nejsou zobrazeny ikony a Start lišta

Zpráva

jaGmann · #1 Příspěvek od **jaGmann** » 12 dub 2010 08:11

Zdravim.
Prosim o pomoc s nasledujicim problemem. Po nabehnuti Win je videt jen fotka na plose bez ikon a listy Start. Na nic se neda kliknout, ani prave tlacitko nereaguje. Automaticky se otevira slozka dokumentu (nevim proc). Spravce uloh jde otevrit - kdyz sestrelim proces explorer, zavrou se ty dokumenty. A kdyz v nem dam spustit novou ulohu - explorer, tak se Dokumenty zase otevrou, ale ikony (tak jako na jinem PC) ne. Jine programy jsou timto zpusobem spustit.
Stejne se chova i v nouzovem rezimu.
Kdyz se prihlasim v nouzivem rezimu jako administrator, tak je Spravce uloh zakazan a pousti se nejaky pochybny scan, jinak situace podobna jako je napsano vyse.
Jako uzivatel jsem spustil HiJackThis a zde je log:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:21, on 12.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Activation Assistant\FGUPM.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
F2 - REG:system.ini: Shell=C:\WINDOWS\system32\a96ptb6dw.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [77460125] C:\Documents and Settings\All Users\Data aplikací\77460125\77460125.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3577063296
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://oceanscene-lahinch.remotemanager ... Render.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.151.82.132/activex/AMC.cab
O20 - AppInit_DLLs: aQTUXGbSA.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Služba Google Update (gupdate1c995c7b3f5ced2) (gupdate1c995c7b3f5ced2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe" (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

Predem velmi dekuji!!!

jaGmann · #2 Příspěvek od **jaGmann** » 12 dub 2010 08:50

Ahoj, myslel jsem si to:)
v priloze je pozadovany archiv

jaGmann · #3 Příspěvek od **jaGmann** » 12 dub 2010 11:02

pomohlo to, plocha uz je opet dostupna

Akorat to nabiha hooodne pomalu a i po druhem restartu chce instalovat ovladace na cpu a nezname zarizeni.
NODa jsem odinstaloval.
RSIT info:
info.txt logfile of random's system information tool 1.06 2010-04-12 11:59:38

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {95264530-5A22-8E7E-FE9D-D63A927BCAEA}
Adobe Media Player-->MsiExec.exe /I{95264530-5A22-8E7E-FE9D-D63A927BCAEA}
Adobe Reader 9.2 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A92000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Aktualizace systému Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Bluesoleil2.6.0.9 Release 070606-->MsiExec.exe /X{846AC73B-9394-48B9-B941-8F7F472F0047}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Garmin Communicator Plugin-->MsiExec.exe /X{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 1.99.1-->F:\hijackthis\HijackThis.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Chinese Simplified Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-900000000003}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nero 9 Lite-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.0-->MsiExec.exe /I{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
SolidWorks eDrawings 2010-->MsiExec.exe /I{EA9AAB32-160B-4FC1-AF18-71F11257C574}
SolidWorks viewer-->MsiExec.exe /X{BBD2EEA1-9D2F-467B-ACC4-BCE03393B02D}
TOPO Czech 2-->MsiExec.exe /X{7668D9E4-B7FC-49C2-AF1B-C8DC4CFB0BD6}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100411-1]

======System event log======

Computer Name: UZIVATEL-9B9C16
Event Code: 7036
Message: Stav služby Služba rozpoznávání pomocí protokolu SSDP byl změněn na: Spuštěno

Record Number: 26433
Source Name: Service Control Manager
Time Written: 20100305140941.000000+060
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba rozpoznávání pomocí protokolu SSDP úspěšně odeslán.

Record Number: 26432
Source Name: Service Control Manager
Time Written: 20100305140941.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: UZIVATEL-9B9C16
Event Code: 7036
Message: Stav služby avast! Web Scanner byl změněn na: Spuštěno

Record Number: 26431
Source Name: Service Control Manager
Time Written: 20100305140941.000000+060
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 7036
Message: Stav služby Sledování umístění v síti (NLA) byl změněn na: Spuštěno

Record Number: 26430
Source Name: Service Control Manager
Time Written: 20100305140941.000000+060
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Sledování umístění v síti (NLA) úspěšně odeslán.

Record Number: 26429
Source Name: Service Control Manager
Time Written: 20100305140941.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: UZIVATEL-9B9C16
Event Code: 0
Message:
Record Number: 3223
Source Name: gupdate1c995c7b3f5ced2
Time Written: 20090713120926.000000+120
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 1
Message:
Record Number: 3222
Source Name: avg8emc
Time Written: 20090713120919.000000+120
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 0
Message:
Record Number: 3221
Source Name: gupdate1c995c7b3f5ced2
Time Written: 20090713120855.000000+120
Event Type: Informace
User:

Computer Name: UZIVATEL-9B9C16
Event Code: 1517
Message: Systém Windows uložil registr uživatele UZIVATEL-9B9C16\Kučera, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 3220
Source Name: Userenv
Time Written: 20090712205501.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: UZIVATEL-9B9C16
Event Code: 1524
Message: Systém Windows nemůže uvolnit soubor registru tříd. Tento soubor je stále používán jinými aplikacemi nebo službami. Soubor bude uvolněn, jakmile již nebude používán.

Record Number: 3219
Source Name: Userenv
Time Written: 20090712205500.000000+120
Event Type: Upozornění
User: UZIVATEL-9B9C16\Kučera

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Activation Assistant\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Kučera at 2010-04-12 11:59:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (56%) free of 28 GB
Total RAM: 1014 MB (51% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Prověřit tento počítač - Kučera.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-01 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-15 1404928]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-21 198160]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-12 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-08-20 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-23 39408]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Documents and Settings\Kučera\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="aQTUXGbSA.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fglpmcla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fglpmcla.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fglpmkervault]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fglpmkervault.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{DAE27768-D527-4e28-9395-0619B4F81D40}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2010-04-12 11:59:28 ----D---- C:\Program Files\trend micro
2010-04-12 11:59:27 ----D---- C:\rsit
2010-04-12 11:51:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-12 11:40:55 ----D---- C:\Program Files\CCleaner
2010-04-12 09:42:00 ----D---- C:\viry
2010-04-11 20:59:56 ----A---- C:\WINDOWS\system32\aQTUXGbSA.dll
2010-03-17 13:20:15 ----D---- C:\Documents and Settings\Kučera\Data aplikací\DassaultSystemes
2010-03-17 13:20:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2010-03-17 13:19:20 ----A---- C:\WINDOWS\eDrawingOfficeAutomator.INI
2010-03-17 13:19:13 ----D---- C:\Program Files\Common Files\SolidWorks Shared
2010-03-17 13:18:05 ----D---- C:\Program Files\Common Files\eDrawings2010
2010-03-10 09:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 12:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-05 10:37:26 ----D---- C:\Program Files\DVDVideoSoft
2010-03-04 19:39:25 ----D---- C:\Program Files\Conduit
2010-03-03 19:40:45 ----D---- C:\Program Files\Blaze Media Pro
2010-02-24 12:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-11 10:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 10:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 10:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 10:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 10:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 10:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 10:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 10:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-02 13:21:25 ----D---- C:\Program Files\MSXML 4.0
2010-02-01 15:26:58 ----D---- C:\Documents and Settings\Kučera\Data aplikací\Nero
2010-02-01 15:25:08 ----D---- C:\Program Files\Nero
2010-02-01 15:24:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-02-01 15:24:50 ----D---- C:\Program Files\Common Files\Nero
2010-01-13 17:54:52 ----D---- C:\Program Files\Windows Live Safety Center
2010-01-13 10:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 10:03:18 ----D---- C:\Program Files\SolidWorks Viewer

======List of files/folders modified in the last 3 months======

2010-04-12 11:59:28 ----RD---- C:\Program Files
2010-04-12 11:59:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-12 11:59:22 ----D---- C:\WINDOWS\Prefetch
2010-04-12 11:59:18 ----SD---- C:\WINDOWS\Tasks
2010-04-12 11:59:09 ----D---- C:\WINDOWS\Temp
2010-04-12 11:54:22 ----D---- C:\WINDOWS
2010-04-12 11:54:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-12 11:54:21 ----D---- C:\Program Files\Eset
2010-04-12 11:50:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-12 11:48:30 ----D---- C:\WINDOWS\Debug
2010-04-12 11:35:05 ----D---- C:\WINDOWS\system32
2010-04-12 11:35:04 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-12 08:37:33 ----D---- C:\Documents and Settings
2010-04-12 08:33:52 ----HD---- C:\WINDOWS\inf
2010-04-12 07:06:48 ----A---- C:\WINDOWS\wincmd.ini
2010-04-05 10:55:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-04-04 18:25:16 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 21:12:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 21:12:01 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-31 21:12:01 ----D---- C:\Program Files\Internet Explorer
2010-03-31 21:11:48 ----D---- C:\WINDOWS\ie7updates
2010-03-31 12:30:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 09:42:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-18 19:29:37 ----SHD---- C:\WINDOWS\Installer
2010-03-17 13:20:39 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 13:20:29 ----RSD---- C:\WINDOWS\assembly
2010-03-17 13:20:17 ----D---- C:\Documents and Settings\Kučera\Data aplikací\EDrawings
2010-03-17 13:19:13 ----D---- C:\Program Files\Common Files
2010-03-17 13:18:11 ----D---- C:\WINDOWS\WinSxS
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\wininet.dll
2010-03-11 14:36:23 ----N---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 14:36:23 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 14:36:23 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\msrating.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 14:36:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 14:36:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 14:36:21 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 14:36:21 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 14:36:21 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 14:36:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 14:36:21 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 14:36:21 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 14:36:21 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\corpol.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-10 15:17:16 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-03-10 15:17:16 ----A---- C:\WINDOWS\system32\ieudinit.exe
2010-03-10 09:37:49 ----D---- C:\Program Files\Movie Maker
2010-03-04 10:10:42 ----SD---- C:\Documents and Settings\Kučera\Data aplikací\Microsoft
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 09:03:36 ----D---- C:\Documents and Settings\Kučera\Data aplikací\ICQ
2010-02-24 11:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-23 07:18:28 ----N---- C:\WINDOWS\system32\ieakui.dll
2010-02-09 15:27:03 ----D---- C:\Program Files\Google
2010-02-01 15:24:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-23 10:11:44 ----A---- C:\WINDOWS\system32\tzchange.exe
2010-01-13 21:51:25 ----D---- C:\Data_New
2010-01-13 17:54:53 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-20 14592]
R1 uzmzmjaz;AVZ-RK Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uzmzmjaz.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-08-20 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-10 176640]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-05-23 16272]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-20 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-08-20 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-15 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-15 260352]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-08-20 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-07-19 491488]
S3 atxboxfl;atxboxfl Filter Service; C:\WINDOWS\system32\DRIVERS\atxboxfl.sys [2003-12-04 25537]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-23 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-04-24 8320]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-20 40192]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 FGSchedules;FlexGo Schedules Service; C:\Program Files\Microsoft Activation Assistant\FGUPM.exe [2008-06-09 564016]
R2 FGUPM;FlexGo UPM Service; C:\Program Files\Microsoft Activation Assistant\FGUPM.exe [2008-06-09 564016]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c995c7b3f5ced2;Služba Google Update (gupdate1c995c7b3f5ced2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S2 NMSAccess;NMSAccess; C:\Program Files\Blaze Media Pro\NMSAccess32.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-03-17 79360]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-08-20 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

jaGmann · #4 Příspěvek od **jaGmann** » 12 dub 2010 12:09

test fglpmcla.sys: 0/38
http://www.virustotal.com/cs/analisis/f ... 1271069198

test C:\WINDOWS\system32\aQTUXGbSA.dll: 8/38
http://www.virustotal.com/cs/analisis/b ... 1271070153

DVDVideoSoft by snad mel byt nejaky prevadec video formatu (PC neni moje, nemohu zodpovedne rici),
ale predpokladam, ze je tam nechtene (jiste bude plny spyware)

GMER signalizoval rootkit - zde je kratky log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-12 12:31:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KUERA~1\LOCALS~1\Temp\ufpirkoc.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\DRIVERS\fglpmcla.sys (*** hidden *** ) [MANUAL] FGLPMCLA <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\fglpmkervault.sys (*** hidden *** ) [MANUAL] FGLPMKER <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

po nastaveni plneho scanu, jak jsi radil, scan chvili bezel a pak se PC restartovalo (na druhy pokus taky)

jaGmann · #5 Příspěvek od **jaGmann** » 12 dub 2010 12:23

odinstalovano.
OK, v pohode!

jaGmann · #6 Příspěvek od **jaGmann** » 12 dub 2010 12:33

Logfile of HijackThis v1.99.1
Scan saved at 13:31:35, on 12.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Activation Assistant\FGUPM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kučera\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe,
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3577063296
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://oceanscene-lahinch.remotemanager ... Render.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.151.82.132/activex/AMC.cab
O20 - AppInit_DLLs: aQTUXGbSA.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Služba Google Update (gupdate1c995c7b3f5ced2) (gupdate1c995c7b3f5ced2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe" (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

jaGmann · #7 Příspěvek od **jaGmann** » 12 dub 2010 14:24

provedl jsem, jak pises.
nabeh systemu je uz zase celkem rychly.

Log z Combofix:
ComboFix 10-04-11.06 - Kučera 12.04.2010 15:08:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.530 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kučera\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100412-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1454471165-436374069-1644491937-1004

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 12:27 . 2010-04-12 12:27 3678127 ----a-w- C:\quarantine_b.zip
2010-04-12 09:59 . 2010-04-12 12:32 -------- d-----w- c:\program files\trend micro
2010-04-12 09:59 . 2010-04-12 09:59 -------- d-----w- C:\rsit
2010-04-12 09:40 . 2010-04-12 09:40 -------- d-----w- c:\program files\CCleaner
2010-04-12 09:32 . 2010-04-12 09:33 2075971 ----a-w- C:\quarantine.zip
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- C:\viry
2010-03-17 11:19 . 2010-03-17 11:19 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-03-17 11:18 . 2010-03-17 11:18 -------- d-----w- c:\program files\Common Files\eDrawings2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:21 . 2009-02-23 15:00 -------- d-----w- c:\program files\Google
2010-04-12 09:54 . 2009-07-13 16:52 -------- d-----w- c:\program files\Eset
2010-04-12 09:35 . 2009-10-17 17:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-28 07:42 . 2008-08-20 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 07:42 . 2008-08-20 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-11 12:36 . 2008-08-20 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-08-20 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-08-20 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-04 17:39 . 2010-03-04 17:39 -------- d-----w- c:\program files\Conduit
2010-03-04 08:14 . 2010-03-03 17:40 -------- d-----w- c:\program files\Blaze Media Pro
2010-02-24 09:16 . 2009-10-03 09:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-09-02 06:48 . 2009-09-02 06:48 98884 ----a-w- c:\program files\vc405sw.zip
2009-08-04 10:06 . 2009-08-04 10:05 2207280 ----a-w- c:\program files\tcmd704a.exe
2009-03-05 15:56 . 2009-03-05 15:56 25787976 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2009-02-24 16:46 . 2009-02-24 16:45 243185 ----a-w- c:\program files\InstallJavaTools.jar
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-20 15360]

c:\documents and settings\Kuźera\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-6 657168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2.2.2009 12:40 17968]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.9.2009 18:58 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2009 18:58 20560]
R2 FGSchedules;FlexGo Schedules Service;c:\program files\Microsoft Activation Assistant\FGUPM.exe [9.6.2008 18:50 564016]
R2 FGUPM;FlexGo UPM Service;c:\program files\Microsoft Activation Assistant\FGUPM.exe [9.6.2008 18:50 564016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 FGLPMCLA;LPM Class Device Driver;c:\windows\system32\drivers\FGLPMCLA.sys [9.6.2008 18:44 26160]
R3 FGLPMKER;Kernel-mode LPM Mini Device Driver;c:\windows\system32\drivers\FGLPMKERVAULT.sys [9.6.2008 18:44 351488]
S0 Lsi_scsi;Lsi_scsi;c:\windows\system32\drivers\lsi_scsi.sys [2.2.2009 12:39 104960]
S2 gupdate1c995c7b3f5ced2;Služba Google Update (gupdate1c995c7b3f5ced2);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 17:02 133104]
S3 atxboxfl;atxboxfl Filter Service;c:\windows\system32\drivers\atxboxfl.sys [28.4.2009 16:33 25537]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:02]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:02]

2010-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.151.82.132/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 15:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FGLPMCLA]
"ImagePath"="system32\DRIVERS\fglpmcla.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FGLPMKER]
"ImagePath"="system32\DRIVERS\fglpmkervault.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="116C40792F3AF1E7F2E9E6A02566D5D75798DAF9C0359A1A77CF17AC500FA7914E30FEB6DAB0B7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555F191E4DDC1F490DD974532349F6335A69E76F372C4921930B59DB5209D2C7F8448CB435281E68A5BCDBCFD2E2AA17BE2ED7301F8FD863F976BE6963BA7C14533E945FCF57D4C3626FA3A78603C3AE69D00D83CBF8E2C2824DA0198C565B96749EC5F86839F8314596901F57005BE61AEF46B77750BE5508696CEAA96F1678C6CF7C38B1EA7701A37F498FC6888425010FDB3B5AD5C98A51147FAED673A2051EA485BEA48A97CB024104ECA341DDE08DEE17E315C3E2F8CB9A6F4B85A003E46332E56B4EA099035A8BF31CB2671B0525EFADDD55C43965B9C05EE137159236E5A0EA7B3D1031F78F01D96267482576DF236A7C36ECE405CF844DDBB142FAD4216DE075E2EA61ABE50D515B136A5F78CA6987350321A22CF30DD7BA30E41C72E45AD6FE593D4F8433A2B8A776B823CD528359F03AFB1B5E64A5C48EF0E9FD912669B9FAB7B4538B0477196B87393D0E049B84D9850F5F8CBF1DD83FAA7B053C01DDB1BC64183D7A9B4139CE915AA64BD00E06003E39DEC16F5963652D3AD2784B1B72800A5EDD942648CC4AF79E92EED657E02E49B2F97D6C94DA837EBA44B968F0B53D74EB6C683D9EFFCE7ADC9646838F921970E888290035D691FAF783C2A47C4E981C1E42C6BBD61F2A12316C595594CED27365ABB3A5D37CA33C35DF5E08CEA8160ECD2166ADE9B1D202FEE11D3CF04DC5571A855BFB8DCE2D12EDD7DD3B615EE1221B09BE42CEA325B0B460D754544A895034E637E95E50C0C5BD7578E42EFCEE39100D135BBB02EFDD4E501410742CC911175814A9D7DE3A699FC9090CFBB00D7D7985527C56252670D6AB97088C78BA426A04BEA19E3CC1D9D52B5CFA1CBA525EFA346FBA788A2AC1A4088B05D356A5F3024E39A796A6D9B7E33D9B22009A637B92248E961C2669444ADC025C17AB0060229EF084FFA2F03B5CB949558702E2AF8640219993FA999B9CA3CE2111FEC92D22B1AD7538EC0E9A51F00C8F891AB52D71320A598453E6D8C81D6F3CFBDEFB03BFB901F5F35151A1001BA905690D2B5E12751A24AADB671B092F1D7A103CF403A418269F29260109C1E67A3E8A6991008F14A9340E56B3F0112727ED2B3E357B3F02836B0DC1EFED6F1ACAFCA9EBACD9D93C2712F6EF89FB867BF4FCFA34BBCECDA39785F618BCAAD50B5D33E593792DB05F42970DD3F14FBCEC7242ABEE5ED0F9EF497E97D2C8D75DCAF24A5CB5134DE8F219D80DB62CF4E57F94A9782591CAA309B6E5F25C49465914F28897D8FBEA7530CA10027"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-12 15:14:44
ComboFix-quarantined-files.txt 2010-04-12 13:14

Před spuštěním: Volných bajtů: 16 065 953 792
Po spuštění: Volných bajtů: 16 187 260 928

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6F91004F3F39FDAAACB7CB9E18C27EC7

ovladace to chtelo i pote instalovat - na tvou radu jsem dal odinstalovat a po restartu uz nic instalovat nechce a zadne otazniky ve Spravci nejsou.

jaGmann · #8 Příspěvek od **jaGmann** » 13 dub 2010 06:22

nevim, kde se stala chyba, ale nesouhlasi mi veci na fixnuti, co jsi psal.
Kdyz spustim C:\Program Files\trend micro\Kučera.exe, tak mi vyjede tento log (hned prvni 2 radky na fixnuti tam nejsou), radeji jsem nic nedelal:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:27, on 13.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Activation Assistant\FGUPM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\trend micro\Kučera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3577063296
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://oceanscene-lahinch.remotemanager ... Render.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.151.82.132/activex/AMC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c995c7b3f5ced2) (gupdate1c995c7b3f5ced2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 6227 bytes

Test souboru:

FGUPM.exe 0/40
http://www.virustotal.com/cs/analisis/6 ... 1271135620

FGLPMCLA.sys 0/40
http://www.virustotal.com/cs/analisis/f ... 1271135936

FGLPMKERVAULT.sys 0/40
http://www.virustotal.com/cs/analisis/1 ... 1271136027

jaGmann · #9 Příspěvek od **jaGmann** » 13 dub 2010 10:03

OK, provedeno. Zadne nekale veci nepozoruju, PC se hodne zrychlilo

zde je aktualni log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:21, on 13.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Activation Assistant\FGUPM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\trend micro\Kučera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c995c7b3f5ced2) (gupdate1c995c7b3f5ced2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5090 bytes

jaGmann · #10 Příspěvek od **jaGmann** » 13 dub 2010 11:49

po spusteni gmer v nouzaku mi vyhodi varovani o rootkitu. nedal jsem pokrtacovat plnym scanem a toto je log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-13 12:48:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KUERA~1\LOCALS~1\Temp\ufpirkoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\DRIVERS\fglpmcla.sys (*** hidden *** ) [MANUAL] FGLPMCLA <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\fglpmkervault.sys (*** hidden *** ) [MANUAL] FGLPMKER <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

jaGmann · #11 Příspěvek od **jaGmann** » 13 dub 2010 12:14

ja to pustil, uz to dobehlo:)
nakonci opet varovani na rootkit activity.
Nastaveni bylo jako jsi doporucoval pri prvnim scanu gmerem.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 13:13:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KUERA~1\LOCALS~1\Temp\ufpirkoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\DRIVERS\fglpmcla.sys (*** hidden *** ) [MANUAL] FGLPMCLA <-- ROOTKIT !!!
Service C:\WINDOWS\system32\DRIVERS\fglpmkervault.sys (*** hidden *** ) [MANUAL] FGLPMKER <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@ImagePath system32\DRIVERS\fglpmcla.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@DisplayName LPM Class Device Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA@Group Extended Base
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA\Parameters\Wdf
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA\Parameters\Wdf@KmdfLibraryVersion 1.5????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMCLA\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@ImagePath system32\DRIVERS\fglpmkervault.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@DisplayName Kernel-mode LPM Mini Device Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER@Group Extended Base
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\Bugcheck
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DeviceKeys
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DeviceKeys@EncryptionKey 0xD7 0x5C 0xA3 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DeviceKeys@AuthenticationKey 0x37 0x8F 0x6C 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DeviceKeys@HardwareId 0x5D 0xA8 0x38 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID25 0x7A 0x09 0xF3 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID4 0x59 0xFF 0xB0 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID5 0x54 0xC6 0xCE 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID6 0x6E 0x93 0x81 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID14 0xF9 0x48 0xBF 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID16 0xE6 0xCE 0xD1 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID10 0xE3 0x00 0x5F 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID25 0x7A 0x09 0xF3 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID4 0x59 0xFF 0xB0 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID5 0x54 0xC6 0xCE 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID6 0x6E 0x93 0x81 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID14 0xF9 0x48 0xBF 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID16 0xE6 0xCE 0xD1 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID10 0xE3 0x00 0x5F 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\FGLPMKER\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@Start 3
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@Tag 10
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@ImagePath system32\DRIVERS\fglpmcla.sys
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@DisplayName LPM Class Device Driver
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA@Group Extended Base
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA\Parameters\Wdf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA\Parameters\Wdf@KmdfLibraryVersion 1.5????????????
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMCLA\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@Start 3
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@Tag 9
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@ImagePath system32\DRIVERS\fglpmkervault.sys
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@DisplayName Kernel-mode LPM Mini Device Driver
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER@Group Extended Base
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\Bugcheck (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DeviceKeys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DeviceKeys@EncryptionKey 0xD7 0x5C 0xA3 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DeviceKeys@AuthenticationKey 0x37 0x8F 0x6C 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DeviceKeys@HardwareId 0x5D 0xA8 0x38 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID25 0x7A 0x09 0xF3 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID4 0x59 0xFF 0xB0 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID5 0x54 0xC6 0xCE 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID6 0x6E 0x93 0x81 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID14 0xF9 0x48 0xBF 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID16 0xE6 0xCE 0xD1 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreOne@ID10 0xE3 0x00 0x5F 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID25 0x7A 0x09 0xF3 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID4 0x59 0xFF 0xB0 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID5 0x54 0xC6 0xCE 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID6 0x6E 0x93 0x81 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID14 0xF9 0x48 0xBF 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID16 0xE6 0xCE 0xD1 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Parameters\DiscreteStoreTwo@ID10 0xE3 0x00 0x5F 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\FGLPMKER\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 116C40792F3AF1E7F2E9E6A02566D5D75798DAF9C0359A1A77CF17AC500FA7914E30FEB6DAB0B7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555F191E4DDC1F490DD974532349F6335A69E76F372C4921930B59DB5209D2C7F8448CB435281E68A5BCDBCFD2E2AA17BE2ED7301F8FD863F976BE6963BA7C14533E945FCF57D4C3626FA3A78603C3AE69D00D83CBF8E2C2824DA0198C565B96749EC5F86839F8314596901F57005BE61AEF46B77750BE5508696CEAA96F1678C6CF7C38B1EA7701A37F498FC6888425010FDB3B5AD5C98A51147FAED673A2051EA485BEA48A97CB024104ECA341DDE08DEE17E315C3E2F8CB9A6F4B85A003E46332E56B4EA099035A8BF31CB2671B0525EFADDD55C43965B9C05EE137159236E5A0EA7B3D1031F78F01D96267482576DF236A7C36ECE405CF844DDBB142FAD4216DE075E2EA61ABE50D515B136A5F78CA6987350321A22CF30DD7BA30E41C72E45AD6FE593D4F8433A2B8A776B823CD528359F03AFB1B5E64A5C48EF0E9FD912669B9FAB7B4538B0477196B87393D0E049B84D9850F5F8CBF1DD83FAA7B053C01DDB1BC64183D7A9B4139CE915AA64BD00E06003E39DEC16F5963652D3AD2784B1B72800A5EDD942648

---- EOF - GMER 1.0.15 ----

jaGmann · #12 Příspěvek od **jaGmann** » 13 dub 2010 12:44

co po me presne chces?

ted teda nevim co mam delat:)))
ale klidne bych to odbouchnul, me to nic nerika. Activation assistant pro Office to neni (a stejne Office nemam), takze nevim, kde se to tam vzalo. Nic mi to nerika...

jaGmann · #13 Příspěvek od **jaGmann** » 13 dub 2010 13:27

ja myslim, ze to muzem odbouchnout:)
zalohu registru jsem provedl, odinstaloval pomoci CCleanera, restartoval a soubory uz tam nejsou:)

jaGmann · #14 Příspěvek od **jaGmann** » 13 dub 2010 13:35

tim jsem teda myslel slozku C:\Program Files\Microsoft Activation Assistant.
ty 2 inkriminovane soubory v system32\drivers\ zustaly

gmer spusteny v normalnim rezimu win hlasi porad to same

jaGmann · #15 Příspěvek od **jaGmann** » 13 dub 2010 14:05

ComboFix 10-04-11.06 - Kučera 13.04.2010 14:52:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.552 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kučera\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kučera\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100413-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_FGLPMCLA
-------\Service_FGLPMKER

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 12:22 . 2008-06-09 16:52 70656 ----a-w- c:\windows\system32\FGLPM32.dll
2010-04-13 12:11 . 2010-04-13 12:12 -------- d-----w- c:\program files\ERUNT
2010-04-13 10:45 . 2010-04-13 10:46 -------- d-----w- c:\documents and settings\Administrator.UZIVATEL-9B9C16
2010-04-13 09:44 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-12 13:49 . 2010-04-12 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-12 12:27 . 2010-04-12 12:27 3678127 ----a-w- C:\quarantine_b.zip
2010-04-12 11:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-12 09:59 . 2010-04-13 09:02 -------- d-----w- c:\program files\trend micro
2010-04-12 09:59 . 2010-04-12 09:59 -------- d-----w- C:\rsit
2010-04-12 09:40 . 2010-04-12 09:40 -------- d-----w- c:\program files\CCleaner
2010-04-12 09:32 . 2010-04-12 09:33 2075971 ----a-w- C:\quarantine.zip
2010-04-12 07:42 . 2010-04-12 07:42 -------- d-----w- C:\viry
2010-03-17 11:19 . 2010-03-17 11:19 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-03-17 11:18 . 2010-03-17 11:18 -------- d-----w- c:\program files\Common Files\eDrawings2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:21 . 2009-02-23 15:00 -------- d-----w- c:\program files\Google
2010-04-12 09:54 . 2009-07-13 16:52 -------- d-----w- c:\program files\Eset
2010-04-12 09:35 . 2009-10-17 17:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-28 07:42 . 2008-08-20 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 07:42 . 2008-08-20 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-11 12:36 . 2008-08-20 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-08-20 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-08-20 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-04 17:39 . 2010-03-04 17:39 -------- d-----w- c:\program files\Conduit
2010-03-04 08:14 . 2010-03-03 17:40 -------- d-----w- c:\program files\Blaze Media Pro
2010-02-24 09:16 . 2009-10-03 09:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-09-02 06:48 . 2009-09-02 06:48 98884 ----a-w- c:\program files\vc405sw.zip
2009-08-04 10:06 . 2009-08-04 10:05 2207280 ----a-w- c:\program files\tcmd704a.exe
2009-03-05 15:56 . 2009-03-05 15:56 25787976 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2009-02-24 16:46 . 2009-02-24 16:45 243185 ----a-w- c:\program files\InstallJavaTools.jar
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-20 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-6 657168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2.2.2009 12:40 17968]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.9.2009 18:58 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2009 18:58 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S0 Lsi_scsi;Lsi_scsi;c:\windows\system32\drivers\lsi_scsi.sys [2.2.2009 12:39 104960]
S2 gupdate1c995c7b3f5ced2;Služba Google Update (gupdate1c995c7b3f5ced2);c:\program files\Google\Update\GoogleUpdate.exe [23.2.2009 17:02 133104]
S3 atxboxfl;atxboxfl Filter Service;c:\windows\system32\drivers\atxboxfl.sys [28.4.2009 16:33 25537]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:02]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:02]

2010-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
FF - ProfilePath - c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Kučera\Data aplikací\Mozilla\Firefox\Profiles\f8wykqjr.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 14:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="116C40792F3AF1E7F2E9E6A02566D5D75798DAF9C0359A1A77CF17AC500FA7914E30FEB6DAB0B7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555F191E4DDC1F490DD974532349F6335A69E76F372C4921930B59DB5209D2C7F8448CB435281E68A5BCDBCFD2E2AA17BE2ED7301F8FD863F976BE6963BA7C14533E945FCF57D4C3626FA3A78603C3AE69D00D83CBF8E2C2824DA0198C565B96749EC5F86839F8314596901F57005BE61AEF46B77750BE5508696CEAA96F1678C6CF7C38B1EA7701A37F498FC6888425010FDB3B5AD5C98A51147FAED673A2051EA485BEA48A97CB024104ECA341DDE08DEE17E315C3E2F8CB9A6F4B85A003E46332E56B4EA099035A8BF31CB2671B0525EFADDD55C43965B9C05EE137159236E5A0EA7B3D1031F78F01D96267482576DF236A7C36ECE405CF844DDBB142FAD4216DE075E2EA61ABE50D515B136A5F78CA6987350321A22CF30DD7BA30E41C72E45AD6FE593D4F8433A2B8A776B823CD528359F03AFB1B5E64A5C48EF0E9FD912669B9FAB7B4538B0477196B87393D0E049B84D9850F5F8CBF1DD83FAA7B053C01DDB1BC64183D7A9B4139CE915AA64BD00E06003E39DEC16F5963652D3AD2784B1B72800A5EDD942648CC4AF79E92EED657E02E49B2F97D6C94DA837EBA44B968F0B53D74EB6C683D9EFFCE7ADC9646838F921970E888290035D691FAF783C2A47C4E981C1E42C6BBD61F2A12316C595594CED27365ABB3A5D37CA33C35DF5E08CEA8160ECD2166ADE9B1D202FEE11D3CF04DC5571A855BFB8DCE2D12EDD7DD3B615EE1221B09BE42CEA325B0B460D754544A895034E637E95E50C0C5BD7578E42EFCEE39100D135BBB02EFDD4E501410742CC911175814A9D7DE3A699FC9090CFBB00D7D7985527C56252670D6AB97088C78BA426A04BEA19E3CC1D9D52B5CFA1CBA525EFA346FBA788A2AC1A4088B05D356A5F3024E39A796A6D9B7E33D9B22009A637B92248E961C2669444ADC025C17AB0060229EF084FFA2F03B5CB949558702E2AF8640219993FA999B9CA3CE2111FEC92D22B1AD7538EC0E9A51F00C8F891AB52D71320A598453E6D8C81D6F3CFBDEFB03BFB901F5F35151A1001BA905690D2B5E12751A24AADB671B092F1D7A103CF403A418269F29260109C1E67A3E8A6991008F14A9340E56B3F0112727ED2B3E357B3F02836B0DC1EFED6F1ACAFCA9EBACD9D93C2712F6EF89FB867BF4FCFA34BBCECDA39785F618BCAAD50B5D33E593792DB05F42970DD3F14FBCEC7242ABEE5ED0F9EF497E97D2C8D75DCAF24A5CB5134DE8F219D80DB62CF4E57F94A9782591CAA309B6E5F25C49465914F28897D8FBEA7530CA10027"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 15:04:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 13:04
ComboFix2.txt 2010-04-12 13:14

Před spuštěním: Volných bajtů: 19 142 262 784
Po spuštění: Volných bajtů: 19 072 671 744

- - End Of File - - 3956560D2A72E55E2F0DEFF1B085774E

VIRY.CZ

nejsou zobrazeny ikony a Start lišta

nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta

Re: nejsou zobrazeny ikony a Start lišta