:55 . 2012-02-28 15:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-02-28 15:52 . 2012-02-28 15:52 -------- d-----w- c:\program files\ESET
2012-02-28 15:52 . 2012-02-28 15:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-02-28 12:36 . 2003-04-10 13:46 260096 ----a-w- c:\windows\system32\richtx32.ocx
2012-02-28 12:36 . 2001-11-20 16:09 278528 ----a-w- c:\windows\system32\mejlovani.dll
2012-02-28 12:36 . 1998-06-23 20:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-02-28 12:36 . 1996-06-13 18:24 53760 ----a-w- c:\windows\system32\ZlibTool.ocx
2012-02-28 12:36 . 2012-02-28 12:36 -------- d-----w- c:\program files\2HCS
2012-02-28 07:19 . 2012-02-28 07:19 -------- d-----w- c:\program files\TeamViewer
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-27 09:23 . 2012-02-27 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 22:11 . 2012-02-26 22:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-26 20:29 . 2012-02-26 20:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2012-02-26 17:49 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-26 17:49 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2012-02-22 09:23 . 2012-02-22 09:23 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\PCHealth
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-22 09:05 . 2012-02-22 09:05 -------- d-----w- c:\program files\MSBuild
2012-02-22 09:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-22 09:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-22 09:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-22 09:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-22 09:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-22 09:03 . 2012-02-22 09:04 -------- d-----w- C:\f50b39369c4fcb2f0514f47cc9f0
2012-02-21 15:02 . 2012-02-21 15:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2012-02-21 14:28 . 2012-02-21 14:28 -------- d-sh--w- c:\documents and settings\Táta\IECompatCache
2012-02-21 14:23 . 2012-02-21 14:23 -------- d-sh--w- c:\documents and settings\Táta\PrivacIE
2012-02-21 14:20 . 2012-02-21 14:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 14:19 . 2012-02-21 14:19 -------- d-sh--w- c:\documents and settings\Táta\IETldCache
2012-02-21 14:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 14:07 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 14:07 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 14:07 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 14:02 . 2012-02-21 14:07 -------- dc-h--w- c:\windows\ie8
2012-02-21 10:49 . 2012-02-21 10:49 -------- d-----w- c:\documents and settings\Táta\Local Settings\Data aplikací\Microsoft Help
2012-02-21 10:09 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-21 10:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-21 10:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-21 10:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-21 10:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-21 10:04 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-21 10:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-21 10:03 . 2012-02-21 10:03 -------- d-----w- c:\program files\HP
2012-02-21 10:00 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-21 10:00 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-21 09:56 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-21 09:55 . 2012-02-21 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-02-21 09:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-21 09:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-21 09:55 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-21 09:55 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-21 09:54 . 2012-02-21 09:54 -------- d-sh--w- c:\windows\ftpcache
2012-02-21 09:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-21 09:52 . 2012-02-21 09:52 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-21 09:52 . 2007-04-10 11:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-02-21 09:52 . 2010-08-10 13:02 81408 ----a-w- c:\windows\system32\E_TD4BHEE.DLL
2012-02-21 09:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-21 09:40 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-21 09:40 . 2008-04-21 21:15 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1F3.tmp
2012-02-21 09:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-21 09:31 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-20 11:54 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-02-20 11:26 . 2012-02-20 11:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-02-20 11:16 . 2012-02-20 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 09:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2012-02-20 09:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-02-20 08:49 . 2012-02-20 08:49 -------- d-----w- C:\output
2012-02-20 08:31 . 2012-02-20 10:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\PhotoScape
2012-02-20 08:29 . 2012-02-20 08:30 -------- d-----w- c:\program files\PhotoScape
2012-02-20 08:21 . 2012-02-20 08:24 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Filter Forge 3
2012-02-20 07:48 . 2012-02-09 13:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-17 11:00 . 2012-02-17 11:00 -------- d-----w- c:\documents and settings\Táta\Data aplikací\Mikrotik
2012-02-15 12:18 . 2012-03-01 14:23 -------- d-----w- c:\documents and settings\Táta\.gimp-2.6
2012-02-15 11:42 . 2012-02-15 11:42 -------- d-----w- c:\program files\XnView
2012-02-15 10:44 . 2012-02-15 10:44 -------- d-----w- c:\documents and settings\Táta\Data aplikací\inkscape
2012-02-15 10:40 . 2012-02-15 10:43 -------- d-----w- c:\program files\Inkscape
2012-02-09 13:45 . 2012-02-15 12:37 -------- d-----w- c:\documents and settings\Táta\Data aplikací\XnView
2012-02-09 12:26 . 2012-02-09 12:26 -------- d-----w- c:\documents and settings\Táta\Data aplikací\OpenOffice.org
2012-02-09 09:29 . 2008-04-14 07:52 33792 ------w- c:\windows\system32\mmcperf.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-09 09:25 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-09 09:23 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-02-09 09:23 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\SBD files
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- c:\program files\Cutting Technologies
2012-02-08 12:12 . 2012-02-08 12:12 -------- d-----w- C:\Hsprint
2012-02-08 12:05 . 2010-07-12 13:49 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-02-08 12:05 . 2010-07-12 13:49 67400 ----a-w- c:\windows\system32\ftcserco.dll
2012-02-08 12:05 . 2010-07-12 13:48 73032 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-02-08 12:05 . 2010-07-12 13:50 198464 ----a-w- c:\windows\system32\ftd2xx.dll
2012-02-08 12:05 . 2010-07-12 13:50 105288 ----a-w- c:\windows\system32\ftbusui.dll
2012-02-08 12:05 . 2010-07-12 13:49 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-02-08 12:05 . 2010-07-12 13:49 60104 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-02-06 14:05 . 2012-02-06 14:05 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-06 08:56 . 2012-02-06 08:56 -------- d-----w- c:\documents and settings\Táta\Data aplikací\DWGeditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:25 . 2007-12-23 20:16 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-09 13:13 . 2011-11-05 22:22 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-01_19.24.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-01 20:24 . 2012-03-01 20:24 16384 c:\windows\temp\Perflib_Perfdata_37c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2007 15:05 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2005 9:21 14912]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 14:13 1529152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [13.10.2011 17:33 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
S2 tscmgmt;Terminal Server Connection Manager;c:\windows\system32\tscmgmt.exe [17.8.2004 14:49 8192]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.2.2012 21:29 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 08:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2012-03-02 08:17:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-02 07:17
ComboFix2.txt 2012-03-01 19:27
.
Před spuštěním: Volných bajtů: 19 371 180 032
Po spuštění: Volných bajtů: 19 224 424 448
.
- - End Of File - - F60C2B9E65F547EE590C1AB698A3A399

[jaro3]

Ještě ten RogueKiller (viz výše).

[John.Ross]

RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Táta [Práva správce]
Mode: Kontrola -- Date: 03/02/2012 09:32:38

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD400JB-00ENA0 +++++
--- User ---
[MBR] df7ab056a41f24a894dbab499c65bc4f
[BSP] 10f05fc19017bdc8d0958cd357222215 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
c:\program files\Windows NT\Accessories\SET*.tmp
c:\program files\Windows NT\Accessories\SET1F3.tmp
c:\documents and settings\All Users\Data aplikací\F458A35D9E.sys

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\E_TD4BHEE.DLL
c:\windows\system32\E_DCINST.DLL

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\) , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.