VIRY.CZ

haaa, ty máš FF přímo na ploše (tam mají být pouze zástupci - větší soubory na ploše zpomalují start OS)

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

:regfind
searchfunmoods.com

Klik na "Look" a po scanu sem zkopíruj výsledek hledání

system look nic nenašel not found

zajímalo by mě kde se to může válet v systému

co combofix?

nahazuju výsledek z combofixu

ComboFix 13-06-30.01 - siver 30.06.2013 21:31:26.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2456 [GMT 2:00]
Spuštěný z: c:\documents and settings\siver\Dokumenty\Downloads\ComboFix.exe
AV: TrustPort Antivirus *Enabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\49181df629359cac.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9e11d9d6fc9dd4be.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\ddcf18c2ce2832ec.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-30 )))))))))))))))))))))))))))))))
.
.
2013-06-30 18:51 . 2013-06-30 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2013-06-30 18:51 . 2013-06-30 18:51 -------- d-----w- c:\documents and settings\siver\Data aplikací\Spyware Terminator
2013-06-30 18:50 . 2013-06-30 18:51 -------- d-----w- c:\program files\Spyware Terminator
2013-06-30 18:23 . 2013-06-30 18:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Max Secure
2013-06-30 18:16 . 2013-06-30 18:16 -------- d-----w- c:\documents and settings\siver\Local Settings\Data aplikací\Max Secure Software
2013-06-30 18:15 . 2013-06-30 18:16 -------- d-----w- c:\documents and settings\siver\Data aplikací\GetRightToGo
2013-06-30 18:15 . 2013-06-30 18:15 368256 ------w- C:\Download_MaxDownloadMgrtrial (1).exe
2013-06-30 18:11 . 2013-06-30 18:11 139264 ----a-w- C:\SystemLook.exe
2013-06-30 11:24 . 2013-06-30 11:24 -------- d-----w- c:\windows\ERUNT
2013-06-30 11:24 . 2013-06-30 11:24 -------- d-----w- C:\JRT
2013-06-29 17:37 . 2013-06-29 17:37 -------- d-----w- c:\documents and settings\siver\Data aplikací\Malwarebytes
2013-06-29 17:37 . 2013-06-29 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-06-29 17:36 . 2013-06-29 17:36 10285040 ----a-w- C:\mbam-setup-1.75.0.1300.exe
2013-06-29 12:31 . 2013-05-03 14:46 27648 ----a-w- c:\windows\system32\tpnative.exe
2013-06-29 12:31 . 2013-05-03 14:44 38128 ----a-w- c:\windows\system32\drivers\avasdmft.sys
2013-06-29 12:31 . 2013-05-03 14:45 202640 ----a-w- c:\windows\system32\avinspect.dll
2013-06-29 12:31 . 2013-05-03 14:44 33520 ----a-w- c:\windows\system32\drivers\tpdevflt.sys
2013-06-29 12:31 . 2013-06-29 12:32 -------- d-----w- c:\program files\TrustPort
2013-06-29 12:08 . 2013-06-29 12:30 -------- d-----w- c:\program files\TrustPort Antivirus
2013-06-29 12:08 . 2013-05-03 14:45 46688 ----a-w- c:\windows\system32\drivers\tpsec.sys
2013-06-25 21:24 . 2013-06-26 20:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-06-24 17:20 . 2013-06-29 13:10 -------- d-----w- C:\filmy
2013-06-01 15:46 . 2013-06-01 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2013-06-01 15:46 . 2013-06-01 15:47 -------- d-----w- c:\documents and settings\siver\Local Settings\Data aplikací\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-30 16:20 . 2013-06-30 16:16 782315341 ----a-w- C:\Redem.2013.AQOS.zip
2013-06-01 15:46 . 2012-07-20 15:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 15:46 . 2011-07-02 11:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-17 14:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-17 14:49 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-17 14:49 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2001-10-25 12:00 . 7ED4531538DC4E894A402C2FEE7B6E1F . 806912 . . [2001.12.4414.42] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-17 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-17 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-17 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2002-09-20 . D12F83B2037A01BB97A97F3EA54DD71F . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-17 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-17 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-17 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-17 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2004-08-17 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-17 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2004-08-17 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2004-08-17 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2002-09-20 . CACBD69B163C20EF7D56593C28783F8D . 135680 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2004-08-17 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2004-08-17 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2004-08-17 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2002-09-20 . 6029A062E9D2E3CD3F99C5102A7A690C . 1169920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-17 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2004-08-17 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2004-08-17 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2002-09-20 . A4E561F6BCA8F33213AEA95400A4BB85 . 241664 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-17 . 4D81C816786CF0C9EAFB2E8CB1728602 . 2220160 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-17 . 4D81C816786CF0C9EAFB2E8CB1728602 . 2220160 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
[-] 2002-09-20 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2004-08-17 . F4DB1A37131E852B2069615B9534BAC3 . 102912 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2002-09-20 . 64648D2C0606543B795103FFF6BF30A7 . 91136 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-17 . 400FFE8B2F1EC725B9107488A9E0FA60 . 2344320 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-17 . 400FFE8B2F1EC725B9107488A9E0FA60 . 2344320 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
[-] 2002-09-20 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"C-Media Mixer"="Mixer.exe" [2002-01-29 1228800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2010-07-04 325046]
"AntivirusCommunicatorAgent"="c:\program files\TrustPort\Antivirus\bin\avcom.exe" [2013-05-03 926448]
"TrustPortTray"="c:\program files\Common Files\TrustPort\Bin\tptray.exe" [2013-05-03 1061616]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 40448]
.
c:\documents and settings\Ivča\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\siver\Nabídka Start\Programy\Po spuštění\
Zástupce - RKLauncher.lnk - d:\programy\RK\RKLauncher.exe [2007-1-19 368640]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-7 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avinspect.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\programy\\qip infium\\infium.exe"=
"d:\\programy\\strong\\StrongDC.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1.10.2011 15:46 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1.10.2011 15:46 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1.10.2011 15:46 656320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18.3.2011 20:11 218688]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [10.7.2012 16:28 32768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [7.2.2011 20:17 10384]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [30.6.2013 20:51 587912]
R2 tpmgma_service;TrustPort Core Service;c:\program files\Common Files\TrustPort\bin\tpmgma.exe [29.6.2013 14:31 499280]
R2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [29.6.2013 14:08 46688]
R3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [29.6.2013 14:31 885488]
R3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\drivers\avasdmft.sys [29.6.2013 14:31 38128]
R3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [29.6.2013 14:31 316144]
S3 dsio;TrustPort Raw IO Driver;c:\program files\Common Files\TrustPort\bin\dsio.sys [29.6.2013 14:31 17136]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\drivers\gnct511.sys [8.4.2012 15:31 229376]
S3 SS_ACdrv;SeeStorm;c:\windows\system32\DRIVERS\ss_acdrv.sys --> c:\windows\system32\DRIVERS\ss_acdrv.sys [?]
S3 tpavdrw_service;TrustPort Antivirus DrWeb scanner service;"c:\program files\TrustPort Antivirus\engines\drweb\dwengine.exe" -rpcpr:lpc -rpcep:tpav_drweb_rpc -name:tpavdrw_service --> c:\program files\TrustPort Antivirus\engines\drweb\dwengine.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-29 13:55 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 15:46]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce50dec8e2d516.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 12:52]
.
2013-06-29 c:\windows\Tasks\TrustPort Updater.job
- c:\program files\Common Files\TrustPort\bin\tpupdate.exe [2013-06-29 14:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\siver\Data aplikací\Mozilla\Firefox\Profiles\yqjdzmbp.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-30 21:56
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tpavdrw_service]
"ImagePath"="\"c:\program files\TrustPort Antivirus\engines\drweb\dwengine.exe\" -rpcpr:lpc -rpcep:tpav_drweb_rpc -name:tpavdrw_service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(1176)
d:\programy\RK\RKLauncher.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\Mixer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2013-06-30 21:59:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-30 19:59
.
Před spuštěním: Volných bajtů: 80 301 719 552
Po spuštění: Volných bajtů: 80 647 217 152
.
- - End Of File - - 89C821C261BEC68E595EBBE23801B642
413FC2A0C716421B3158746D63736515

Chlape, děláš mi v tom hokej - v průběhu léčení měníš a instaluješ zabezpečení což je důrazně nedoporučeno

Použiješ o své vůli ComboFix - taky porušení licenčních podmínek

- taky ho nenašel

Stáhni http://www.viry.cz/forum/viewtopic.php?f=29&t=58179/
Návod http://img32.imageshack.us/img32/7604/93809819.gif

Bez odezvy

VIRY.CZ

prosím o pomoc

Re: prosím o pomoc

Re: prosím o pomoc

Re: prosím o pomoc

Re: prosím o pomoc

Re: prosím o pomoc