Nejde Google - prosím o kontrolu logu

[McMatej]

Zdravím

Ač mi antivirový a antispywarový program nenajde žádný problém, počítač se chová divně. Používám rezidentně ESET (trial verzi) a Spyware terminátor, ke kontrole ještě navíc Malwarebytes Anti-Malware, Spybot-Search Destroyed a SuperAntiSpyware Free.

- Dlouho se spouští (15 minut), během spouštění dole vedle hodin se objeví ikona a hláška, že není aktivní žádná brána firewall, když se podívám do nastavení, tak aktivní je.
- Stránky Google nejdou načíst, na druhém počítači jdou bez problémů
- Několikrát jsem odstaňoval asi stejnou infekci (obnovení systému mám vypnuté)
- Spouštění programů je pomalé (Internet explorer, Mozilla Firefox, Mozilla Thunderbird....)
- Dlouho se točí HDD a blikají ledky na síťové kartě (i když nic nestahuji)

Přikládám log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Správce at 2010-12-04 14:48:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 65 GB (42%) free of 153 GB
Total RAM: 447 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:48:57, on 4. 12. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Install\Antivir\Rsit\RSIT_2.exe
C:\Program Files\trend micro\Správce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-122540187-4152427891-730465810-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lucka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://maxibps.postovnisporitelna.cz/C ... Enroll.dll
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{268D8EC3-1D36-4218-B333-A9096F510959}: Domain = pilsfree.czf
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECD3629-2001-44A6-8106-A1B08B5D0DE9}: Domain = pilsfree.czf
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECD3629-2001-44A6-8106-A1B08B5D0DE9}: NameServer = 10.109.183.1,10.109.255.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC3D3CF5-A479-40AB-A585-4FDA7A593AF4}: NameServer = 10.109.184.65,10.109.255.254
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8732 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1005.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B7445F8-3774-4E7D-AF54-8B933C554B1C}]
Lmon Class - C:\Program Files\LeechVideoConvert\leechmon.dll [2006-09-27 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-11-02 1252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-11-02 1252304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"Spamihilator"=C:\Program Files\Spamihilator\spamihilator.exe [2008-08-28 1223680]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-05-18 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-05-17 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-31 202256]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-11-29 2216960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-11-29 3318784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ Library"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Disabled:dccproc"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Program Files\Offline Explorer Pro\OE.exe"="F:\Program Files\Offline Explorer Pro\OE.exe:*:Enabled:Offline Explorer executable"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

3010-05-06 23:11:47 ----D---- C:\Program Files\ESET
3010-05-06 22:27:12 ----D---- C:\Program Files\Spyware Terminator
3010-05-06 22:13:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2808-09-07 14:01:51 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-12-04 12:07:45 ----D---- C:\Program Files\trend micro
2010-12-04 12:07:42 ----D---- C:\rsit
2010-12-04 11:37:34 ----D---- C:\Documents and Settings\Správce.LYNX\Data aplikací\Spyware Terminator
2010-12-04 11:37:30 ----ASH---- C:\Documents and Settings\Správce.LYNX\Data aplikací\desktop.ini
2010-12-04 11:37:21 ----D---- C:\Documents and Settings\Správce.LYNX\Data aplikací\AVG7
2010-12-04 11:37:18 ----D---- C:\Documents and Settings\Správce.LYNX\Data aplikací\Identities
2010-12-04 11:36:45 ----SD---- C:\Documents and Settings\Správce.LYNX\Data aplikací\Microsoft
2010-12-01 19:26:55 ----D---- C:\Program Files\WinClamAVShield
2010-11-29 16:36:42 ----D---- C:\Program Files\Crawler
2010-11-29 16:36:37 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-11-29 16:36:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-11-25 12:31:34 ----D---- C:\Program Files\Trojan Remover 681
2010-11-25 12:12:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trojan Remover
2010-11-18 19:38:15 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-11-18 19:38:00 ----A---- C:\WINDOWS\system32\MSPCLOCK.sys
2010-11-18 19:32:18 ----D---- C:\Drivers
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\drivers\sonypvs1.sys
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\drivers\sonyhcs.sys
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\drivers\Sonyhcp.dll
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\drivers\sonyhcc.sys
2010-11-18 19:32:18 ----A---- C:\WINDOWS\system32\drivers\sonyhcb.sys
2010-11-13 14:02:46 ----D---- C:\Program Files\All Media Fixer
2010-11-12 08:37:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-12 08:37:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-12 08:37:15 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-12 08:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-12 01:16:26 ----A---- C:\WINDOWS\system32\TRJ_NTAUTO.TMP
2010-11-12 01:13:08 ----D---- C:\Program Files\Trojan Remover
2010-11-11 19:02:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-11-11 12:35:22 ----A---- C:\WINDOWS\system32\SRPVer.ini
2010-11-11 12:35:15 ----A---- C:\WINDOWS\system32\sk_bho.ini

======List of files/folders modified in the last 1 months======

3010-05-06 22:46:47 ----D---- C:\Program Files\Spybot - Search & Destroy
3010-05-06 22:00:12 ----D---- C:\WINDOWS\Minidump
3010-05-06 09:11:34 ----D---- C:\Program Files\Google
3010-05-06 09:11:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
3010-05-06 09:01:37 ----D---- C:\WINDOWS\system32\config
3010-05-06 09:01:09 ----D---- C:\WINDOWS\system32\wbem
3010-05-06 09:01:08 ----D---- C:\WINDOWS\Registration
3010-05-06 09:00:33 ----D---- C:\Program Files\CrystalDiskInfo
2010-12-04 14:01:42 ----HD---- C:\WINDOWS\Temp
2010-12-04 12:12:09 ----SD---- C:\WINDOWS\Tasks
2010-12-04 12:08:03 ----D---- C:\WINDOWS\Prefetch
2010-12-04 12:07:45 ----RD---- C:\Program Files
2010-12-04 11:44:17 ----D---- C:\WINDOWS
2010-12-04 11:35:40 ----D---- C:\Documents and Settings
2010-12-04 11:31:32 ----D---- C:\Program Files\Nvu
2010-12-04 11:31:32 ----D---- C:\Program Files\Mozilla Thunderbird
2010-12-04 11:31:32 ----D---- C:\Program Files\Mozilla Firefox
2010-12-04 11:08:59 ----D---- C:\WINDOWS\Debug
2010-12-03 23:57:03 ----D---- C:\Program Files\Spamihilator
2010-12-03 20:51:14 ----D---- C:\Temp
2010-12-03 20:24:14 ----D---- C:\Program Files\MSI
2010-12-03 20:23:28 ----D---- C:\WINDOWS\system32
2010-12-03 15:47:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-29 21:09:13 ----HD---- C:\WINDOWS\inf
2010-11-29 16:36:39 ----D---- C:\WINDOWS\system32\drivers
2010-11-27 10:39:34 ----D---- C:\WINDOWS\ime
2010-11-27 08:55:22 ----D---- C:\WINDOWS\MediaCoder
2010-11-26 08:10:28 ----SHD---- C:\WINDOWS\Installer
2010-11-26 08:10:28 ----HD---- C:\Config.Msi
2010-11-26 08:09:22 ----D---- C:\Program Files\Lavasoft
2010-11-26 08:09:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-11-26 08:09:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-25 12:39:06 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-25 12:17:34 ----D---- C:\Program Files\DC++
2010-11-25 12:08:32 ----D---- C:\DC++
2010-11-18 20:32:13 ----D---- C:\lee
2010-11-18 19:52:57 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2010-11-18 19:52:55 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2010-11-18 19:47:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-18 19:38:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-18 19:32:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-18 19:30:33 ----D---- C:\Install
2010-11-15 17:34:48 ----D---- C:\Program Files\Avidemux 2.5
2010-11-11 23:14:38 ----SHD---- C:\System Volume Information
2010-11-11 23:14:38 ----D---- C:\WINDOWS\system32\Restore
2010-11-11 19:48:00 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-11 16:16:32 ----D---- C:\Program Files\ICQ6.5
2010-11-11 12:53:05 ----D---- C:\Program Files\SUPERAntiSpyware
2010-11-11 12:17:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-06-24 81356]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-12-13 47360]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-11-03 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-11-03 21672]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-03-29 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-03-29 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-03-29 84512]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-11-29 496128]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-122540187-4152427891-730465810-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lucka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT njadeš zde :

C:\Program Files\trend micro\Správce.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !

Defragmentuj disku buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[McMatej]

Tak nevím jestli tě nenaštvu hned na začátek, ale byla neděle, nudil jsem se a tak jsem se v tom vrtal ještě sám, tak nevím jak výše uvedený log je teď večer aktuální. Odinstaloval jsem Eset a všechny ty malware a spyware terminátory a nahradil jsem to Avastem a Kerio Firewallem. Počítač je čilejší a hláška o nefunkční bráně firewall taky zmizela, ale pořád to není ono, google pořád nejde (přesněji jednou jde a pak dlouho nejde) a taky nejdou videa z archivu Novy, tak jsem Kerio odinstaloval a až pak si přečetl tvoji odpověď.
Nicméně udělal jsem co jsi psal, v HJC některé řádky už nebyly (asi proto, že jsem to odinstaloval dřive), jinak to proběhlo podle mého normálně. Log z ComboFixu přikládám.

P.S. Na místním síťovém foru mi ohledně nefunkčního googlu někdo poradil vypnout si TCP/IP6, ale ještě jsem to nezkoušel.

Zatím moc dík a dobrou noc (nebo krásné ráno)



ComboFix 10-12-04.02 - Správce . 12. 2010 23:27:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.102 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucka\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucka\Data aplikací\Desktopicon
c:\documents and settings\Lucka\Dokumenty\DPE.DUS
c:\install\Smarton\_desktop.ini
c:\install\Smarton\Drivers\_desktop.ini
c:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
c:\program files\LeechVideoConvert\leEChmon.dll
c:\windows\system\oeminfo.ini
c:\windows\system\QTIM32.DLL
c:\windows\system32\AutoRun.inf
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.

3010-05-06 08:01 . 3010-05-06 08:01 -------- d-----w- c:\windows\system32\wbem\Repository
2808-09-07 13:01 . 2808-09-07 13:01 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-12-05 21:39 . 2010-12-05 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-12-05 21:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-05 21:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-05 21:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-05 21:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-05 21:34 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-05 21:34 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-05 21:34 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-05 21:34 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 21:34 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-05 17:04 . 2010-12-05 17:04 -------- d-----w- c:\program files\Sunbelt Software
2010-12-05 16:24 . 2010-12-05 16:24 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\program files\Alwil Software
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-04 11:07 . 2010-12-05 22:06 -------- d-----w- c:\program files\trend micro
2010-12-04 11:07 . 2010-12-04 13:49 -------- d-----w- C:\rsit
2010-12-04 10:35 . 2010-12-04 10:37 -------- d-----w- c:\documents and settings\Správce.LYNX
2010-11-25 21:37 . 2010-11-25 21:37 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Sunbelt Software
2010-11-25 11:31 . 2010-11-25 11:42 -------- d-----w- c:\program files\Trojan Remover 681
2010-11-25 11:12 . 2010-11-12 00:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trojan Remover
2010-11-18 18:38 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-18 18:38 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-18 18:38 . 2008-04-13 19:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2010-11-18 18:32 . 2010-11-18 18:32 -------- d-----w- C:\Drivers
2010-11-18 18:32 . 2002-10-15 21:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-11-18 18:32 . 2001-11-05 08:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-11-18 18:32 . 2001-11-05 08:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-11-18 18:32 . 2001-11-05 08:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-11-18 18:32 . 2001-07-03 19:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-11-18 18:32 . 2001-07-03 19:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-11-13 13:02 . 2010-11-13 13:04 -------- d-----w- c:\program files\All Media Fixer
2010-11-12 07:37 . 2010-11-12 07:37 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Malwarebytes
2010-11-12 07:37 . 2010-11-12 07:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-12 00:16 . 2010-11-12 00:16 1592 ----a-w- c:\windows\system32\TRJ_NTAUTO.TMP
2010-11-12 00:13 . 2010-11-12 07:23 -------- d-----w- c:\program files\Trojan Remover

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 21:41 . 2010-05-07 21:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:52 . 2008-12-23 22:37 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-11-18 18:52 . 2008-12-23 22:37 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-06-17 14:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-09-21 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:34 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:34 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-08-28 1223680]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"SkyTel"=SkyTel.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Offline Explorer Pro\\OE.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [19. 12. 2008 8:58 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [19. 12. 2008 8:58 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5. 12. 2010 22:34 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 12. 2010 22:34 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7. 2. 2008 17:01 81356]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [7. 2. 2008 17:52 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7. 2. 2008 17:52 9600]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5. 12. 2010 22:34 136176]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [3. 11. 2008 18:29 13352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6. 11. 2007 21:22 34064]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21. 6. 2007 15:21 30720]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
*NewlyCreated* - GUPDATE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
TCP: {9ECD3629-2001-44A6-8106-A1B08B5D0DE9} = 10.109.183.1,10.109.255.254
TCP: {FC3D3CF5-A479-40AB-A585-4FDA7A593AF4} = 10.109.184.65,10.109.255.254
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/Comp/CSOBEnroll.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
AddRemove-Diff Doc_is1 - c:\program files\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 23:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-05 23:52:51
ComboFix-quarantined-files.txt 2010-12-05 22:52

Před spuštěním: Volných bajtů: 69 217 628 160
Po spuštění: Volných bajtů: 69 317 226 496

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 63316E5205632FA55D95B0B25BF87B25

[Roli]

Nenaštveš, jen jsi mi v tom udělal trošku hokej, tak že to nyní napravíme.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com
c:\windows\system32\TRJ_NTAUTO.TMP
c:\windows\system32\drivers\SBREDrv.sys

Folder::
c:\documents and settings\Lucka\Local Settings\Data aplikací\Sunbelt Software
c:\program files\Trojan Remover 681
c:\documents and settings\All Users\Data aplikací\Trojan Remover
c:\documents and settings\Lucka\Data aplikací\Malwarebytes
c:\documents and settings\All Users\Data aplikací\Malwarebytes
c:\program files\Trojan Remover
c:\program files\Spamihilator
c:\program files\Lavasoft

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Spamihilator\\dccproc.exe"=-

Driver::
SBREDrv
Lavasoft Kernexplorer

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[McMatej]

Za hokej se omlouvám. Dneska jsem s tím opravdu nic nedělal, jen jsem včera zkusil vypnout TCP/IP6 což pomohlo a google a videa z archivu Novy začali okamžitě fungovat. Pak jsem TCP/IP6 i odinstaloval. Dneska když jsem pustil PC, tak mi to sice nechtělo přihlásit na síť, ale to řeším s místním správcem. Pravděpodobně při upgradu BIOSu se mi nějak poblbala MAC adresa síťové karty. Ale vypadá to, že už je to v pohodě.

Zatím moc díky.

P.S. Sken ComboFixem jsem dělal nadvakrát. Poprvně jsem asi nevypnul Avast, i když jsem přesvědčený, že jsem ho vypínal. Ten log byl nějaký dlouhý a vypadal divně.

Tady je žádaný log z druhého pokusu:

ComboFix 10-12-04.02 - Lucka 07.12.2010 0:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.174 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lucka\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com"
"c:\windows\system32\drivers\SBREDrv.sys"
"c:\windows\system32\TRJ_NTAUTO.TMP"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.

3010-05-06 08:01 . 3010-05-06 08:01 -------- d-----w- c:\windows\system32\wbem\Repository
2808-09-07 13:01 . 2808-09-07 13:01 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-12-05 21:39 . 2010-12-05 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-12-05 21:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-05 21:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-05 21:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-05 21:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-05 21:34 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-05 21:34 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-05 21:34 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-05 21:34 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 21:34 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-05 17:04 . 2010-12-05 17:04 -------- d-----w- c:\program files\Sunbelt Software
2010-12-05 16:24 . 2010-12-05 16:24 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\program files\Alwil Software
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-04 11:07 . 2010-12-05 22:06 -------- d-----w- c:\program files\trend micro
2010-12-04 11:07 . 2010-12-04 13:49 -------- d-----w- C:\rsit
2010-12-04 10:35 . 2010-12-04 10:37 -------- d-----w- c:\documents and settings\Správce.LYNX
2010-11-18 18:38 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-18 18:38 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-18 18:38 . 2008-04-13 19:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2010-11-18 18:32 . 2010-11-18 18:32 -------- d-----w- C:\Drivers
2010-11-18 18:32 . 2002-10-15 21:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-11-18 18:32 . 2001-11-05 08:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-11-18 18:32 . 2001-11-05 08:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-11-18 18:32 . 2001-11-05 08:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-11-18 18:32 . 2001-07-03 19:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-11-18 18:32 . 2001-07-03 19:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-11-13 13:02 . 2010-11-13 13:04 -------- d-----w- c:\program files\All Media Fixer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:52 . 2008-12-23 22:37 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-11-18 18:52 . 2008-12-23 22:37 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-06-17 14:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-09-21 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:34 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:34 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"SkyTel"=SkyTel.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Offline Explorer Pro\\OE.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [19.12.2008 8:58 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [19.12.2008 8:58 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.12.2010 22:34 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.12.2010 22:34 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7.2.2008 17:01 81356]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [7.2.2008 17:52 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7.2.2008 17:52 9600]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.12.2010 22:34 136176]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [3.11.2008 18:29 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download the &current page with Offline Explorer - file://f:\program files\Offline Explorer Pro\Add_All.htm
IE: Download using Offline &Explorer - file://f:\program files\Offline Explorer Pro\Add_Url.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: postovnisporitelna.cz\maxibps
TCP: {9ECD3629-2001-44A6-8106-A1B08B5D0DE9} = 10.109.183.1,10.109.255.254
TCP: {FC3D3CF5-A479-40AB-A585-4FDA7A593AF4} = 10.109.184.65,10.109.255.254
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/Comp/CSOBEnroll.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\g4l0gv8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\g4l0gv8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 00:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-12-07 00:32:19
ComboFix-quarantined-files.txt 2010-12-06 23:32
ComboFix2.txt 2010-12-06 22:23
ComboFix3.txt 2010-12-05 22:52

Před spuštěním: Volných bajtů: 69 037 084 672
Po spuštění: Volných bajtů: 69 015 261 184

- - End Of File - - 1C08B26F3791F8722402D6031DB4C2C9

[Roli]

Bezva, ale pro velký úspěch ještě jednou.

Znovu si otevři Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::  
c:\program files\Sunbelt Software
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com

FireFox::
FF - ProfilePath - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\g4l0gv8o.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[McMatej]

Zdravím a posílm log.


ComboFix 10-12-04.02 - Lucka 07.12.2010 21:29:55.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.105 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lucka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lucka\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-12-5-2010( 17-32-6 ).SDB
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-12-5-2010( 17-36-48 ).SDB
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Lucka\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\program files\Sunbelt Software
c:\program files\Sunbelt Software\Personal Firewall\Config\charts.dat
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\attack-responses.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\backdoor.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\bad-traffic.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\ddos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\dos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\icmp.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\misc.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\netbios.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\rules.idx
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\scan.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\sunbelt.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg.bak
c:\program files\Sunbelt Software\Personal Firewall\Config\update.cfg
c:\program files\Sunbelt Software\Personal Firewall\Logs\debug.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\debug.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\error.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\error.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\hips.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\hips.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\ids.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\ids.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\network.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\network.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\sbhips.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\warning.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\warning.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\web.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\web.log.idx

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-07 do 2010-12-07 )))))))))))))))))))))))))))))))
.

3010-05-06 08:01 . 3010-05-06 08:01 -------- d-----w- c:\windows\system32\wbem\Repository
2808-09-07 13:01 . 2808-09-07 13:01 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-12-07 07:39 . 2010-12-07 07:39 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Temp
2010-12-05 21:39 . 2010-12-05 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-12-05 21:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-12-05 21:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-05 21:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-05 21:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-05 21:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-05 21:34 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-05 21:34 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-05 21:34 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-05 21:34 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 21:34 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\program files\Alwil Software
2010-12-05 08:44 . 2010-12-05 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-12-04 11:07 . 2010-12-05 22:06 -------- d-----w- c:\program files\trend micro
2010-12-04 11:07 . 2010-12-04 13:49 -------- d-----w- C:\rsit
2010-12-04 10:35 . 2010-12-04 10:37 -------- d-----w- c:\documents and settings\Správce.LYNX
2010-11-18 18:38 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-18 18:38 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-18 18:38 . 2008-04-13 19:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2010-11-18 18:32 . 2010-11-18 18:32 -------- d-----w- C:\Drivers
2010-11-18 18:32 . 2002-10-15 21:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-11-18 18:32 . 2001-11-05 08:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-11-18 18:32 . 2001-11-05 08:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-11-18 18:32 . 2001-11-05 08:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-11-18 18:32 . 2001-07-03 19:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-11-18 18:32 . 2001-07-03 19:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-11-13 13:02 . 2010-11-13 13:04 -------- d-----w- c:\program files\All Media Fixer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:52 . 2008-12-23 22:37 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-11-18 18:52 . 2008-12-23 22:37 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-06-17 14:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-09-21 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:34 . 2006-03-02 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:34 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:34 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-06_23.26.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-07 08:04 . 2010-12-07 08:04 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
+ 2010-12-07 07:39 . 2010-12-07 07:39 21504 c:\windows\Installer\315f10.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"SkyTel"=SkyTel.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Offline Explorer Pro\\OE.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [19.12.2008 8:58 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [19.12.2008 8:58 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.12.2010 22:34 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.12.2010 22:34 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [7.2.2008 17:01 81356]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [7.2.2008 17:52 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [7.2.2008 17:52 9600]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.12.2010 22:34 136176]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [3.11.2008 18:29 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 21:34]

2010-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-122540187-4152427891-730465810-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-122540187-4152427891-730465810-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download the &current page with Offline Explorer - file://f:\program files\Offline Explorer Pro\Add_All.htm
IE: Download using Offline &Explorer - file://f:\program files\Offline Explorer Pro\Add_Url.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: postovnisporitelna.cz\maxibps
TCP: {9ECD3629-2001-44A6-8106-A1B08B5D0DE9} = 10.109.183.1,10.109.255.254
TCP: {FC3D3CF5-A479-40AB-A585-4FDA7A593AF4} = 10.109.184.65,10.109.255.254
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/Comp/CSOBEnroll.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\g4l0gv8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Lucka\Data aplikací\Mozilla\Firefox\Profiles\g4l0gv8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 21:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-07 21:44:32
ComboFix-quarantined-files.txt 2010-12-07 20:44
ComboFix2.txt 2010-12-06 23:32
ComboFix3.txt 2010-12-06 22:23
ComboFix4.txt 2010-12-05 22:52

Před spuštěním: Volných bajtů: 68 926 394 368
Po spuštění: Volných bajtů: 68 903 706 624

- - End Of File - - 2C52AFEB64FFC10769F6CD3D8456C22D

[Roli]

Nepořádek je pryč, nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[McMatej]

Tak vypadá to docela nadějně, alespoň na první pohled. Systém se načetl asi za 2,5 minuty, což je na starý hrkáč myslím docela dobrý. Programy, alespoň ty důležitější, které jsem zkoušel, se rozběhly, tak co víc si přát.

Odinstalace ComboFixu proběhla normálně, T-Cleaner při odstraňování složky programu ERUNT na hulváta vypnul celý PC, ale na druhý pokus to prošlo a všechno co se mělo smazat se smazalo.

Ještě bych měl dotaz, při léčení se odstranil i Spamihilator (filtr proti spamu, ale to asi znáš). Mám (mohu) ho nainstalovat znova? A jak mám PC zabezpečit? Bude stačit Avast a Kerio Firewall?

Dík

[Roli]

Ono s takhle málo RAM to rychlejší nebude.

Pokud máš dobře nastaveného poštovního klienta (Thunderbird) tak Spamihilator nepotřebuješ.

Na zabezpečení PC stačí Avast 5 no a k tomu firewallu, nechci tě nějak urazit ale špatně nastavený nebo

při nesprávném používání je horší než žádný.

Nehledě na to že tvoje PC neoplývá výkonem.

[McMatej]

Tak v pohodě. Děkuju, takhle jsem spokojený.

Obdivuju, že 1) jste schopný z těch románů co lezou z ComboFixu a podobných něco vyčíst a za 2) že se pouštíte do tak nevděčné práce jako je zdarma, po netu, nějakým tupcům pomáhat opravit to, co si většinou sami pokazili.
Škoda, že takových není víc. Tak jen houšť a větší kapky.

Vzpomenu si na vás při návštěvě terminálu Sazky.

Ještě jednou moc díky. Ahoj

[Roli]

Díky, nemáš vůbec zač a měj se