Prosím o radu, jak na to

Zpráva

malanek · #1 Příspěvek od **malanek** » 22 bře 2011 16:27

PC má zajímavé vrtochy,nelze vypnout a manipulovat s obnovením systému,nelze vyhledávat,nelze se připojit na internet,
tempy jsou plné nulových souborů atd.
Mám tu výpis z HijackThis prosím někoho zkušenějšího o radu.Děkuji.

Logfile of HijackThis v1.99.1
Scan saved at 19:09:44, on 21.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Milan.MILANEK\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {6778613D-616B-4A6C-9856-65DE943CF424} - (no file)
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 195.137.236.101
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVP - AVerMedia TECHNOLOGIES, Inc. - (no file)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

#2 Příspěvek od **vyosek** » 22 bře 2011 16:49

Zdravim, pekny den preji a vitam Vas u nas na foru

Prectete si prosim pravidla fora a dulezite informace

Dejte log z RSIT - viz muj podpis - je podrobnejsi nez HJT - a poprosim o oba logy z nej (log.txt, i info.txt), budou ulozeny v c:\rsit

malanek · #3 Příspěvek od **malanek** » 22 bře 2011 17:01

Děkuji za odpověď,ale bude to chvíli trvat než požadované logy pořídím.Protože musím z jiného PC.
Tak prosím o ztrpení.

#4 Příspěvek od **vyosek** » 22 bře 2011 17:12

Jasny v pohode

malanek · #5 Příspěvek od **malanek** » 23 bře 2011 09:19

Tak nevím? V noci jsem zkusil pořídit logy a výsledek je hláška C:/rst/ přístup odepřen .
Zkusil jsem zpustit RootkitRevealer PC se zakousne a musí se restartovat.
Také jsem zkusil zpustit RootKit Hook Analyzer a RSPSC.SYS nenalezen a PC opět zatuhne.
Přemýšlím jestli nebude nejrozumnější formát C.
Děkuji.

#6 Příspěvek od **vyosek** » 23 bře 2011 10:17

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a zkuste dat log z RSIT

Mimochodem programy na rootkity co jste zkousel jsou pouze detekcni, stejne byste je musel nejak odmazat - navic oba programy jsou slabe na detekci - proc si myslite ze mate v PC rootkita?

malanek · #7 Příspěvek od **malanek** » 23 bře 2011 11:29

Zkusím nouzový režim,zatím jsem v pracovním procesu.
Zkusil jsem vše možné než jsem napsal .NOD nic nenašel.
Kasperského disk na opravu se zakousl a nic.
Děkuji za odpověď.

#8 Příspěvek od **vyosek** » 23 bře 2011 12:39

OK, pak napiste

malanek · #9 Příspěvek od **malanek** » 25 bře 2011 15:06

Omlouvám se za zpoždění,ale dříve se mi to nepovedlo.Podařilo se mi uplně vypnout v zásadách skupin obnovení systému,dříve bylo zablokováné.
A připojím se k internetu dříve zablokované.Z obou výpisu zatím jeden,u druhého hláška přístup odepřen.
Prosím zatím o kontrolu přiloženého,jestli to pomůže.Děkuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Milan at 2011-03-25 14:50:51
WIN_XP Service Pack 3
System drive C: has 5 GB (8%) free of 59 GB
Total RAM: 2047 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll [2011-03-06 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-27 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
QuickNet BHO - C:\Program Files\RegTweaker\key.dll [2010-12-12 242176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll [2011-03-06 520192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2007-05-01 233472]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2007-05-01 131072]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2010-07-27 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-12 3171760]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Documents and Settings\Milan.MILANEK\Nabídka Start\Programy\Po spuštění
_uninst_setup_9.0.0.722_23.03.2011_12-09.exe.lnk - C:\Documents and Settings\Milan.MILANEK\Local Settings\Temp\_uninst_setup_9.0.0.722_23.03.2011_12-09.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispCpl"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoVisualStyleChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktop"=0
"NoActiveDesktop"=0
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"StartmenuLogoff"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Silicon Image\Java SATARaid\SiITray.exe"="C:\Program Files\Silicon Image\Java SATARaid\SiITray.exe:*:Enabled:SiITray"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:javaw"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:TV Network Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:TV Task Manager Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:TV ViewScape"
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:TV Setup Wizard"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-03-24 16:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-03-24 16:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-03-24 16:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-24 16:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-03-24 16:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-03-23 19:22:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-03-23 19:22:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-03-23 19:13:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-23 18:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-03-23 18:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-03-23 18:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-03-23 18:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-03-23 18:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-03-23 18:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-03-23 18:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-23 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-03-23 18:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-03-23 18:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-03-23 18:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-03-23 18:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-03-23 18:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-03-23 18:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-03-23 18:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-03-23 18:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-03-23 18:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-03-23 18:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-03-23 18:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-03-23 18:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-03-23 18:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-03-23 18:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-23 18:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-03-23 18:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-03-23 18:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-03-23 18:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-03-23 18:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-03-23 18:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-03-23 18:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-03-23 18:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-03-23 18:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-03-23 18:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-03-23 18:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-03-23 18:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-03-23 18:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-03-23 18:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-03-23 18:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-03-23 18:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-03-23 18:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-03-23 18:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-03-23 18:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-03-23 18:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-03-23 18:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-03-23 18:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-03-23 18:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-03-23 18:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-03-23 18:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-03-23 18:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-03-23 18:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-03-23 18:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-03-23 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-03-23 18:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-03-23 18:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-03-23 18:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-03-23 18:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-03-23 17:59:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-03-23 17:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-03-23 17:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-23 17:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2011-03-23 17:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-03-23 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-03-23 17:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-03-23 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-03-23 17:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-03-23 17:57:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-03-23 17:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-03-23 17:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-03-23 17:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-03-23 17:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-03-23 17:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-03-23 17:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-03-23 17:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-03-23 17:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-03-23 17:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-03-23 17:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-03-23 17:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-03-23 17:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-03-23 17:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-03-23 17:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-03-22 23:08:40 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-22 20:00:37 ----D---- C:\rsit
2011-03-22 20:00:37 ----D---- C:\Program Files\trend micro
2011-03-21 17:23:39 ----D---- C:\WINDOWS\Prefetch
2011-03-21 17:10:13 ----A---- C:\WINDOWS\control.ini
2011-03-21 17:10:01 ----A---- C:\WINDOWS\OEWABLog.txt
2011-03-21 17:09:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-03-21 17:08:52 ----HD---- C:\Program Files\WindowsUpdate
2011-03-21 15:53:09 ----ASH---- C:\pagefile.sys
2011-03-21 15:12:51 ----A---- C:\WINDOWS\pnplog.txt
2011-03-21 15:03:32 ----A---- C:\WINDOWS\imsins.BAK
2011-03-21 15:03:27 ----D---- C:\Program Files\Common Files\ODBC
2011-03-21 15:03:18 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-03-21 15:03:18 ----A---- C:\WINDOWS\system32\irclass.dll
2011-03-21 15:02:55 ----RA---- C:\WINDOWS\SET101.tmp
2011-03-21 15:02:52 ----RA---- C:\WINDOWS\SETF5.tmp
2011-03-21 15:02:50 ----RA---- C:\WINDOWS\SETF2.tmp
2011-03-21 15:02:06 ----A---- C:\WINDOWS\setuplog.txt
2011-03-21 11:40:49 ----D---- C:\Program Files\RegTweaker
2011-03-21 11:33:57 ----D---- C:\Documents and Settings\Milan.MILANEK\Data aplikací\Malwarebytes
2011-03-21 11:33:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-03-21 11:33:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-03-21 11:33:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-03-21 11:33:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-18 01:42:05 ----D---- C:\Avenger
2011-03-17 17:14:08 ----A---- C:\WINDOWS\gtrans.ini
2011-03-17 16:32:04 ----HDC---- C:\WINDOWS\ie8
2011-03-15 14:51:03 ----D---- C:\Program Files\FVD Suite
2011-03-15 13:26:57 ----D---- C:\Documents and Settings\Milan.MILANEK\Data aplikací\vlc
2011-03-15 13:25:47 ----D---- C:\Program Files\VideoLAN
2011-03-15 12:49:31 ----D---- C:\WINDOWS\Replay Media Catcher
2011-03-15 12:49:06 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Applian
2011-03-15 00:39:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-14 18:34:17 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-03-14 17:37:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2011-03-14 14:28:29 ----A---- C:\WINDOWS\system32\javaws.exe
2011-03-14 14:28:29 ----A---- C:\WINDOWS\system32\javaw.exe
2011-03-14 14:28:29 ----A---- C:\WINDOWS\system32\java.exe
2011-03-13 20:22:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\McAfee
2011-03-11 22:08:39 ----A---- C:\WINDOWS\MaxwellMaxPluginUninstall.exe
2011-03-11 21:57:43 ----D---- C:\Program Files\Next Limit
2011-03-10 08:10:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Trymedia
2011-03-09 19:21:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SecTaskMan
2011-03-06 16:58:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft
2011-03-06 16:57:30 ----D---- C:\Documents and Settings\Milan.MILANEK\Data aplikací\LangSoft

======List of files/folders modified in the last 1 months======

2011-03-25 14:48:13 ----SHD---- C:\System Volume Information
2011-03-25 14:45:29 ----A---- C:\WINDOWS\WINCMD.INI
2011-03-25 14:44:48 ----D---- C:\WINDOWS\Temp
2011-03-25 14:44:04 ----D---- C:\WINDOWS
2011-03-24 23:41:21 ----D---- C:\WINDOWS\security
2011-03-24 23:17:12 ----D---- C:\Documents and Settings\Milan.MILANEK\Data aplikací\DMCache
2011-03-24 23:16:59 ----D---- C:\WINDOWS\system32\Restore
2011-03-24 22:51:00 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-03-24 22:26:30 ----A---- C:\WINDOWS\TRNCOM.INI
2011-03-24 18:02:37 ----D---- C:\Program Files\IL2-MAT Manager
2011-03-24 17:44:37 ----D---- C:\WINDOWS\system32\drivers
2011-03-24 16:22:40 ----SHD---- C:\RECYCLER
2011-03-24 16:14:54 ----HD---- C:\WINDOWS\inf
2011-03-24 16:13:51 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-24 16:13:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-24 16:09:16 ----D---- C:\WINDOWS\system32
2011-03-24 15:42:24 ----SHD---- C:\WINDOWS\Installer
2011-03-24 15:42:24 ----HD---- C:\Config.Msi
2011-03-24 15:42:24 ----D---- C:\Program Files\Growler Guncam
2011-03-24 14:19:04 ----D---- C:\Download
2011-03-23 22:46:59 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-23 19:22:09 ----RD---- C:\Program Files
2011-03-23 19:13:51 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-23 18:21:04 ----D---- C:\WINDOWS\system32\wbem
2011-03-23 18:21:04 ----D---- C:\WINDOWS\AppPatch
2011-03-23 17:58:03 ----D---- C:\Program Files\Outlook Express
2011-03-23 17:57:09 ----D---- C:\Program Files\Movie Maker
2011-03-23 17:43:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Zoom Player
2011-03-23 17:28:21 ----D---- C:\WINDOWS\SoftwareDistribution
2011-03-23 17:28:18 ----D---- C:\WINDOWS\Help
2011-03-23 17:22:35 ----D---- C:\Program Files\3dsmax5
2011-03-23 16:43:24 ----SD---- C:\WINDOWS\Tasks
2011-03-23 02:10:44 ----D---- C:\Program Files\RootKit Hook Analyzer
2011-03-22 08:09:24 ----D---- C:\WINDOWS\twain_32
2011-03-22 07:54:59 ----D---- C:\OutputFolder
2011-03-22 07:47:59 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-21 18:10:31 ----D---- C:\WINDOWS\system32\cs-cz
2011-03-21 18:10:30 ----D---- C:\Program Files\Internet Explorer
2011-03-21 18:03:45 ----D---- C:\WINDOWS\Debug
2011-03-21 17:16:46 ----D---- C:\WINDOWS\nview
2011-03-21 17:16:16 ----D---- C:\WINDOWS\system32\config
2011-03-21 17:09:56 ----AC---- C:\WINDOWS\ODBCINST.INI
2011-03-21 17:09:44 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-03-21 17:09:09 ----RD---- C:\WINDOWS\Web
2011-03-21 17:09:00 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-03-21 17:08:47 ----A---- C:\WINDOWS\win.ini
2011-03-21 17:07:49 ----D---- C:\WINDOWS\system32\oobe
2011-03-21 15:58:10 ----D---- C:\WINDOWS\system32\Setup
2011-03-21 15:58:10 ----D---- C:\WINDOWS\system
2011-03-21 15:58:02 ----D---- C:\WINDOWS\L2Schemas
2011-03-21 15:58:00 ----D---- C:\WINDOWS\system32\usmt
2011-03-21 15:57:50 ----D---- C:\WINDOWS\ehome
2011-03-21 15:57:49 ----D---- C:\WINDOWS\ime
2011-03-21 15:57:48 ----RSD---- C:\WINDOWS\Fonts
2011-03-21 15:57:47 ----D---- C:\WINDOWS\Network Diagnostic
2011-03-21 15:57:47 ----D---- C:\WINDOWS\Media
2011-03-21 15:57:31 ----D---- C:\WINDOWS\PeerNet
2011-03-21 15:57:14 ----D---- C:\WINDOWS\system32\npp
2011-03-21 15:57:06 ----D---- C:\WINDOWS\msagent
2011-03-21 15:57:02 ----D---- C:\WINDOWS\system32\cs
2011-03-21 15:54:59 ----D---- C:\WINDOWS\system32\1029
2011-03-21 15:54:39 ----D---- C:\WINDOWS\system32\icsxml
2011-03-21 15:54:13 ----D---- C:\WINDOWS\system32\ias
2011-03-21 15:54:08 ----D---- C:\WINDOWS\system32\1033
2011-03-21 15:16:08 ----SH---- C:\boot.ini
2011-03-21 15:03:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-21 15:03:27 ----D---- C:\Program Files\Common Files
2011-03-21 15:03:24 ----A---- C:\WINDOWS\system.ini
2011-03-21 15:03:09 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\desktop.ini
2011-03-21 13:33:44 ----AC---- C:\WINDOWS\UPGRADE.TXT
2011-03-21 13:02:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-18 21:18:31 ----D---- C:\a
2011-03-17 16:48:13 ----D---- C:\WINDOWS\ie8updates
2011-03-17 16:32:33 ----D---- C:\WINDOWS\WBEM
2011-03-17 16:19:39 ----D---- C:\WINDOWS\system32\en-us
2011-03-15 11:35:56 ----D---- C:\Program Files\Opera
2011-03-14 21:02:50 ----D---- C:\Program Files\Ultimate Unwrap3D
2011-03-14 14:42:56 ----D---- C:\Program Files\Common Files\Java
2011-03-14 14:28:15 ----D---- C:\Program Files\Java
2011-03-09 07:47:10 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-06 17:28:33 ----D---- C:\Program Files\Sports Illustrated
2011-03-06 17:16:16 ----D---- C:\TRANSLAT
2011-03-06 17:00:51 ----A---- C:\WINDOWS\MAILTRAN.INI
2011-03-06 16:47:43 ----A---- C:\WINDOWS\WDICT32.INI
2011-03-06 16:43:33 ----A---- C:\WINDOWS\WTRAN32.INI
2011-03-02 18:53:13 ----D---- C:\Program Files\Google
2011-03-01 00:06:42 ----AC---- C:\WINDOWS\ODBC.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-09-01 5888]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2005-09-01 127488]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 97408]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2003-10-15 10240]
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\WINDOWS\system32\DRIVERS\snman380.sys [2008-12-03 134272]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 SaiH0464;SaiH0464; C:\WINDOWS\system32\DRIVERS\SaiH0464.sys [2007-05-01 132232]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-03-23 716272]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2009-11-06 106880]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2007-05-01 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2007-05-01 35072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-03-15 85096]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2002-12-12 46080]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-10-06 241734]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-12 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Příspěvek od **vyosek** » 26 bře 2011 07:16

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

malanek · #11 Příspěvek od **malanek** » 26 bře 2011 08:20

Dobré ráno přikládám log.Děkuji.

ComboFix 11-03-24.06 - Milan 26.03.2011 7:52.1.1 - x86
Spuštěný z: c:\documents and settings\Milan.MILANEK\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\ntuser.pol
c:\windows\system\ATL.DLL
c:\windows\system32\_000121_.tmp.dll
c:\windows\system32\_000239_.tmp.dll
c:\windows\system32\wnpa32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-26 do 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-25 19:01 . 2011-03-25 19:01 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\SUPERAntiSpyware.com
2011-03-25 19:01 . 2011-03-25 19:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2011-03-25 19:00 . 2011-03-25 19:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 15:56 . 2011-03-25 15:56 388096 ----a-r- c:\documents and settings\Milan.MILANEK\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-24 15:09 . 2011-03-24 15:09 -------- d-sh--w- c:\documents and settings\Administrator.MILANEK\IETldCache
2011-03-23 18:22 . 2011-03-25 19:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-03-23 18:22 . 2011-03-23 21:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-23 18:13 . 2011-03-26 06:44 -------- d-----w- c:\windows\system32\CatRoot2
2011-03-23 16:47 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-23 16:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-23 16:43 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-23 16:43 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-23 16:43 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-23 16:43 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-23 16:42 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-23 16:42 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-23 16:38 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-23 16:38 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-23 16:38 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-23 16:38 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-03-22 19:00 . 2011-03-25 15:56 -------- d-----w- c:\program files\trend micro
2011-03-22 19:00 . 2011-03-23 00:56 -------- d-----w- C:\rsit
2011-03-21 16:11 . 2008-04-14 07:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-03-21 16:10 . 2001-10-25 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-03-21 16:08 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-03-21 16:08 . 2001-10-25 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-03-21 16:07 . 2008-04-14 07:52 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-03-21 16:07 . 2008-04-14 07:52 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-03-21 16:07 . 2008-04-14 07:52 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-03-21 16:07 . 2008-04-14 07:52 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-03-21 16:07 . 2008-04-14 07:52 215552 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-03-21 16:07 . 2008-04-14 07:52 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-03-21 16:07 . 2008-04-14 07:51 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-03-21 16:07 . 2008-04-14 07:51 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-03-21 14:03 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-03-21 14:03 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-03-21 14:03 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-03-21 14:03 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-03-21 14:02 . 2008-04-14 09:52 16825 ----a-r- c:\windows\SET101.tmp
2011-03-21 14:02 . 2008-04-14 09:52 1088840 ----a-r- c:\windows\SETF5.tmp
2011-03-21 14:02 . 2008-04-14 09:59 1246067 ----a-r- c:\windows\SETF2.tmp
2011-03-21 10:40 . 2011-03-21 11:19 -------- d-----w- c:\program files\RegTweaker
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\Malwarebytes
2011-03-21 10:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 10:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-17 15:32 . 2011-03-21 17:06 -------- dc-h--w- c:\windows\ie8
2011-03-15 23:09 . 2011-03-25 03:40 0 ----a-w- c:\documents and settings\Milan.MILANEK\ntuser.tmp
2011-03-15 13:51 . 2011-03-15 14:03 -------- d-----w- c:\program files\FVD Suite
2011-03-15 12:26 . 2011-03-15 12:30 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\vlc
2011-03-15 12:25 . 2011-03-15 12:25 -------- d-----w- c:\program files\VideoLAN
2011-03-15 11:51 . 2011-03-15 11:51 -------- d-----w- c:\documents and settings\Milan.MILANEK\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2011-03-15 11:49 . 2011-03-15 11:49 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-15 11:49 . 2011-03-15 11:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Applian
2011-03-15 10:36 . 2011-03-15 10:36 -------- d-----w- c:\documents and settings\Milan.MILANEK\Local Settings\Data aplikací\Opera
2011-03-14 17:34 . 2011-03-14 17:34 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-14 16:37 . 2011-03-14 16:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
2011-03-13 19:22 . 2011-03-13 19:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\McAfee
2011-03-11 21:08 . 2011-03-11 21:08 52273 ----a-w- c:\windows\MaxwellMaxPluginUninstall.exe
2011-03-11 20:57 . 2011-03-11 20:57 -------- d-----w- c:\program files\Next Limit
2011-03-10 07:10 . 2011-03-10 07:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Trymedia
2011-03-09 18:21 . 2011-03-09 22:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SecTaskMan
2011-03-06 15:58 . 2011-03-06 16:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft
2011-03-06 15:57 . 2011-03-06 16:05 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\LangSoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 07:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 07:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-05-13 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-05-13 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-11-09 07:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-09 07:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 07:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 06:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
2010-12-12 08:56 242176 ----a-w- c:\program files\RegTweaker\key.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-12 3171760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-05-01 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-05-01 131072]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2010-07-27 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-3-22 618496]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0\0sprestrt
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 716272]
R2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2009-11-06 106880]
R3 RR;RR; [x]
R3 SC;SC; [x]
R4 RRNCXRFWPRJG;RRNCXRFWPRJG; [x]
R4 UQCRH;UQCRH; [x]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-05-12 97408]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2008-07-22 15976]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [2007-05-01 132232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 19:27]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 19:27]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-HijackThis - c:\documents and settings\Milan.MILANEK\Plocha\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDAAFC8C-1E98-53AB-FE08-D652E0982693}*]
"abjjeckpffoboapndodfnahlggenobgdcc"=hex:69,61,69,6d,68,66,6c,70,65,6e,6b,68,
66,6d,64,66,69,67,00,00
"makjjbjbplnpfbbmgpkolifale"=hex:6f,61,66,68,6c,6d,6f,6b,6b,6d,64,63,64,62,6f,
70,62,69,6c,6f,69,6b,6f,62,65,6c,62,6d,6e,62,00,00
.
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA28B5B9-FE14-08C1-976F-D8206B8710D0}*]
"iaghfiamalhoijkajl"=hex:63,61,61,67,6b,62,00,7c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0cd6d4d7-5101-457a-9d19-78e1242308f9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000012
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f9,a2,75,0f,26,61,65,fc,ab,12,21,3b,a6,2b,48,0f,0b,b3,69,c5,98,
2b,cc,40,c6,49,61,54,71,b2,69,7d,51,e8,31,d1,9e,d3,71,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="755F10BC08CE6F26262BF7FC6BA1D00B8CA91B9A568DA37B7C8F49DAD93B60AC852E9294E404050E9299C62DCDDEC0534FE5C5242367E50BEE72A336D26EBBC230C115091C1D8DC0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA9C6AECB7A5D1407EDCAAD6D49A05364040686B410381990A6538F0B5BF5D8D5F8E94BFEC8A8B3A88FB7DA45D41735D3CC58B7AD7895075548CF6765E074B7084C1DCF90B0B413A6609D13A6510F0711DFB67F3156D1196CAA5C0F47EE82F193D8E0F16769DCEB480C123199C617C0CCC42CDBE45AFCBB374D9AC492FD5503A23888D045559D6B29E63F585A1F1061B026588FA1967E5C8955BE8DDDE9786B5827FDD19C39C5C1D56664EBDAA72DE95552EE9FF5830F6E298A11AEF3F3CA2E49073F1D953E7925502452953E14F760CB3DB6D7A1FC3CE8D4D7EDB4D2C0FDD17D5BDC1D8B71314D8F5DF043DC7ACDCD16FD8B451C406945BACD44EDAC579A65F2CD7C040D4638757DF439A544555FC02B4E5B3A0FF14A0300A01A6EE826F9F39A2B56445F10AEE077703A31B382314AF60DAB4DD59AE9243B27070D22FA4B955A65B81777898752D07916A022451B80573F915783A32630F95FB7E3A58C125F888F05F8844F8B134D5F836FB4C24C7C9F8839F65E5EB030BC66EBD2F7F0246C746430296262D56FA8914BDFCA86C2DB97B661105DFC0EB4F581777D4E272C5E5EBFC32B272AD5B791A7CDF6737ED44179B7DE4730969A500E99C3CA928EA9587C22DBC819EDCF4329DB7B7D73FC2AD0741D1786B8A78118E0384C66E3E96F01F5312C8DB35B5C67848A5B0044B9C1B5AC20867C8A0FC527BF1022BC1664A385E8367749278465812E3787D111CCE91D371A3C9B7010BC1D6D72E8052F09C193E61D9811D65FAD73A4072E05BBB6C838200A5B996752101CA15958B367C798E07377FA3CD9C3C5215AC213F5D658D63D66939B6F22E03FCA095FBE8430F5C92488F9A2E67CF016F235DA0ABEACF861E4FCFCC6DE04AB1AD344447AF72ACBCC9812FCA2F0BD075CD60E5FFEC3B84287ED4B31BD652985C666E66D804EACE56C7D73FD257FD08A26BB3486EF272DC3C019ACBF734DDC26BF34F861D890C243C7187F1E677A1EE65997E8AA6E536C6F532DED5AEE9E222A517376CC9F8A2A49D0AF01A13B0DC0E82C62E24922F5101B5DF1D55ACBA6AD8E9FDFCEFE86CAD5C0CF0FB2F105A887C1AA19CB04440065814F37973738F9E8B71EB8666CCF246B56DD86479CBD807686B33C41A123266B40ED4E6012F96D726E183F962DD42D4698EAE864D0730D46B0FDD0550BA1E1D65BD18BCEAD659A9ADB2B3B29FB02C1F5FD398F2165C78AE01E0EDD0FCEB56F11B96749"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1344)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2011-03-26 08:11:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-26 07:11
.
Před spuštěním: 6 729 318 400
Po spuštění: 6 550 454 272
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 84272101CDC349486289A358D1A6AE8E

#12 Příspěvek od **vyosek** » 26 bře 2011 19:43

Odninstalujte Spybota - je uz davno za zenitem, navic tam mate SAS coz je lepsi nahrada

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
c:\windows\SET101.tmp
c:\windows\SETF5.tmp
c:\windows\SETF2.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"PWRISOVM.EXE"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-

Driver::
RR
SC
UQCRH
RRNCXRFWPRJG

DDS::
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

RegLock::
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDAAFC8C-1E98-53AB-FE08-D652E0982693}*]
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA28B5B9-FE14-08C1-976F-D8206B8710D0}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0cd6d4d7-5101-457a-9d19-78e1242308f9}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

RegNull::
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDAAFC8C-1E98-53AB-FE08-D652E0982693}*]
[HKEY_USERS\S-1-5-21-73586283-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EA28B5B9-FE14-08C1-976F-D8206B8710D0}*]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

malanek · #13 Příspěvek od **malanek** » 27 bře 2011 15:33

Hezké odpoledne,musel jsem se trochu věnovat domácím starostem.
SUPERAntiSpyware jsem nainstaloval po četbě tohoto fóra.Druhý jsem odinstaloval a přikládám nový log.
Děkuji.

ComboFix 11-03-26.01 - Milan 27.03.2011 15:56:07.2.1 - x86
Spuštěný z: c:\documents and settings\Milan.MILANEK\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan.MILANEK\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\SET101.tmp"
"c:\windows\SETF2.tmp"
"c:\windows\SETF5.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SET101.tmp
c:\windows\SETF2.tmp
c:\windows\SETF5.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RR
-------\Legacy_RRNCXRFWPRJG
-------\Legacy_SC
-------\Legacy_UQCRH
-------\Service_RR
-------\Service_RRNCXRFWPRJG
-------\Service_SC
-------\Service_UQCRH
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-25 19:01 . 2011-03-25 19:01 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\SUPERAntiSpyware.com
2011-03-25 19:01 . 2011-03-25 19:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2011-03-25 19:00 . 2011-03-25 19:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 15:56 . 2011-03-25 15:56 388096 ----a-r- c:\documents and settings\Milan.MILANEK\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-24 15:09 . 2011-03-24 15:09 -------- d-sh--w- c:\documents and settings\Administrator.MILANEK\IETldCache
2011-03-23 18:22 . 2011-03-27 13:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2011-03-23 18:13 . 2011-03-27 13:52 -------- d-----w- c:\windows\system32\CatRoot2
2011-03-23 16:47 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-23 16:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-23 16:43 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-23 16:43 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-23 16:43 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-23 16:43 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-23 16:42 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-23 16:42 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-23 16:38 . 2010-12-09 15:14 2194944 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-23 16:38 . 2010-12-09 15:14 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-23 16:38 . 2010-12-09 15:14 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-23 16:38 . 2010-12-09 15:14 2071552 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-03-22 19:00 . 2011-03-25 15:56 -------- d-----w- c:\program files\trend micro
2011-03-22 19:00 . 2011-03-23 00:56 -------- d-----w- C:\rsit
2011-03-21 16:11 . 2008-04-14 07:52 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-03-21 16:10 . 2001-10-25 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-03-21 16:08 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-03-21 16:08 . 2001-10-25 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-03-21 16:07 . 2008-04-14 07:52 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-03-21 16:07 . 2008-04-14 07:52 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-03-21 16:07 . 2008-04-14 07:52 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-03-21 16:07 . 2008-04-14 07:52 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-03-21 16:07 . 2008-04-14 07:52 215552 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-03-21 16:07 . 2008-04-14 07:52 215552 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-03-21 16:07 . 2008-04-14 07:51 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-03-21 16:07 . 2008-04-14 07:51 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-03-21 14:03 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-03-21 14:03 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-03-21 14:03 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-03-21 14:03 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-03-21 10:40 . 2011-03-21 11:19 -------- d-----w- c:\program files\RegTweaker
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\Malwarebytes
2011-03-21 10:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-03-21 10:33 . 2011-03-21 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 10:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-17 15:32 . 2011-03-21 17:06 -------- dc-h--w- c:\windows\ie8
2011-03-15 23:09 . 2011-03-26 08:59 0 ----a-w- c:\documents and settings\Milan.MILANEK\ntuser.tmp
2011-03-15 13:51 . 2011-03-15 14:03 -------- d-----w- c:\program files\FVD Suite
2011-03-15 12:26 . 2011-03-15 12:30 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\vlc
2011-03-15 12:25 . 2011-03-15 12:25 -------- d-----w- c:\program files\VideoLAN
2011-03-15 11:51 . 2011-03-15 11:51 -------- d-----w- c:\documents and settings\Milan.MILANEK\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2011-03-15 11:49 . 2011-03-15 11:49 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-15 11:49 . 2011-03-15 11:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Applian
2011-03-15 10:36 . 2011-03-15 10:36 -------- d-----w- c:\documents and settings\Milan.MILANEK\Local Settings\Data aplikací\Opera
2011-03-14 17:34 . 2011-03-14 17:34 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-14 16:37 . 2011-03-14 16:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
2011-03-13 19:22 . 2011-03-13 19:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\McAfee
2011-03-11 21:08 . 2011-03-11 21:08 52273 ----a-w- c:\windows\MaxwellMaxPluginUninstall.exe
2011-03-11 20:57 . 2011-03-11 20:57 -------- d-----w- c:\program files\Next Limit
2011-03-10 07:10 . 2011-03-10 07:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Trymedia
2011-03-09 18:21 . 2011-03-09 22:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SecTaskMan
2011-03-06 15:58 . 2011-03-06 16:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft
2011-03-06 15:57 . 2011-03-06 16:05 -------- d-----w- c:\documents and settings\Milan.MILANEK\Data aplikací\LangSoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 07:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 07:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-05-13 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-05-13 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-11-09 07:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-09 07:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 07:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 07:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 06:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
2010-12-12 08:56 242176 ----a-w- c:\program files\RegTweaker\key.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-12 3171760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-05-01 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-05-01 131072]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-3-23 618496]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0\0sprestrt
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 716272]
R2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 135664]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2009-11-06 106880]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-05-12 97408]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2008-07-22 15976]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [2007-05-01 132232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users.WINDOWS\Data aplikací\LangSoft\WebIE.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="755F10BC08CE6F26262BF7FC6BA1D00B8CA91B9A568DA37B7C8F49DAD93B60AC852E9294E404050E9299C62DCDDEC0534FE5C5242367E50BEE72A336D26EBBC230C115091C1D8DC0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA9C6AECB7A5D1407EDCAAD6D49A05364040686B410381990A6538F0B5BF5D8D5F8E94BFEC8A8B3A88FB7DA45D41735D3CC58B7AD7895075548CF6765E074B7084C1DCF90B0B413A6609D13A6510F0711DFB67F3156D1196CAA5C0F47EE82F193D8E0F16769DCEB480C123199C617C0CCC42CDBE45AFCBB374D9AC492FD5503A23888D045559D6B29E63F585A1F1061B026588FA1967E5C8955BE8DDDE9786B5827FDD19C39C5C1D56664EBDAA72DE95552EE9FF5830F6E298A11AEF3F3CA2E49073F1D953E7925502452953E14F760CB3DB6D7A1FC3CE8D4D7EDB4D2C0FDD17D5BDC1D8B71314D8F5DF043DC7ACDCD16FD8B451C406945BACD44EDAC579A65F2CD7C040D4638757DF439A544555FC02B4E5B3A0FF14A0300A01A6EE826F9F39A2B56445F10AEE077703A31B382314AF60DAB4DD59AE9243B27070D22FA4B955A65B81777898752D07916A022451B80573F915783A32630F95FB7E3A58C125F888F05F8844F8B134D5F836FB4C24C7C9F8839F65E5EB030BC66EBD2F7F0246C746430296262D56FA8914BDFCA86C2DB97B661105DFC0EB4F581777D4E272C5E5EBFC32B272AD5B791A7CDF6737ED44179B7DE4730969A500E99C3CA928EA9587C22DBC819EDCF4329DB7B7D73FC2AD0741D1786B8A78118E0384C66E3E96F01F5312C8DB35B5C67848A5B0044B9C1B5AC20867C8A0FC527BF1022BC1664A385E8367749278465812E3787D111CCE91D371A3C9B7010BC1D6D72E8052F09C193E61D9811D65FAD73A4072E05BBB6C838200A5B996752101CA15958B367C798E07377FA3CD9C3C5215AC213F5D658D63D66939B6F22E03FCA095FBE8430F5C92488F9A2E67CF016F235DA0ABEACF861E4FCFCC6DE04AB1AD344447AF72ACBCC9812FCA2F0BD075CD60E5FFEC3B84287ED4B31BD652985C666E66D804EACE56C7D73FD257FD08A26BB3486EF272DC3C019ACBF734DDC26BF34F861D890C243C7187F1E677A1EE65997E8AA6E536C6F532DED5AEE9E222A517376CC9F8A2A49D0AF01A13B0DC0E82C62E24922F5101B5DF1D55ACBA6AD8E9FDFCEFE86CAD5C0CF0FB2F105A887C1AA19CB04440065814F37973738F9E8B71EB8666CCF246B56DD86479CBD807686B33C41A123266B40ED4E6012F96D726E183F962DD42D4698EAE864D0730D46B0FDD0550BA1E1D65BD18BCEAD659A9ADB2B3B29FB02C1F5FD398F2165C78AE01E0EDD0FCEB56F11B96749"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1340)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(4016)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-27 16:16:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 14:16
ComboFix2.txt 2011-03-26 07:12
.
Před spuštěním: 6 505 431 040
Po spuštění: 6 508 154 880
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - F554884C0F09751A27460E3D883DB085

#14 Příspěvek od **vyosek** » 27 bře 2011 18:23

Jak se chova PC

malanek · #15 Příspěvek od **malanek** » 27 bře 2011 20:21

Myslím,že vše je normání.Problémy,které byly před opravou jsou pryč.Moc děkuji za rady a trpělivost se šťorou samoukem.

VIRY.CZ

Prosím o radu, jak na to

Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to

Re: Prosím o radu, jak na to