VIRY.CZ

Ahoj,

Na mém Notebooku HP Pavilion dv6000 už něakou dobu vypadává Internet. Třeba mi 2 hodiny Internet funguje, a potom náhle vypadne. Myslel jsem si, že za to může sít'ovka, ale ve Správce Zařízení mi píše, že zařízení pracuje správně. A když dám Aktualizovat Sít'ovou kartu, tak mi to napíše, že mám nejnovější Ovladač Sít'ové karty. Mám doma i druhý Notebook a když ho připojím na ten stejný kabel je vše OK. Už nevím v čem by mohl být problém. Děkuji za radu.

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:23, on 1.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8974 bytes

Toto je log z HijackThis. Z RSIT je mnohem podrobnější, obsahu spouštěcí klíče a drivery.

U RSIT, mi AVG psalo že je v tom Malware.

Unkn0wn píše:U RSIT, mi AVG psalo že je v tom Malware.

Tomu nevěřte . Skoro každý AV tvrdí, že jiný nástroj, který zkoumá procesy, je malware. Nebojte se ho spustit, my bychom vám určitě neporadili spustit něco, co by vám poškodilo počítač.

info.txt logfile of random's system information tool 1.08 2011-01-01 13:11:37

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 8.1.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81000000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x5 -removeonly
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{04E7A3BB-DB38-481C-A809-35FA60C78EDF}
AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0005
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
ConvertXtoDVD 4.1.7.343-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.0-->MsiExec.exe /I{C7AF7F33-9092-997E-2D29-DE8095863FE3}
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{67A2873D-18A5-4B47-97CC-EFB8DDF89C28}
Farm Frenzy 2-->C:\Program Files\Alawar\FarmFrenzy2\Uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0005 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Mafia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Cenega Czech\Mafia\Uninstall\setup.exe" -l0x5
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11029}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0005 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
Registrace uživatele zařízení Canon MP210 series-->C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{0260AB54-8507-46A5-ADA7-E5F2C5327408}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: HP-PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB979306(Update) z Rozfázovaný(Staged) na Rozfázovaný(Staged).
Record Number: 75456
Source Name: Microsoft-Windows-Servicing
Time Written: 20101108113042.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB979306(Update) z Rozfázovaný(Staged) na Rozfázovaný(Staged).
Record Number: 75455
Source Name: Microsoft-Windows-Servicing
Time Written: 20101108113042.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB979306(Update) z Rozfázovaný(Staged) na Rozfázovaný(Staged).
Record Number: 75454
Source Name: Microsoft-Windows-Servicing
Time Written: 20101108113042.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB979306(Update) z Rozfázovaný(Staged) na Rozfázovaný(Staged).
Record Number: 75453
Source Name: Microsoft-Windows-Servicing
Time Written: 20101108113042.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB979306(Update) z Rozfázovaný(Staged) na Rozfázovaný(Staged).
Record Number: 75452
Source Name: Microsoft-Windows-Servicing
Time Written: 20101108113042.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: HP-PC
Event Code: 223
Message: WinMail (2636) WindowsMail0: Začíná zálohování souboru protokolu (rozsah C:\Users\HP\AppData\Local\Microsoft\Windows Mail\edb00001.log - C:\Users\HP\AppData\Local\Microsoft\Windows Mail\edb00001.log).
Record Number: 89
Source Name: ESENT
Time Written: 20101102144027.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 221
Message: WinMail (2636) WindowsMail0: Končí zálohování souboru C:\Users\HP\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.
Record Number: 88
Source Name: ESENT
Time Written: 20101102144026.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 220
Message: WinMail (2636) WindowsMail0: Začíná zálohování souboru C:\Users\HP\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (velikost 2 Mb).
Record Number: 87
Source Name: ESENT
Time Written: 20101102144026.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 210
Message: WinMail (2636) WindowsMail0: Probíhá spouštění úplného zálohování.
Record Number: 86
Source Name: ESENT
Time Written: 20101102144026.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 102
Message: WinMail (2636) WindowsMail0: Databázový stroj (6.00.6000.0000) spustil novou instanci (0).
Record Number: 85
Source Name: ESENT
Time Written: 20101102144022.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: HP-PC
Event Code: 5032
Message: Bráně Windows Firewall se nepodařilo oznámit uživateli, že zabránila aplikaci přijímat příchozí připojení v síti.

Kód chyby: 2
Record Number: 942
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101102144548.892615-000
Event Type: Selhání auditu
User:

Computer Name: HP-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 941
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101102144037.038415-000
Event Type: Úspěch auditu
User:

Computer Name: HP-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LH-VC3R9QQ8N93K$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x248
Název procesu: C:\WINDOWS\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 940
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101102144037.038415-000
Event Type: Úspěch auditu
User:

Computer Name: HP-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LH-VC3R9QQ8N93K$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x248
Název procesu: C:\WINDOWS\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 939
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101102144037.038415-000
Event Type: Úspěch auditu
User:

Computer Name: HP-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-3509322883-3500454244-2094578143-1000
Název účtu: HP
Název domény: HP-PC
ID přihlášení: 0x1a7c12
Record Number: 938
Source Name: Microsoft-Windows-Eventlog
Time Written: 20101102143746.344415-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pro práci s CF budte muset dočasně odinstalovat AVG.

Tak toto mi to vyhodilo

ComboFix 11-01-01.01 - HP 01.01.2011 20:22:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1233 [GMT 1:00]
Spuštěný z: c:\users\HP\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-01 do 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 19:28 . 2011-01-01 19:31 -------- d-----w- c:\users\HP\AppData\Local\temp
2011-01-01 19:28 . 2011-01-01 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 15:09 . 2011-01-01 15:09 -------- d-----w- c:\program files\Microsoft ATS
2011-01-01 13:55 . 2011-01-01 13:55 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-01-01 09:40 . 2011-01-01 09:42 -------- d-----w- c:\program files\trend micro
2011-01-01 09:40 . 2011-01-01 12:11 -------- d-----w- C:\rsit
2010-12-30 18:03 . 2010-12-30 18:03 -------- d-----w- c:\users\HP\AppData\Roaming\AVG10
2010-12-30 18:01 . 2010-12-30 18:01 -------- d--h--w- c:\programdata\Common Files
2010-12-30 17:58 . 2011-01-01 19:11 -------- d-----w- c:\programdata\AVG10
2010-12-30 17:50 . 2010-12-30 17:56 -------- d-----w- c:\programdata\MFAData
2010-12-30 12:28 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F4163E7-3FEA-491B-B103-17DB24B35CBF}\mpengine.dll
2010-12-26 16:33 . 2010-12-26 16:47 -------- d-----w- c:\programdata\FarmFrenzy2
2010-12-26 16:28 . 2010-12-26 16:31 -------- d-----w- c:\program files\Alawar
2010-12-26 15:15 . 2010-12-26 16:16 -------- d-----w- c:\programdata\FarmFrenzy3_Russia
2010-12-26 15:15 . 2010-12-26 16:20 -------- d-----w- c:\programdata\AlawarWrapper
2010-12-26 15:14 . 2010-12-26 16:21 -------- d-----w- c:\program files\Hry.cz
2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\users\HP\AppData\Roaming\InstallShield
2010-12-25 18:42 . 2010-12-26 16:32 -------- d-----w- C:\temp
2010-12-22 16:40 . 2010-12-22 16:40 -------- d-----w- C:\Sounds
2010-12-22 16:22 . 2010-12-22 16:53 -------- d-----w- c:\users\HP\AppData\Roaming\LG Electronics
2010-12-22 15:26 . 2010-12-22 16:01 -------- d-----w- c:\users\HP\AppData\Roaming\Winamp
2010-12-22 15:26 . 2010-12-22 15:27 -------- d-----w- c:\program files\Winamp
2010-12-21 16:21 . 2010-12-21 16:25 -------- d-----w- c:\users\HP\AppData\Roaming\vlc
2010-12-21 16:21 . 2010-12-21 16:21 -------- d-----w- c:\program files\VideoLAN
2010-12-17 11:23 . 2010-12-17 11:23 -------- d-----w- c:\programdata\vsosdk
2010-12-17 10:21 . 2010-12-17 11:36 -------- d-----w- c:\users\HP\AppData\Roaming\Vso
2010-12-17 10:17 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-17 10:17 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-17 10:17 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-17 10:17 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-17 10:17 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-17 10:17 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-17 10:17 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-17 10:17 . 2010-12-17 10:17 -------- d-----w- c:\program files\VSO
2010-12-15 09:13 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 15:02 . 2010-12-10 15:03 -------- d-----w- c:\programdata\PopCap Games
2010-12-10 15:01 . 2010-12-10 15:01 -------- d-----w- c:\program files\PopCapGames
2010-12-10 11:49 . 2010-12-10 11:49 -------- d-----w- c:\users\HP\AppData\Roaming\Canon
2010-12-08 07:48 . 2010-12-08 07:48 -------- d-----w- c:\program files\Cenega Czech
2010-12-04 20:45 . 2010-12-04 20:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-12-04 18:48 . 2010-12-04 18:48 -------- d-----w- c:\program files\Microsoft.NET
2010-12-04 18:44 . 2010-12-04 18:44 -------- d-----r- C:\MSOCache
2010-12-04 18:27 . 2010-12-04 18:27 -------- d-----w- c:\program files\Common Files\CANON
2010-12-04 18:25 . 2010-12-04 18:25 -------- d--h--w- c:\programdata\CanonBJ
2010-12-04 18:25 . 2007-03-18 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8S.DLL
2010-12-04 18:25 . 2007-03-18 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8S.DLL
2010-12-04 18:24 . 2010-12-04 18:24 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-12-04 18:22 . 2007-03-18 20:00 215040 ----a-w- c:\windows\system32\CNMLM8S.DLL
2010-12-04 18:22 . 2007-03-23 07:29 98304 ----a-w- c:\windows\system32\CNC210I.DLL
2010-12-04 18:22 . 2007-03-19 01:16 200704 ----a-w- c:\windows\system32\CNC210L.DLL
2010-12-04 18:22 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC210O.DLL
2010-12-04 18:22 . 2007-03-23 07:30 1400832 ----a-w- c:\windows\system32\CNC210C.DLL
2010-12-04 18:19 . 2010-12-04 18:37 -------- d-----w- c:\program files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 15:22 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-08 15:22 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-07 10:20 . 2010-11-07 10:20 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-07 10:20 . 2010-11-07 10:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-07 10:17 . 2010-11-07 10:17 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-07 10:17 . 2010-11-07 10:17 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-07 10:15 . 2010-11-07 10:15 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-07 10:15 . 2010-11-07 10:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-07 10:15 . 2010-11-07 10:15 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-07 10:15 . 2010-11-07 10:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-07 10:15 . 2010-11-07 10:15 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-07 10:15 . 2010-11-07 10:15 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-07 10:15 . 2010-11-07 10:15 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-07 10:15 . 2010-11-07 10:15 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-07 10:14 . 2010-11-07 10:14 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-07 10:14 . 2010-11-07 10:14 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-07 10:14 . 2010-11-07 10:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-07 10:14 . 2010-11-07 10:14 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-07 10:14 . 2010-11-07 10:14 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-07 10:14 . 2010-11-07 10:14 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-07 10:14 . 2010-11-07 10:14 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-07 10:13 . 2010-11-07 10:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-07 10:13 . 2010-11-07 10:13 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-07 10:13 . 2010-11-07 10:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-07 10:12 . 2010-11-07 10:12 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-07 10:12 . 2010-11-07 10:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-07 10:12 . 2010-11-07 10:12 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-07 10:12 . 2010-11-07 10:12 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-07 10:11 . 2010-11-07 10:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-07 10:11 . 2010-11-07 10:11 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-07 10:11 . 2010-11-07 10:11 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-07 10:11 . 2010-11-07 10:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-07 10:11 . 2010-11-07 10:11 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-07 10:09 . 2010-11-07 10:09 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-07 10:06 . 2010-11-07 10:06 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-07 10:05 . 2010-11-07 10:05 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-07 10:05 . 2010-11-07 10:05 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-07 10:05 . 2010-11-07 10:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-07 10:03 . 2010-11-07 10:03 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-11-07 10:00 . 2010-11-07 10:00 40960 ----a-w- c:\windows\system32\drivers\cs-CZ\http.sys.mui
2010-11-07 09:25 . 2010-11-07 09:25 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-06 10:49 . 2010-11-06 10:49 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-03 13:51 . 2010-11-03 13:51 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-03 13:47 . 2010-11-03 13:47 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-03 13:43 . 2010-11-03 13:43 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-03 13:43 . 2010-11-03 13:43 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-03 13:43 . 2010-11-03 13:43 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-03 13:43 . 2010-11-03 13:43 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-03 13:43 . 2010-11-03 13:43 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-03 13:43 . 2010-11-03 13:43 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-03 13:40 . 2010-11-03 13:40 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-11-03 13:40 . 2010-11-03 13:40 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-03 13:40 . 2010-11-03 13:40 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-11-03 13:40 . 2010-11-03 13:40 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-11-03 13:40 . 2010-11-03 13:40 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-11-03 13:40 . 2010-11-03 13:40 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-11-03 13:40 . 2010-11-03 13:40 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-11-03 13:40 . 2010-11-03 13:40 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-11-03 13:40 . 2010-11-03 13:40 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-11-03 13:40 . 2010-11-03 13:40 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-11-03 13:40 . 2010-11-03 13:40 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-11-03 13:40 . 2010-11-03 13:40 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-11-03 13:40 . 2010-11-03 13:40 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-11-03 13:40 . 2010-11-03 13:40 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-11-03 13:40 . 2010-11-03 13:40 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-11-03 13:40 . 2010-11-03 13:40 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-11-03 13:40 . 2010-11-03 13:40 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-11-03 13:40 . 2010-11-03 13:40 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-11-03 13:40 . 2010-11-03 13:40 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-11-03 13:40 . 2010-11-03 13:40 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-11-03 13:40 . 2010-11-03 13:40 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-11-03 13:40 . 2010-11-03 13:40 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-11-03 13:40 . 2010-11-03 13:40 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-11-03 13:40 . 2010-11-03 13:40 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-11-03 13:40 . 2010-11-03 13:40 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-11-03 13:40 . 2010-11-03 13:40 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-11-03 13:40 . 2010-11-03 13:40 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-11-03 13:40 . 2010-11-03 13:40 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-11-03 13:40 . 2010-11-03 13:40 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-11-03 13:40 . 2010-11-03 13:40 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-11-03 13:40 . 2010-11-03 13:40 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-11-03 13:40 . 2010-11-03 13:40 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-11-03 13:40 . 2010-11-03 13:40 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-11-03 13:40 . 2010-11-03 13:40 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-11-03 13:40 . 2010-11-03 13:40 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-11-03 13:40 . 2010-11-03 13:40 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-11-03 13:40 . 2010-11-03 13:40 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-11-03 13:40 . 2010-11-03 13:40 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-11-03 13:40 . 2010-11-03 13:40 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-11-03 13:40 . 2010-11-03 13:40 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-11-03 13:40 . 2010-11-03 13:40 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-11-03 13:40 . 2010-11-03 13:40 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2010-11-03 13:40 . 2010-11-03 13:40 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
2010-11-03 13:40 . 2010-11-03 13:40 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2010-11-03 13:40 . 2010-11-03 13:40 3466752 ----a-w- c:\windows\system32\NlsData0013.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-21 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-08 74752]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509322883-3500454244-2094578143-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 14:14]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509322883-3500454244-2094578143-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 14:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 20:31
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\TMP00000005D3198AB625A27121 524288 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2504)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2011-01-01 20:37:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-01 19:37

Před spuštěním: Volných bajtů: 81 593 565 184
Po spuštění: Volných bajtů: 81 751 375 872

- - End Of File - - DADA003578A6BB29A2707FF23FAE20C1

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\TEMP\TMP00000005D3198AB625A27121

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Hotovo, Mockrát děkuji za trpělivost. Internet vypadává stále, ale alespoň že už nemám zavirovaný PC. Ještě jsem se chtěl zeptat co tento vir (KBL.LOG) způsoboval. Děkuji za Odpověď.

Spíše se jednalo o tohle: -------\Service_usnjsvc . To je fake ovladač. Ten soubor asi sám o sobě infikovaný nebude, nicméně je možné, že je to produkt činnosti nějakého viru. Skyrytý soubor, který jsme mazali napodruhé, virem být může, ale také nemusí. V systému je v každém případě k ničemu.

Zkuste ještě toto. Otevřte startmenu a do řádky vložte:

netsh int ip reset

a stskněte >Enter<. Pak restartujte PC.

Hotovo IP Adresu jsem resetoval, a teď vše běží jak má. Mockrát děkuji za pomoc a za trpělivost.

Nemáte zač!

Mam stejny problem, vzdy po nejakem case prestane fungovat pripojeni k netu.
Zde log z Combofixu.
Predem dekuji.

ComboFix 11-09-17.04 - Fanda 18.09.2011 13:39:59.1.4 - x86
Spuštěný z: c:\documents and settings\Fanda\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ehome\medctrro.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\regopt.log
c:\windows\system32\d3d9caps.dat
c:\windows\system32\nvhdagenco3220102.dll
c:\windows\system32\TZLog.log
c:\windows\system32\wspspodsini.dll
c:\windows\ydi.log
c:\windows\ykinstutil.log
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\VistaMizer\old\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-18 do 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-16 18:15 . 2011-09-16 18:15 -------- d-----w- C:\found.000
2011-09-01 07:48 . 2011-09-01 07:48 -------- d-----r- C:\MSOCache
2011-09-01 06:35 . 2011-09-01 06:35 -------- d-----r- C:\bootwiz
2011-08-31 09:28 . 2011-08-31 09:28 -------- d-----w- C:\CloneDVD
2011-08-29 15:59 . 2011-08-30 21:32 -------- d-----w- C:\Boot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 16:16 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-10-25 14:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-29 15:22 . 2011-06-29 15:22 1626440 ----a-w- c:\windows\system32\ooscrsav.scr
2011-06-29 15:21 . 2011-06-29 15:21 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-06-29 15:20 . 2011-06-29 15:20 535880 ----a-w- c:\windows\system32\oodssrs.dll
2011-06-29 15:19 . 2011-06-29 15:19 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-06-23 18:31 . 2004-08-17 13:49 1017856 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-17 13:49 1638400 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 13:49 295424 ----a-w- c:\windows\system32\winsrv.dll
2011-08-25 14:07 . 2011-08-31 06:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 06:52 1695232 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 06:51 . 3EF79D1F5B06B29B3C317DFFB8BE0F8F . 1405440 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 06:51 . 3EF79D1F5B06B29B3C317DFFB8BE0F8F . 1405440 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 06:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\VistaMizer\old\comres.dll
[7] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 05FBA37F65A8C225F5FC4B41C8D68F4F . 770560 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2010-08-23 . 05FBA37F65A8C225F5FC4B41C8D68F4F . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 05FBA37F65A8C225F5FC4B41C8D68F4F . 770560 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2011-07-25 . A29129F36BE49C18D1586DF917D6B375 . 6194688 . . [8.00.6001.19120] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2011-07-25 . DC78DD5119D2E3E446A51D399D171F85 . 5969920 . . [8.00.6001.19120] . . c:\windows\SoftwareDistribution\Download\9390c46ed0bc99403e4d73710746cfb2\SP3GDR\mshtml.dll
[-] 2011-07-25 . A29129F36BE49C18D1586DF917D6B375 . 6194688 . . [8.00.6001.19120] . . c:\windows\system32\mshtml.dll
[-] 2011-07-25 . A29129F36BE49C18D1586DF917D6B375 . 6194688 . . [8.00.6001.19120] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2011-07-25 . DC78DD5119D2E3E446A51D399D171F85 . 5969920 . . [8.00.6001.19120] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2011-07-25 . 00533384F69D30E334BD7FD0260FC95C . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . 00533384F69D30E334BD7FD0260FC95C . 5971456 . . [8.00.6001.23216] . . c:\windows\SoftwareDistribution\Download\9390c46ed0bc99403e4d73710746cfb2\SP3QFE\mshtml.dll
[7] 2010-05-06 . 06B941C7749A9F071444B4C7563F36B5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[7] 2010-05-06 . 06B941C7749A9F071444B4C7563F36B5 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\4da92e2c99b7232d7106179052438045\SP3GDR\mshtml.dll
[7] 2010-05-06 . 3F88F981AA7BC20744E0D2C699F500EF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-05-06 . 3F88F981AA7BC20744E0D2C699F500EF . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\4da92e2c99b7232d7106179052438045\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
.
[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2011-06-23 . EE71534FFF8472104FCB5F932C1488F3 . 1017856 . . [8.00.6001.19098] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2011-06-23 . 75C5FD1701D8A060F42160C5FDD7ED23 . 916480 . . [8.00.6001.19098] . . c:\windows\SoftwareDistribution\Download\9390c46ed0bc99403e4d73710746cfb2\SP3GDR\wininet.dll
[-] 2011-06-23 . EE71534FFF8472104FCB5F932C1488F3 . 1017856 . . [8.00.6001.19098] . . c:\windows\system32\wininet.dll
[-] 2011-06-23 . EE71534FFF8472104FCB5F932C1488F3 . 1017856 . . [8.00.6001.19098] . . c:\windows\system32\dllcache\wininet.dll
[7] 2011-06-23 . 75C5FD1701D8A060F42160C5FDD7ED23 . 916480 . . [8.00.6001.19098] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2011-06-23 . 279B74EC9E9AC6B42344BABB9995EC41 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . 279B74EC9E9AC6B42344BABB9995EC41 . 919552 . . [8.00.6001.23192] . . c:\windows\SoftwareDistribution\Download\9390c46ed0bc99403e4d73710746cfb2\SP3QFE\wininet.dll
[7] 2010-05-06 . B7ECEF0CCF63119356E174A78C185171 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2010-05-06 . B7ECEF0CCF63119356E174A78C185171 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\4da92e2c99b7232d7106179052438045\SP3GDR\wininet.dll
[7] 2010-05-06 . 72064DA077E9D6912F39438D97CC0C60 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-05-06 . 72064DA077E9D6912F39438D97CC0C60 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\4da92e2c99b7232d7106179052438045\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2008-04-14 . B720487896E2D91DA23E59820F718E34 . 1552384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . B720487896E2D91DA23E59820F718E34 . 1552384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 1E0F5A0072CD399DC0DF14FE7C7BBAAE . 268800 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 1E0F5A0072CD399DC0DF14FE7C7BBAAE . 268800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . 81206718E930BEF6D92A64725907D973 . 1312768 . . [5.1.2600.6010] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2010-07-16 . 81206718E930BEF6D92A64725907D973 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 81206718E930BEF6D92A64725907D973 . 1312768 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 6D1A3A355CA2AC64D2D5BAEC25C16427 . 1287680 . . [5.1.2600.6010] . . c:\windows\VistaMizer\old\ole32.dll
[7] 2010-07-16 . C85BE0CF9C91EB64CECA1D639D71D4CC . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2004-08-17 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\hnetcfg.dll
[7] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2010-12-09 . 40D176442F70573DBA0E05A7E40D3EBB . 2071552 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 7D99B5CB3A37D7856326EA1EE472BF76 . 2286592 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2010-12-09 . 7D99B5CB3A37D7856326EA1EE472BF76 . 2286592 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 7D99B5CB3A37D7856326EA1EE472BF76 . 2286592 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-12-09 . 3BDF4E6E7BAA918AAA1670B7EBA505A3 . 2029056 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2010-12-09 . 4FE7B81BEDE8D37C9E3D95C99A56A34E . 2071552 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 . 6DD6966FA0FF770A3E5545875557C7F1 . 2025984 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 9F12E026DC0B0C43F521114EFB3A3ACC . 2025984 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2004-08-17 . 7715EDDD01EDFEF9EF335D29C6DFE212 . 2017280 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2009-03-08 . C94590AF0DB0E97199688FF1A77037D2 . 727904 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\VistaMizer\old\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2010-12-09 . 8D222D8EF9B1951296F822583A044542 . 2194944 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . B6C5D4CBB22EEF31FAFBB76C2C6F3D99 . 2194944 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . C52901B0D4A05D717181A55944696981 . 2408448 . . [5.1.2600.6055] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2010-12-09 . C52901B0D4A05D717181A55944696981 . 2408448 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . C52901B0D4A05D717181A55944696981 . 2408448 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . EB4B6B42932C180632A2C2C43F23B84C . 2150912 . . [5.1.2600.6055] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 6499BF91CF62B4319D6ED7E99D0B6998 . 2147328 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2008-04-14 . 27C7A7AED8A477F6A0C7D3AD00AB9419 . 2147328 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2004-08-17 . 84FEF6BE553ACC66729F5D4113F53310 . 2150400 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2008-09-30 835072]
"AIDA64 AutoStart"="c:\program files\FinalWire\AIDA64 Extreme Edition\aida64.exe" [2011-09-17 3333768]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2011-09-13 3028880]
"CD Eject Tool"="c:\program files\cd.eject.tool.2.7\CD Eject Tool.exe" [2008-09-12 552960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2007-05-24 589824]
"MBMon"="AMBSpi.dll" [2009-07-27 173568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1040384]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2011-09-05 385024]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2011-08-31 3158016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-17 5566176]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-17 391144]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-09-10 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-09-10 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-09-10 1632360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 677376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
.
c:\documents and settings\Fanda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2011-8-28 155648]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2011-9-3 1556480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0auto_reactivate \\?\Volume{44697021-D178-11E0-949D-806D6172696F}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2011-03-09 12:21 107816 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-04-08 06:50 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2011-07-01 13:36 247760 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11]
2011-08-24 01:13 230696 ----a-w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServerForPDVD11.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Opera 12\\opera.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5.9.2011 13:18 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [5.9.2011 13:18 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [5.9.2011 13:18 656320]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2011 13:04 436792]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [1.9.2011 0:29 752128]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5.9.2011 13:18 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [5.9.2011 13:18 233976]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/02 09:09];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [26.8.2011 10:53 77296]
R2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1.9.2011 0:29 3246040]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [5.9.2011 13:18 337872]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 16:40 143467]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2.9.2011 9:08 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2.9.2011 9:08 75048]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [29.8.2011 16:31 1432976]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [30.8.2011 5:40 12184]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22.7.2011 14:26 690472]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2.9.2011 9:08 71664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [28.8.2011 14:33 2253120]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [29.6.2011 17:22 2468168]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [28.8.2011 12:05 66944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [1.9.2011 13:23 1526080]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1.9.2011 0:29 167968]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [29.8.2011 15:50 28824]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.8.2011 18:24 1656960]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [28.8.2011 14:31 119656]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [25.5.2005 6:39 4608]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys --> c:\windows\system32\DRIVERS\mv61xx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2.9.2011 9:08 292136]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [28.8.2011 21:37 79360]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUM_XP32.sys [29.8.2011 16:31 16744]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [27.12.2010 23:50 31124344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28.8.2011 20:32 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28.8.2011 20:32 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5.9.2011 13:18 70664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [5.9.2011 13:21 371472]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [8.7.2011 12:00 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOMA-E1405CEB78-Fanda.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-31 06:11]
.
2011-09-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-01 07:57]
.
2011-08-29 c:\windows\Tasks\Fanda 29082011.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-04-08 06:50]
.
2011-09-18 c:\windows\Tasks\User_Feed_Synchronization-{27E35990-706A-41B1-AF4E-DF0FAD4959A2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Connection Wizard,ShellNext = ftp://nmt:1234@192.168.1.104/CDROM/
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fanda\Data aplikací\Mozilla\Firefox\Profiles\wbzk8zrj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-KProbe - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 13:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="BE5FC11414C517314484BAD1BE7938A1D863DED4D413BB036E0FBF85C6AD020EB4EEC650D68A5360FD11B0BBBB8A5A7F2FDB8ED962082FAFC77A6401B570FC956C32445D79392BAE116F91C3B39C9B922737BDEBA8AC7E095F59A26065332B6D007B6850D7628F64C2F47EAFFB53325F4D6F1B1D95DA3D722CE75C9E7BA59EF5EC6F64B76F28B67FB94A96B70CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74C0D76881C261552273A57A3A3BE066BB3B49CF8D70EA8BE37A6F09BCA892C97BF18AA2B314331016E6778CB0989FD20E002A2E74BC84662B1F957C6AD480478FE660B6D732FD9A3858EE6D8D4620BD349F042FBEBA5840E5413B91B399A6EB2FC9B46E7BA06D77F44C9F00085E9EA76BCB40DA780EAAE0086568867A00DE8EEDAF3CCE74139F9CBA5CA292B8096586C2F8E5413B63415E756BCF730787F74CD603ED2EB240D913149D2E5780BB2988E38D7AF9620EF8A6CF5D300AD39A494DD755AD22B6799F3D070B9C0B8D15B72A714FDFAC12E61E724B7BDDD4A4105D1282841090CEF4DFABD836B9871640330F8A3FE55D73C1F081E96AE1026D17CBAA42BFB772C09E7837D8C668EDC346F9FB4E8F1214E05924A5A2EF0DA9390BA5D4255A7635BE0FC700CBABD89661BB893840C7C06CFA87D934F3FDFC71C06C3D0E31E78D49E0BF7A759611A3333534E6305DADCEEBBACEFC9E4306FA279206F2BDD26B398AEFB1411C5F635F995FBF1E94343E18BA379D1D97709A27A1CB0680CFA2CB442F78EE19A2B95DE111918B884465A71CD4EDADCB2D9F61425276C2F92791968241A82C637D27DFAECF9118C1785D781EDB501A1C84F4A6FB8726D97628BF551D96BF7FBDCFC11FEC8AAB02C076B1621E78901819291F7781389AFC9A556EE063EF2F70D035B5779A1502828C0D9176EF8AB52B40DCD190254AB96C109F358B0F46D6B5BA916FA063BC308663123FD9E25B352C3B725EAF6DF4CE54D3C73A690614C209C50C64C5A1A9349A14C9192F8B36A428F15ACCD54DD134812745774762C334A577E7E3B3D890147E5885FC0DBAF4FC34A2E6D47AB3ADB4A876A13FE4944F9FE6A3DBEE089170142975FBC98B5E71461798DE27FA1A6B6DDF95A13A8035AAFB8061AFEF62E95BDDBE951CDCD8CEFA0877AC380C46E1565D7080634F6336211562EA5AA5E2F1B151CE75F2B38769F0F0579632A06613FE072A5B04894F917171A3DF6A0972401186FEF1160D49F90AC90F90538D9DA2054C99B23964F8F74662A5EA733CBB7668BA4B2EF6E414BA2FD40D344F87750799F60842B5818BD3C5E9113D42A4329AC6AED358C4743CAF93812B140AD3ECACE541BD0983C05E1F38D"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1844)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1900)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1029\GrooveIntlResource.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\program files\Clock Tray Skins\Clock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\RALINK\Common\RalinkRegistryWriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\RunDLL32.exe
c:\progra~1\DUMETE~1\DUMeter.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2011-09-18 14:07:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-18 12:07
.
Před spuštěním: Volných bajtů: 195 586 940 928
Po spuštění: Volných bajtů: 196 429 733 888
.
- - End Of File - - 8CC859469AC620D0B9C7E56E71F381EB