VIRY.CZ

Dobrý den..
Pokoušel jsem se dát dohromady pc mé přítelkyně. Myslím, že jsem ho poměrně slušně vyčistil, zrychlil a všechno na něm funguje jak má.
Bohu-žel si nevím rady s tím, jak uložit obrázek na plochu. Googloval jsem po celém netu a nikde podobný problém neřeší.
Jedná se o OS VISTA. Ikony i lišta jsou v pohodě. Plocha je černá (nebo jeji barvu mohu změnit). Obrázek na plochu však vložit nelze.
Je vidět pouze na pár vteřin když se pc vypíná, nebo zapíná. Spořič monitoru funguje normálně.
Nevím, jestli se jedná o závadu, nebo o problém s nastavením.
Pokud znáte řešení, tak moc prosím o radu. Děkuji.

Dobrý večer

Řešení zatím neznám, ale můžu Vás poprosit o log ze Rsitu, viz můj podpis?
Třeba mě něco napadne

omlouvám se za strašlivé zpoždění. Večer bych se k tomu laptopu mohl dostat a konečně odeslat výsledek.

Nic se neděje

tak je to konečně tady...to to ale trvalo

Logfile of random's system information tool 1.08 (written by random/random)
Run by Honza at 2010-07-27 02:00:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 188 GB (63%) free of 298 GB
Total RAM: 2814 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:01:17, on 27.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Honza\Videos\Desktop\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/Act ... Client.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7881AF4-80E0-40E5-B4F0-A39ED2152E7A}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 2829 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-06-07 111928]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"CollaborationHost"=C:\Windows\system32\p2phost.exe [2008-01-21 192000]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoResolveTrack"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-27 02:00:51 ----D---- C:\Program Files\trend micro
2010-07-27 02:00:50 ----D---- C:\rsit
2010-07-23 03:33:00 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-07-23 03:07:19 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-23 03:07:18 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-23 03:06:47 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-07-23 01:08:55 ----SHD---- C:\$RECYCLE.BIN
2010-07-23 01:08:51 ----D---- C:\Windows\temp
2010-07-23 01:08:49 ----A---- C:\ComboFix.txt
2010-07-23 00:53:38 ----A---- C:\Windows\zip.exe
2010-07-23 00:53:38 ----A---- C:\Windows\SWSC.exe
2010-07-23 00:53:38 ----A---- C:\Windows\SWREG.exe
2010-07-23 00:53:38 ----A---- C:\Windows\sed.exe
2010-07-23 00:53:38 ----A---- C:\Windows\PEV.exe
2010-07-23 00:53:38 ----A---- C:\Windows\NIRCMD.exe
2010-07-23 00:53:38 ----A---- C:\Windows\MBR.exe
2010-07-23 00:53:38 ----A---- C:\Windows\grep.exe
2010-07-23 00:53:30 ----D---- C:\Windows\ERDNT
2010-07-23 00:53:29 ----D---- C:\ComboFix
2010-07-23 00:53:09 ----AD---- C:\Qoobox
2010-07-23 00:52:44 ----A---- C:\Windows\SWXCACLS.exe
2010-07-22 04:03:02 ----D---- C:\Program Files\Microsoft Security Essentials
2010-07-22 03:46:33 ----A---- C:\Windows\system32\TUProgSt.exe
2010-07-22 03:46:22 ----D---- C:\Users\Honza\AppData\Roaming\TuneUp Software
2010-07-22 03:45:57 ----D---- C:\ProgramData\TuneUp Software
2010-07-22 03:45:16 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2010-07-22 03:36:04 ----D---- C:\Program Files\The KMPlayer
2010-07-21 03:53:42 ----A---- C:\Windows\_MSRSTRT.EXE
2010-07-21 03:50:53 ----D---- C:\Users\Honza\AppData\Roaming\WinRAR
2010-07-21 03:50:12 ----D---- C:\Program Files\WinRAR
2010-07-21 03:44:39 ----D---- C:\Program Files\CCleaner
2010-07-15 03:03:32 ----A---- C:\Windows\system32\MRT.INI
2010-07-05 10:33:41 ----D---- C:\Program Files\SweetIM
2010-07-05 10:33:40 ----D---- C:\ProgramData\SweetIM
2010-07-03 14:48:59 ----D---- C:\Users\Honza\AppData\Roaming\BSplayer Pro
2010-07-03 14:48:59 ----D---- C:\Users\Honza\AppData\Roaming\BSplayer
2010-07-03 14:48:58 ----D---- C:\Program Files\Webteh
2010-06-29 20:59:53 ----D---- C:\Users\Honza\AppData\Roaming\Mozilla
2010-06-29 20:59:53 ----D---- C:\ProgramData\ICQ
2010-06-29 20:59:34 ----D---- C:\Users\Honza\AppData\Roaming\ICQ
2010-06-29 20:59:25 ----D---- C:\Program Files\ICQ7.2

======List of files/folders modified in the last 1 months======

2010-07-27 02:01:17 ----D---- C:\Windows\Prefetch
2010-07-27 02:00:51 ----RD---- C:\Program Files
2010-07-27 02:00:33 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2010-07-27 01:06:36 ----D---- C:\Windows\System32
2010-07-27 01:06:36 ----D---- C:\Windows\inf
2010-07-27 01:06:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-26 21:13:40 ----SHD---- C:\System Volume Information
2010-07-23 03:33:00 ----D---- C:\ProgramData
2010-07-23 03:07:22 ----SHD---- C:\Windows\Installer
2010-07-23 03:06:08 ----D---- C:\Windows\system32\drivers
2010-07-23 03:06:08 ----D---- C:\Windows\system32\catroot
2010-07-23 03:05:18 ----D---- C:\Windows\winsxs
2010-07-23 01:12:53 ----D---- C:\Windows
2010-07-23 01:05:29 ----A---- C:\Windows\system.ini
2010-07-23 01:05:16 ----D---- C:\Windows\system32\drivers\etc
2010-07-23 01:00:13 ----D---- C:\Windows\AppPatch
2010-07-23 01:00:11 ----D---- C:\Program Files\Common Files
2010-07-22 04:03:23 ----SD---- C:\ProgramData\Microsoft
2010-07-22 03:55:44 ----D---- C:\Windows\Tasks
2010-07-22 03:46:23 ----D---- C:\Windows\system32\Tasks
2010-07-21 03:58:16 ----RD---- C:\Program Files\Skype
2010-07-21 03:45:32 ----D---- C:\Windows\Minidump
2010-07-21 03:45:32 ----D---- C:\Windows\Debug
2010-07-21 03:32:21 ----D---- C:\DECEPRAC
2010-07-19 01:24:55 ----D---- C:\Windows\ModemLogs
2010-07-19 00:03:35 ----D---- C:\Users\Honza\AppData\Roaming\skypePM
2010-07-18 21:23:10 ----D---- C:\Windows\system32\catroot2
2010-07-15 03:03:41 ----D---- C:\Program Files\Windows Mail
2010-07-13 10:57:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-13 10:57:47 ----D---- C:\Program Files\Bethesda Softworks
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-12-22 51232]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 catchme;catchme; \??\C:\Users\Honza\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------

Poprosím o tento log, co jste už dělal
C:\ComboFix.txt
A přečtěte si varování v mém podpise

.

tak jsem se konečně zase dostal k pc.
Vyrobil jsem log z kombo fix. Když se tvořil log, tak obrázek plochy naskočil, ale po dokončení zase zmizel.

ComboFix 10-08-03.01 - Honza 04.08.2010 1:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1893 [GMT 2:00]
Spuštěný z: c:\users\Honza\Videos\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-03 23:49 . 2010-08-03 23:49 -------- d-----w- c:\users\Honza\AppData\Local\temp
2010-08-03 23:49 . 2010-08-03 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-03 23:49 . 2010-08-03 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-03 22:27 . 2010-08-03 22:29 -------- d-----w- c:\users\Honza\AppData\Roaming\Spyware Terminator
2010-08-03 22:27 . 2010-08-03 22:27 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-08-03 22:27 . 2010-08-03 22:27 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-08-03 22:27 . 2010-08-03 22:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-03 22:27 . 2010-08-03 23:33 -------- d-----w- c:\programdata\Spyware Terminator
2010-08-03 22:27 . 2010-08-03 23:33 -------- d-----w- c:\program files\Spyware Terminator
2010-07-27 00:00 . 2010-07-27 00:01 -------- d-----w- c:\program files\trend micro
2010-07-27 00:00 . 2010-07-27 00:01 -------- d-----w- C:\rsit
2010-07-23 01:33 . 2010-07-23 01:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-23 01:07 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-07-23 01:07 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-22 01:46 . 2010-07-22 01:46 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-07-22 01:46 . 2010-07-22 01:46 -------- d-----w- c:\users\Honza\AppData\Roaming\TuneUp Software
2010-07-22 01:45 . 2010-07-22 01:45 -------- d-----w- c:\programdata\TuneUp Software
2010-07-22 01:45 . 2010-07-22 01:45 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2010-07-22 01:36 . 2010-07-22 01:36 -------- d-----w- c:\program files\The KMPlayer
2010-07-21 01:53 . 2010-07-21 01:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\program files\CCleaner
2010-07-18 16:11 . 2009-05-12 06:46 212992 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2010-07-18 16:11 . 2008-12-17 02:14 32768 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2010-07-18 16:11 . 2008-04-01 09:15 20480 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2010-07-05 08:33 . 2010-07-05 08:33 -------- d-----w- c:\program files\SweetIM
2010-07-05 08:33 . 2010-07-05 08:33 -------- d-----w- c:\programdata\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 23:31 . 2009-02-14 20:56 31871 ----a-w- c:\programdata\nvModes.dat
2010-08-03 21:08 . 2010-06-22 18:44 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2010-08-03 20:25 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-03 20:25 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-03 17:51 . 2010-06-22 18:46 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2010-07-23 01:07 . 2010-07-23 01:06 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-23 01:06 . 2010-07-22 02:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-22 01:38 . 2010-07-03 12:48 -------- d-----w- c:\users\Honza\AppData\Roaming\BSplayer
2010-07-22 01:38 . 2010-07-03 12:48 -------- d-----w- c:\program files\Webteh
2010-07-21 01:58 . 2010-06-22 18:43 -------- d-----r- c:\program files\Skype
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 08:57 . 2009-04-30 18:04 -------- d-----w- c:\program files\Bethesda Softworks
2010-07-13 08:57 . 2009-01-31 14:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 23:44 . 2009-01-31 13:30 1356 ----a-w- c:\users\Honza\AppData\Local\d3d9caps.dat
2010-07-03 12:48 . 2010-07-03 12:48 -------- d-----w- c:\users\Honza\AppData\Roaming\BSplayer Pro
2010-06-29 18:59 . 2010-06-29 18:59 -------- d-----w- c:\programdata\ICQ
2010-06-26 13:01 . 2010-06-26 13:01 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-26 13:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-26 12:49 . 2010-06-26 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-26 12:48 . 2010-06-26 12:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-26 07:16 . 2009-02-14 20:56 -------- d-----w- c:\programdata\NVIDIA
2010-06-23 14:55 . 2009-01-31 13:30 49168 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 19:52 . 2010-06-22 19:52 2605008 ----a-w- c:\users\Honza\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-06-22 18:46 . 2010-06-22 18:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-22 18:44 . 2010-06-22 18:44 -------- d-----w- c:\program files\Google
2010-06-22 18:43 . 2010-06-22 18:43 -------- d-----w- c:\program files\Common Files\Skype
2010-06-22 18:43 . 2010-06-22 18:43 -------- d-----w- c:\programdata\Skype
2010-06-22 09:34 . 2010-06-22 09:34 -------- d-----w- c:\users\Honza\AppData\Roaming\Telefónica Móviles
2010-06-22 09:32 . 2010-06-22 09:32 -------- d-----w- c:\program files\O2
2010-06-01 17:37 . 2009-11-07 23:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-22 09:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-22 09:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-03 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9e,04,fd,eb,01,15,cb,01

R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-03 142592]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-22 51232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SP_RSDRV2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 01:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-08-04 01:53:02
ComboFix-quarantined-files.txt 2010-08-03 23:52
ComboFix2.txt 2010-07-22 23:08

Před spuštěním: Volných bajtů: 205 755 449 344
Po spuštění: Volných bajtů: 204 295 409 664

- - End Of File - - 91D5C9503B7FC794488636923FF3437B

Na log ještě pořádně mrknu, budu tu až večer.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Tak jsem se po delší pauze opět dostal k pc...posílám tedy log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

11.8.2010 3:47:31
mbam-log-2010-08-11 (03-47-31).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 220746
Uplynulý čas: 50 minuta(y), 39 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Folder::
c:\program files\SweetIM
c:\programdata\SweetIM

DDS::
mStart Page = hxxp://home.sweetim.com

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Otestujte na www.virustotal.com

c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Děkuji moc ..všechno provedu dle návodu. Jen se dostanu k tomu pc až v pátek večer.
Ještě jedna věc..Nevím jestli to s tím souvisí?! Nemužu nikde najít ikonu "plocha". V levo v liště není a ani nikde jinde. Také když stahnu nějaký soubor, nabídne mě kam uložit. Když ho chci uložit na plochu, tak se vždy uloží do nějaké jiné složky. Odtud ho pak teprve mužu na plochu přetahnout myší. Pc se prostě tváří, jako kdyby tam složka plocha vubec nebyla. Taky mě napadlo, zda by pomohlo přenést tu ikonu flash discem z mého pc, ale moc tomu nevěřim. Stejně musim počkat do pátku.

Zkusím něco vykoumat

log je zde, ještě jdu na ten virus total.
ComboFix 10-08-03.01 - Honza 14.08.2010 1:30.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1623 [GMT 2:00]
Spuštěný z: c:\users\Honza\Videos\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Videos\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\programdata\SweetIM
c:\programdata\SweetIM\Messenger\conf\adapter.xml
c:\programdata\SweetIM\Messenger\conf\autoupdate.xml
c:\programdata\SweetIM\Messenger\conf\logger.xml
c:\programdata\SweetIM\Messenger\conf\messages.xml
c:\programdata\SweetIM\Messenger\conf\sweetim.xml
c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\content_update_notification.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\emoticons_shortcut.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\lastuse_Audibles.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\lastuse_Emoticons.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\lastuse_SpecialFX.xml
c:\programdata\SweetIM\Messenger\conf\users\611006066\user_config.xml
c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml
c:\programdata\SweetIM\Messenger\data\contentdb\00000002.dat
c:\programdata\SweetIM\Messenger\data\contentdb\00010896.dat
c:\programdata\SweetIM\Messenger\data\contentdb\00010952.dat
c:\programdata\SweetIM\Messenger\data\contentdb\0002032E.dat
c:\programdata\SweetIM\Messenger\data\contentdb\000203F6.dat
c:\programdata\SweetIM\Messenger\data\contentdb\00020466.dat
c:\programdata\SweetIM\Messenger\data\contentdb\0002053B.dat
c:\programdata\SweetIM\Messenger\data\contentdb\000300D9.dat
c:\programdata\SweetIM\Messenger\data\contentdb\00030102.dat
c:\programdata\SweetIM\Messenger\data\contentdb\00080063.dat
c:\programdata\SweetIM\Messenger\data\contentdb\000800EC.dat
c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat
c:\users\Honza\AppData\Local\Temp\7ABE.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-13 do 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 23:33 . 2010-08-13 23:36 -------- d-----w- c:\users\Honza\AppData\Local\temp
2010-08-13 23:33 . 2010-08-13 23:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-13 23:33 . 2010-08-13 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 14:43 . 2010-08-13 14:43 2915944 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-08-13 14:43 . 2010-08-13 14:43 304528 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-08-13 12:22 . 2010-08-13 12:30 -------- d-----w- c:\program files\Just Cause
2010-08-11 04:45 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 04:44 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 04:44 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 04:44 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 04:44 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 04:44 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 04:44 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 00:55 . 2010-08-11 00:55 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2010-08-11 00:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 00:55 . 2010-08-11 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 00:55 . 2010-08-11 00:55 -------- d-----w- c:\programdata\Malwarebytes
2010-08-11 00:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 19:36 . 2010-08-09 19:36 -------- d--h--r- c:\users\Honza\AppData\Roaming\SecuROM
2010-08-09 19:34 . 2010-08-09 19:35 -------- d-----w- c:\programdata\Electronic Arts
2010-08-09 19:34 . 2010-08-09 19:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-09 19:33 . 2010-08-09 19:33 -------- d-----w- c:\users\Honza\AppData\Local\Adobe
2010-08-09 18:49 . 2010-08-09 18:49 -------- d-----w- c:\program files\Electronic Arts
2010-08-09 18:49 . 2010-08-09 18:49 2030 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-27 00:00 . 2010-07-27 00:01 -------- d-----w- c:\program files\trend micro
2010-07-27 00:00 . 2010-07-27 00:01 -------- d-----w- C:\rsit
2010-07-23 01:33 . 2010-07-23 01:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-23 01:07 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-07-23 01:07 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-22 01:46 . 2010-07-22 01:46 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-07-22 01:46 . 2010-07-22 01:46 -------- d-----w- c:\users\Honza\AppData\Roaming\TuneUp Software
2010-07-22 01:45 . 2010-07-22 01:45 -------- d-----w- c:\programdata\TuneUp Software
2010-07-22 01:45 . 2010-07-22 01:45 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2010-07-22 01:36 . 2010-07-22 01:36 -------- d-----w- c:\program files\The KMPlayer
2010-07-21 01:53 . 2010-07-21 01:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 23:38 . 2010-06-22 18:44 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2010-08-13 23:37 . 2010-06-22 18:46 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2010-08-13 23:35 . 2009-02-14 20:56 48175 ----a-w- c:\programdata\nvModes.dat
2010-08-13 19:02 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-13 19:02 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 02:46 . 2009-01-31 14:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 02:44 . 2009-03-30 04:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-09 19:33 . 2010-08-09 19:34 53632 ----a-w- c:\users\Honza\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-09 19:33 . 2010-08-09 19:34 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-09 18:48 . 2010-08-09 18:48 -------- d-----w- c:\users\Honza\AppData\Roaming\Leadertech
2010-07-23 01:07 . 2010-07-23 01:06 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-23 01:06 . 2010-07-22 02:03 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-22 01:38 . 2010-07-03 12:48 -------- d-----w- c:\users\Honza\AppData\Roaming\BSplayer
2010-07-22 01:38 . 2010-07-03 12:48 -------- d-----w- c:\program files\Webteh
2010-07-21 01:58 . 2010-06-22 18:43 -------- d-----r- c:\program files\Skype
2010-07-13 08:57 . 2009-04-30 18:04 -------- d-----w- c:\program files\Bethesda Softworks
2010-07-06 23:44 . 2009-01-31 13:30 1356 ----a-w- c:\users\Honza\AppData\Local\d3d9caps.dat
2010-07-03 12:48 . 2010-07-03 12:48 -------- d-----w- c:\users\Honza\AppData\Roaming\BSplayer Pro
2010-06-29 18:59 . 2010-06-29 18:59 -------- d-----w- c:\programdata\ICQ
2010-06-26 13:01 . 2010-06-26 13:01 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-26 13:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-26 12:49 . 2010-06-26 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-26 12:48 . 2010-06-26 12:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-26 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-26 07:16 . 2009-02-14 20:56 -------- d-----w- c:\programdata\NVIDIA
2010-06-26 06:05 . 2010-08-11 04:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 04:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 04:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 04:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 14:55 . 2009-01-31 13:30 49168 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 19:52 . 2010-06-22 19:52 2605008 ----a-w- c:\users\Honza\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-06-22 18:46 . 2010-06-22 18:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-22 18:44 . 2010-06-22 18:44 -------- d-----w- c:\program files\Google
2010-06-22 18:43 . 2010-06-22 18:43 -------- d-----w- c:\program files\Common Files\Skype
2010-06-22 18:43 . 2010-06-22 18:43 -------- d-----w- c:\programdata\Skype
2010-06-22 09:34 . 2010-06-22 09:34 -------- d-----w- c:\users\Honza\AppData\Roaming\Telefónica Móviles
2010-06-22 09:32 . 2010-06-22 09:32 -------- d-----w- c:\program files\O2
2010-06-21 13:37 . 2010-08-11 04:46 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-11 04:46 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-01 17:37 . 2009-11-07 23:55 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 20:08 . 2010-08-11 04:46 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-22 09:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-22 09:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9e,04,fd,eb,01,15,cb,01

R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-08-13 2915944]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-22 51232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 01:36
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2291515259-1860780186-4230215190-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,ac,c1,24,bb,f0,c3,91,64,62,a1,0a,58,35,18,bd,c9,6d,5c,12,57,
26,fa,d9,54,87,f7,4e,d1,56,d2,c7,48,29,0d,e6,e9,2d,5d,a7,a6,12,0b,bc,40,c7,\
"rkeysecu"=hex:22,60,c7,9f,9d,02,e4,7b,b2,08,46,41,dd,4d,64,5a
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-08-14 01:43:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-13 23:43
ComboFix2.txt 2010-08-03 23:53
ComboFix3.txt 2010-07-22 23:08

Před spuštěním: Volných bajtů: 233 003 708 416
Po spuštění: Volných bajtů: 232 995 577 856

- - End Of File - - 6209D68AFD2F89794541495DDEDE273C

Tohle by měla být cesta na plochu?
c:\users\Honza\Videos\Desktop\

Jo super, našli jste složku Plocha. Nevim co dělá tady?
Zřejmě se jim povedlo přesunout plochu do videí. Nechápu, že to systém dovolil.
Myslím, že umístění má vypadat takto:
c:\users\Honza\Desktop\
Pokoušel jsem se ji přesunout, ale hlásí mě to že narušim systém. I tak jsem to zkusil a zmizelo mě uplně všechno z plochy. Pak už pomohlo pouze obnovení systému ze zálohy.
Tak nevím jak s tou složkou naložit, aby pracovala jak má. Pokud Vás něco napadne, tak budu radostí bez sebe. Začínám nenávidět vistu. 'Díky a pěkný den.

VIRY.CZ

zmizela plocha

zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha

Re: zmizela plocha