prosim o kontrolu logu

Zpráva

kyky66 · #1 Příspěvek od **kyky66** » 22 lis 2010 19:06

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:27, on 22.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ATKHOT~1\Hcontrol.exe
C:\PROGRA~1\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe
C:\PROGRA~1\ASUS\ATKMED~1\DMEDIA.EXE
C:\WINDOWS\system32\ASUSTPE.exe
C:\WINDOWS\system32\System
C:\PROGRA~1\ASUS\POWER4~1\BATTER~1.EXE
C:\PROGRA~1\ASUS\Splendid\ACMON.exe
C:\PROGRA~1\P4P\P4P.exe
C:\WINDOWS\ASScrPro.exe
C:\PROGRA~1\D-Tools\daemon.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\PROGRA~1\HP\HPSOFT~1\HPWUSC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\1ybb7ymi.exe
C:\PROGRA~1\ATKHOT~1\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\qtplugin.exe
C:\WINDOWS\system32\qtwm.exe
C:\PROGRA~1\ATKHOT~1\KBFiltr.exe
C:\PROGRA~1\ATKHOT~1\WDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\qtwm.exe
C:\PROGRA~1\ASUS\ASUSMU~1\MULTIF~1.EXE
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\PROGRA~1\COMMON~1\Ahead\Lib\NMBGMO~1.EXE
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\ccc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\DOCUME~1\Richard\Plocha\netik\HIJACK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe ftoe.rho linqrp
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: (no name) - {D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315} - C:\WINDOWS\system32\clbcate.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1ybb7ymi] C:\WINDOWS\system32\1ybb7ymi.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RegistryWm] C:\WINDOWS\system32\qtwm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1ybb7ymi] C:\WINDOWS\system32\1ybb7ymi.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1659004503-764733703-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'MAMČA')
O4 - HKUS\S-1-5-21-1659004503-764733703-682003330-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'MAMČA')
O4 - HKUS\S-1-5-21-1659004503-764733703-682003330-1004\..\Run: [1ybb7ymi] C:\WINDOWS\system32\1ybb7ymi.exe (User 'MAMČA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1659004503-764733703-682003330-1004 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'MAMČA')
O4 - S-1-5-21-1659004503-764733703-682003330-1004 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'MAMČA')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Richard\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11183 bytes

#2 Příspěvek od **vyosek** » 22 lis 2010 19:09

Zdravim a pekny vecer preji

Vy tam mate ale nastlano

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam - po ukonceni leceni, tam dame neco lepcejsiho

Dejte log z RSIT - je podrobnejsi nez HJT

kyky66 · #3 Příspěvek od **kyky66** » 23 lis 2010 21:09

info.txt logfile of random's system information tool 1.08 2010-11-23 20:51:03

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 8.2.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Ancient Sudoku-->"C:\Program Files\Ancient Sudoku\ReflexiveArcade\unins000.exe"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.EXE" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.EXE" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\setup.EXE -runfromtemp -l0x0009 -removeonly
ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\setup.EXE" -l0x9
Asus_Camera_ScreenSaver-->"C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe"
Atheros Communications Inc.(R) L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\SETUP.EXE" -l0x9 -removeonly
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0005 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.exe" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
ConvertXtoDVD 2.1.8.193-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivxToDVD 0.5.0-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
ENCYKLOPEDIE VĚDY-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE27DAAC-8AEA-4B86-8C23-4CF1BB44D34D}\Setup.exe" -l0x5
Free Audio CD Burner version 1.4-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.9-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Hero Editor V0.90 (C:\Program Files\Hero Editor\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
Hero Editor V0.90-->C:\WINDOWS\st6unst.exe -n "C:\Documents and Settings\Richard\Plocha\hero edi\a\ST6UNST.LOG"
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.000"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Little Fighter 2 Toolbar-->"C:\WINDOWS\Little_Fighter_2_Toolbar_Uninstaller_4281.exe" _?=C:\Program Files\Little Fighter 2 Toolbar
Little Fighter 2 v1.9-->C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.EXE" -l0x9
Nero 7 Essentials-->MsiExec.exe /X{D98C0C51-F9BB-4EE4-B791-22BF6EE31029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}
P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.EXE -runfromtemp -l0x0009 -removeonly
Power4 Gear-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.EXE" -l0x9
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x5 -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.EXE" -l0x9 -removeonly
Scorpions WinCheater-->"C:\Program Files\Scorpions WinCheater\unins000.exe"
Scorpions WinCheater-->"C:\Program Files\vso\Scorpions WinCheater\unins000.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Sven Břmwřllen DL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5C4DE6-101B-11D6-986D-00500443CF9F}\Setup.exe" -l0x7
SweetIM Toolbar for Internet Explorer 3.6-->MsiExec.exe /X{31CF6C0E-51F0-41D2-B088-A6A143C4303C}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TC PowerPack 1.7-->C:\Program Files\TC PowerPack\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer1431\uninstall.exe"
TmNationsForever Update 2010-03-15-->"C:\Program Files\TmNationsForever\unins000.exe"
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
Trials 2-->MsiExec.exe /I{E4FF6799-9D72-4940-A75A-6B54628062E7}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
USB2.0 1.3M WebCam-->C:\WINDOWS\StkUnist.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.EXE" -l0x9
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouTube Downloader 2.5-->"C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"

======System event log======

Computer Name: DOMA-B61C96515F
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Pml Driver HPZ12 úspěšně odeslán.

Record Number: 52134
Source Name: Service Control Manager
Time Written: 20090802172104.000000+120
Event Type: Informace
User: DOMA-B61C96515F\Richard

Computer Name: DOMA-B61C96515F
Event Code: 26
Message: Místní nabídka aplikace: Kritický stav baterie : Ihned vyměňte baterie nebo použijte napájení ze sítě. Pokud tak neučiníte, můžete ztratit neuloženou práci.

Record Number: 52133
Source Name: Application Popup
Time Written: 20330513082152.000000+120
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 26
Message: Místní nabídka aplikace: Baterie jsou téměř vybité : Ihned vyměňte baterie nebo použijte napájení ze sítě. Pokud tak neučiníte, můžete ztratit neuloženou práci.

Record Number: 52132
Source Name: Application Popup
Time Written: 20330513082152.000000+120
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 26
Message: Místní nabídka aplikace: 16bitový podsystém MS-DOS : Jazz Jackrabbit
X#=0D, CS=01B7 IP=0000143C. NTVDM CPU zjistil nezpracovatelnou výjimku. Vybráním příkazu Zavřít ukončíte aplikaci.

Record Number: 52131
Source Name: Application Popup
Time Written: 20330513082152.000000+120
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 26
Message: Místní nabídka aplikace: 16bitový podsystém MS-DOS : Jazz Jackrabbit
X#=0D, CS=01B7 IP=0000143C. NTVDM CPU zjistil nezpracovatelnou výjimku. Vybráním příkazu Zavřít ukončíte aplikaci.

Record Number: 52130
Source Name: Application Popup
Time Written: 20330513082152.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: DOMA-B61C96515F
Event Code: 0
Message:
Record Number: 3594
Source Name: TOSHIBA Bluetooth Service
Time Written: 20100217064330.000000+060
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 3593
Source Name: LoadPerf
Time Written: 20100216151243.000000+060
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny.
Data záznamu obsahují nové hodnoty položek Last Counter a
Last Help systémového registru.

Record Number: 3592
Source Name: LoadPerf
Time Written: 20100216151243.000000+060
Event Type: Informace
User:

Computer Name: DOMA-B61C96515F
Event Code: 1002
Message: Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2900.2180, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Record Number: 3591
Source Name: Application Hang
Time Written: 20100216151037.000000+060
Event Type: Chyba
User:

Computer Name: DOMA-B61C96515F
Event Code: 1002
Message: Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2900.2180, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Record Number: 3590
Source Name: Application Hang
Time Written: 20100216150701.000000+060
Event Type: Chyba
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 23 lis 2010 21:24

Jeste poprosim o druhy log z RSIT s nazvem log.txt, je ulozen v c:\rsit

kyky66 · #5 Příspěvek od **kyky66** » 23 lis 2010 21:44

Richard
Doma
5C84-0010-8011-0000-3027-8970-****

Windows XP 5.1
IA32
WinAspi: -

NT-SPTI used
Nero Version: 7.9.6.0
Internal Version: 7, 9, 6, 0
(Nero Express)
Recorder: <MATSHITA DVD-RAM UJ-860S>Version: 1.00 - HA 1 TA 0 - 7.9.6.0
Adapter driver: <IDE> HA 1
Drive buffer : 2048kB
Bus Type : via Inquiry data (1) -> ATAPI, detected: ?
Connected to MMC as unknown drive with class-nr : 1
Drive is autodetected - recorder class: Std. MMC recorder
CD-ROM: <Generic DVD-ROM >Version: 1.0 - HA 1 TA 1 - 7.9.6.0
Adapter driver: <SCSI> HA 1

=== Scsi-Device-Map ===
DiskPeripheral : ST9160821AS atapi Port 0 ID 0 DMA: On
CdRomPeripheral : MATSHITA DVD-RAM UJ-860S atapi Port 3 ID 0 DMA: On
CdRomPeripheral : Generic DVD-ROM 1.0 d347prt Port 4 ID 0 DMA: Off

=== CDRom-Device-Map ===
Generic DVD-ROM D: CdRom1
MATSHITA DVD-RAM UJ-860S E: CdRom0
=======================

AutoRun : 1
Excluded drive IDs:
WriteBufferSize: 83886080 (0) Byte
BUFE : 0
Physical memory : 1919MB (1965228kB)
Free physical memory: 1344MB (1376344kB)
Memory in use : 29 %
Uncached PFiles: 0x0
Use Inquiry : 1
Global Bus Type: default (0)
Check supported media : Disabled (0)

10.3.2009
ISO kompilace
10:41:58 #1 Text 0 File SCSIPTICommands.cpp, Line 424
LockMCN - completed sucessfully for IOCTL_STORAGE_MCN_CONTROL

10:41:58 #2 Text 0 File Isodoc.cpp, Line 6663
Iso document burn settings
------------------------------------------
Determine maximum speed : FALSE
Simulate : FALSE
Write : TRUE
Finalize CD : TRUE
Multisession : FALSE
Burning mode : DAO
Mode : 1
ISO Level : 1 (Max. of 11 = 8 + 3 char)
Character set : ISO 9660
Joliet : TRUE
Allow pathdepth more than 8 directories : TRUE
Allow more than 255 characters in path : TRUE
Write ISO9660 ;1 file extensions : TRUE

10:41:58 #3 ISO9660GEN -11 File Geniso.cpp, Line 3343
First writeable address = 0 (0x00000000)

10:41:58 #4 Text 0 File Burncd.cpp, Line 3508
Turn on Disc-At-Once, using DVD media

10:41:58 #5 Text 0 File DlgWaitCD.cpp, Line 307
Last possible write address on media: 2295103 (510:01.28, 4482MB)
Last address to be written: 181471 ( 40:19.46, 354MB)

10:41:58 #6 Text 0 File DlgWaitCD.cpp, Line 319
Write in overburning mode: NO (enabled: CD)

10:41:58 #7 Text 0 File DlgWaitCD.cpp, Line 2964
Recorder: MATSHITA DVD-RAM UJ-860S, Media type: DVD+R
Disc Manufacturer ID: MCC, Media Type ID: 004, Product revision number: 0
Disc Application Code: 0, Extended Information Indicators: 7

10:41:58 #8 Text 0 File DlgWaitCD.cpp, Line 493
>>> Protocol of DlgWaitCD activities: <<<
=========================================

10:41:58 #9 Text 0 File ThreadedTransferInterface.cpp, Line 793
Setup items (after recorder preparation)
0: TRM_DATA_MODE1 ()
2 indices, index0 (150) not provided
original disc pos #0 + 181472 (181472) = #181472/40:19.47
relocatable, disc pos for caching/writing not required/ required
-> TRM_DATA_MODE1, 2048, config 0, wanted index0 0 blocks, length 181472 blocks [E: MATSHITA DVD-RAM UJ-860S]
--------------------------------------------------------------

10:41:58 #10 Text 0 File ThreadedTransferInterface.cpp, Line 995
Prepare [E: MATSHITA DVD-RAM UJ-860S] for write in CUE-sheet-DAO
DAO infos:
==========
MCN: ""
TOCType: 0x00; Session Closed, disc fixated
Tracks 1 to 1: Idx 0 Idx 1 Next Trk
1: TRM_DATA_MODE1, 2048/0x00, FilePos 0 0 371654656, ISRC ""
DAO layout:
===========
___Start_|____Track_|_Idx_|_CtrlAdr_|_____Size_|______NWA_|_RecDep__________
0 | lead-in | 0 | 0x41 | 0 | 0 | 0x00
0 | 1 | 0 | 0x41 | 0 | 0 | 0x00
0 | 1 | 1 | 0x41 | 181472 | 0 | 0x00
181472 | lead-out | 1 | 0x41 | 0 | 0 | 0x00

10:41:58 #11 Text 0 File SCSIPTICommands.cpp, Line 215
SPTILockVolume - completed successfully for FSCTL_LOCK_VOLUME

10:41:58 #12 Text 0 File Burncd.cpp, Line 4294
Caching options: cache CDRom or Network-Yes, small files-Yes (<64KB)

10:41:58 #13 Phase 24 File dlgbrnst.cpp, Line 1762
Caching of files started

10:41:58 #14 Text 0 File Burncd.cpp, Line 4413
Cache writing successful.

10:41:58 #15 Phase 25 File dlgbrnst.cpp, Line 1762
Caching of files completed

10:41:58 #16 Phase 36 File dlgbrnst.cpp, Line 1762
Burn process started at 8x (11 080 kB/s)

10:41:59 #17 Text 0 File ThreadedTransferInterface.cpp, Line 2721
Verifying disc position of item 0 (relocatable, disc pos, no patch infos, orig at #0): write at #0

10:41:59 #18 Text 0 File Cdrdrv.cpp, Line 9872
---- Disc Structure: Physical Format Information (00h) ----
Media Type: 0, Layer: 0, Address: 0 (0 h), AGID: 0; Length: 2050
Book Type: DVD+R (10), Part Version: 1.0x (1)
Disc Size: 120 mm, Maximum Rate: <not specified> (F h)
Number of Layers: 1, Track Path: Parallel Track Path (PTP), Layer Type: recordable
Linear Density: 0,267 um/bit, Track Density: 0,74 um/track
Starting Physical Sector Number of Data Area: 30000 h (DVD-ROM, DVD-R/-RW, DVD+R/+RW)
End Sector Number in Layer 0: 0 h (LBN: FFFD0000 h, 4193920 MB)
Data in Burst Cutting Area (BCA) does not exist
Disc Application Code: 0 / 0 h
Extended Information indicators: 7 h
Disc Manufacturer ID: MCC.....
Media type ID: 004
Product revision number: 0
Number of Physical format information bytes in use in ADIP up to byte 63: 56
Media Specific [16..63]:
00 00 07 4D 43 43 00 00 - 00 00 00 30 30 34 00 38 ...MCC.....004.8
23 54 37 12 02 54 6C 02 - 92 5F 15 15 0B 0B 08 08 #T7..Tl.._......
01 19 1B 0C 0C 0C 0D 01 - 00 00 00 00 00 00 00 00 ................

10:41:59 #19 SPTI -1066 File SCSIPassThrough.cpp, Line 179
CdRom0: SCSIStatus(x02) WinError(0) NeroError(-1066)
Sense Key: 0x05 (KEY_ILLEGAL_REQUEST)
Sense Code: 0x24
Sense Qual: 0x00
CDB Data: 0xAC 00 00 00 00 00 00 00 00 64 00 00
Sense Area: 0x70 00 05 00 00 00 00 0A 00 00 00 00 24
Buffer x06351a00: Len x648

10:41:59 #20 Text 0 File DVDPlusRW.cpp, Line 675
Start write address at LBA 0
DVD high compatibility mode: No

10:41:59 #21 Text 0 File ThreadedTransfer.cpp, Line 269
Pipe memory size 83836800

10:43:31 #22 Text 0 File WriterStatus.cpp, Line 113
<E: MATSHITA DVD-RAM UJ-860S> start writing Lead-Out at LBA 181472 (2C4E0h), length 0 blocks

10:43:52 #23 Text 0 File DVDPlusRW.cpp, Line 935
EndDAO: Last written address 181472

10:43:52 #24 Phase 37 File dlgbrnst.cpp, Line 1762
Burn process completed successfully at 8x (11 080 kB/s)

10:43:53 #25 Text 0 File SCSIPTICommands.cpp, Line 261
SPTIDismountVolume - completed successfully for FSCTL_DISMOUNT_VOLUME

10:43:57 #26 Text 0 File Cdrdrv.cpp, Line 11185
DriveLocker: UnLockVolume completed

10:43:57 #27 Text 0 File SCSIPTICommands.cpp, Line 424
UnLockMCN - completed sucessfully for IOCTL_STORAGE_MCN_CONTROL

Existing drivers:

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)

#6 Příspěvek od **vyosek** » 24 lis 2010 06:30

To je prosim z ceho log

Ve slozce c:\rsit by mel byt log s nazvem log.txt ten sem vlozte - pripadne navod jak se k nemu dostat je v mem podpise, kdyz kliknete na RSIT - to prvni co jste dal je log s nazvem info.txt, ja chci ten druhej

kyky66 · #7 Příspěvek od **kyky66** » 24 lis 2010 10:13

Dobry den,
omlouvam se ja pomaham kamaradovi s tou kontrolou nebot on s pocitacem vubec neumi delat teda predtim tam nemel zadnej antivir a tak tak jsem mu poradila s tim sbybotem to bylo takove to jedine co me napadlo v tu chvili ... jinak ten tag tak to mi tvrdil ze to je v te slozce bo me se to taky zdalo nejake divne tak zajedu za nim a udem mu to ale az tak o vikendu teda pokud to nejakym zazrakem neudela sam.... jinak ten jeho pocitac mu hlasi jakesik hlasky kdyz chce rozkliknout jakoukoliv slozku a furt se mu vypojuje net ci co...vsak to poresime az vam tady dam ten jeho tag
Takze predem dekuji za trpelivost

#8 Příspěvek od **vyosek** » 24 lis 2010 19:46

OK, o vikendu tu budu taky nebojte

kyky66 · #9 Příspěvek od **kyky66** » 29 lis 2010 19:30

Logfile of random's system information tool 1.08 (written by random/random)
Run by Richard at 2010-11-29 17:46:49
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (6%) free of 153 GB
Total RAM: 1919 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:46:56, on 29.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4P\P4P.exe
C:\WINDOWS\system32\System
C:\WINDOWS\ASScrPro.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\1ybb7ymi.exe
C:\WINDOWS\system32\qtplugin.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\qtwm.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\qtwm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Richard\Plocha\netik\RSIT.exe
C:\Program Files\trend micro\Richard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: (no name) - {D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315} - C:\WINDOWS\system32\clbcate.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1ybb7ymi] C:\WINDOWS\system32\1ybb7ymi.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RegistryWm] C:\WINDOWS\system32\qtwm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [1ybb7ymi] C:\WINDOWS\system32\1ybb7ymi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Richard\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{0302C5F1-AC58-4531-AB06-8205C2AA942F}: NameServer = 192.168.0.1,192.168.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamìti kategorií souèástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315}]
C:\WINDOWS\system32\clbcate.dll [2010-10-24 121344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]
"ASUSTPE"=C:\WINDOWS\system32\ASUSTPE.exe [2007-01-16 106496]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-07-19 778240]
"ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2008-04-05 37232]
"ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2008-04-05 33136]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"1ybb7ymi"=C:\WINDOWS\system32\1ybb7ymi.exe [2000-09-16 5120]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-10-24 548352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"RegistryWm"=C:\WINDOWS\system32\qtwm.exe [2010-08-01 508156]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"MultiFrame"=C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-06-21 999792]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"1ybb7ymi"=C:\WINDOWS\system32\1ybb7ymi.exe [2000-09-16 5120]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštìní
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Richard\Nabídka Start\Programy\Po spuštìní
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\1ybb7ymi.exe"="C:\WINDOWS\system32\1ybb7ymi.exe:*:Enabled:1ybb7ymi"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-23 20:50:48 ----D---- C:\rsit
2010-11-23 20:50:48 ----D---- C:\Program Files\trend micro
2010-11-22 18:39:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-22 18:39:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-14 18:32:51 ----D---- C:\Program Files\ConduitEngine
2010-11-14 18:32:51 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp

======List of files/folders modified in the last 1 months======

2010-11-29 17:46:55 ----D---- C:\WINDOWS\Prefetch
2010-11-29 17:42:46 ----D---- C:\WINDOWS\system32
2010-11-29 17:42:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-29 17:41:50 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-29 17:39:55 ----D---- C:\WINDOWS\Temp
2010-11-29 17:38:49 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-11-29 15:54:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-23 20:50:48 ----RD---- C:\Program Files
2010-11-23 20:43:23 ----D---- C:\Documents and Settings\Richard\Data aplikací\ICQ
2010-11-21 16:58:10 ----D---- C:\Program Files\ICQ6.5
2010-11-14 18:32:49 ----D---- C:\Program Files\DVDVideoSoftTB
2010-11-13 22:54:21 ----D---- C:\Program Files\The KMPlayer1431
2010-11-06 22:27:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-06 22:27:15 ----HD---- C:\WINDOWS\inf
2010-11-01 18:00:09 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Øadiè procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 HDAudBus;Ovladaè Microsoft UAA pro sbìrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-09 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-09 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hidusb;Ovladaè tøídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Ovladaè myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbccgp;Obecný nadøazený ovladaè Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Tøída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladaè skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladaè velkokapacitního pamìového zaøízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek svìtového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 serviceJS;Microsoft Trap Service; C:\WINDOWS\system32\System [2010-06-10 708096]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

kyky66 · #10 Příspěvek od **kyky66** » 29 lis 2010 19:30

Tak doufam ze uz to je ten spravnej log

#11 Příspěvek od **vyosek** » 29 lis 2010 19:43

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
NBService
U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

kyky66 · #12 Příspěvek od **kyky66** » 05 pro 2010 13:21

ComboFix 10-12-04.01 - Richard 05.12.2010 13:08:37.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1919.1300 [GMT 1:00]
Spuštěný z: c:\documents and settings\Richard\Plocha\netik\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MAMČA\Data aplikací\PriceGong
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\MAMČA\Data aplikací\PriceGong\Data\z.xml
c:\program files\ICQ6.5\ICQLRun.exe
C:\Thumbs.db
c:\windows\daemon.dll
c:\windows\directx.sys
c:\windows\svchost.com
c:\windows\system32\1ybb7ymi.exe
c:\windows\system32\qtplugin.exe
c:\windows\system32\qtwm.exe
c:\windows\system32\system

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICEJS
-------\Service_serviceJS

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 08:45 . 2010-12-05 08:45 -------- d-----w- c:\documents and settings\Richard\Local Settings\Data aplikací\Temp
2010-11-23 19:50 . 2010-11-29 16:47 -------- d-----w- C:\rsit
2010-11-23 19:50 . 2010-11-29 16:46 -------- d-----w- c:\program files\trend micro
2010-11-22 17:39 . 2010-11-23 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 17:39 . 2010-11-23 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-14 17:32 . 2010-11-14 17:32 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-14 17:31 . 2010-11-14 17:32 -------- d-----w- c:\documents and settings\MAMČA\Local Settings\Data aplikací\DVDVideoSoftTB
2010-11-14 17:31 . 2010-11-14 17:31 -------- d-----w- c:\documents and settings\MAMČA\Local Settings\Data aplikací\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 21:44 . 2010-03-03 23:14 121344 ----a-w- c:\windows\system32\clbcate.dll
2010-10-11 14:15 . 2008-06-09 18:10 170552 ----a-w- c:\documents and settings\Richard\Data aplikací\ezpinst.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315}]
2010-10-24 21:44 121344 ----a-w- c:\windows\system32\clbcate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MultiFrame"="c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 999792]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 106496]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-04 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-04 33136]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\progra~1\QUICKT~1\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\MAM¬A\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]

c:\documents and settings\Richard\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [6.4.2008 1:58 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [6.4.2008 1:58 5248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [5.4.2008 0:33 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [5.4.2008 0:33 1260672]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://home.sweetim.com
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Richard\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {0302C5F1-AC58-4531-AB06-8205C2AA942F} = 192.168.0.1,192.168.0.4
FF - ProfilePath - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-1ybb7ymi - c:\windows\system32\1ybb7ymi.exe
HKLM-Run-1ybb7ymi - c:\windows\system32\1ybb7ymi.exe
HKLM-Run-RegistryWm - c:\windows\system32\qtwm.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-Little Fighter 2 v1.9 - c:\program files\LittleFighter2\LF2_v1.9\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 13:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2400)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-12-05 13:18:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-05 12:17

Před spuštěním: 8 134 639 616
Po spuštění: 8 208 572 416

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 23DCAB635C67609B0064411B5429EE9B

kyky66 · #13 Příspěvek od **kyky66** » 05 pro 2010 13:21

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05.12.2010 at 12:54:19.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\WINDOWS\svchost.com

Rkill completed on 05.12.2010 at 12:55:17.

#14 Příspěvek od **vyosek** » 05 pro 2010 13:53

Pokud nemate, tak presunte Combofix primo na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Folder::
C:\Program Files\SweetIM

File::
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\windows\system32\ConduitEngine.tmp
c:\documents and settings\Richard\Data aplikací\ezpinst.exe
c:\windows\system32\clbcate.dll
c:\windows\Tasks\AppleSoftwareUpdate.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050
mStart Page = hxxp://home.sweetim.com

Firefox::
FF - ProfilePath - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2269050&q=

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

kyky66 · #15 Příspěvek od **kyky66** » 12 pro 2010 14:49

ComboFix 10-12-04.01 - Richard 12.12.2010 14:47:29.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1919.1333 [GMT 1:00]
Spuštěný z: c:\docume~1\Richard\LOCALS~1\Temp\3582-490\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Richard\Plocha\CFScript.txt.txt
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\directx.sys
c:\windows\svchost.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-12 do 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-05 12:26 . 2010-12-05 12:26 -------- d-----w- c:\program files\CCleaner
2010-12-05 08:45 . 2010-12-05 08:45 -------- d-----w- c:\documents and settings\Richard\Local Settings\Data aplikací\Temp
2010-11-23 19:50 . 2010-11-29 16:47 -------- d-----w- C:\rsit
2010-11-23 19:50 . 2010-11-29 16:46 -------- d-----w- c:\program files\trend micro
2010-11-22 17:39 . 2010-11-23 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 17:39 . 2010-11-23 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-14 17:32 . 2010-11-14 17:32 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-14 17:31 . 2010-11-14 17:32 -------- d-----w- c:\documents and settings\MAMČA\Local Settings\Data aplikací\DVDVideoSoftTB
2010-11-14 17:31 . 2010-11-14 17:31 -------- d-----w- c:\documents and settings\MAMČA\Local Settings\Data aplikací\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 21:44 . 2010-03-03 23:14 121344 ----a-w- c:\windows\system32\clbcate.dll
2010-10-11 14:15 . 2008-06-09 18:10 170552 ----a-w- c:\documents and settings\Richard\Data aplikací\ezpinst.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_12.14.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 14:00 . 2010-12-12 13:44 698752 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-12-12 13:44 784022 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-12-12 13:44 270550 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-12-12 13:44 300066 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0AA1ECF-9EC9-41EE-AA5B-E436DAFF5315}]
2010-10-24 21:44 121344 ----a-w- c:\windows\system32\clbcate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MultiFrame"="c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 999792]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 106496]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2010-12-08 48640]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-04 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-04 33136]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\progra~1\QUICKT~1\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\MAM¬A\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]

c:\documents and settings\Richard\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [6.4.2008 1:58 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [6.4.2008 1:58 5248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [5.4.2008 0:33 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [5.4.2008 0:33 1260672]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://home.sweetim.com
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Richard\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {0302C5F1-AC58-4531-AB06-8205C2AA942F} = 192.168.0.1,192.168.0.4
FF - ProfilePath - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\ucmcewcq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 14:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-12 14:48:56
ComboFix-quarantined-files.txt 2010-12-12 13:48
ComboFix2.txt 2010-12-12 13:42
ComboFix3.txt 2010-12-05 12:18

Před spuštěním: 2 394 681 344
Po spuštění: 2 381 516 800

- - End Of File - - 1197853E8E4915CE5FD0970D08DFBD4F

VIRY.CZ

prosim o kontrolu logu

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu