VIRY.CZ

Prosím o kontrolu logu.je tam někde trojan Generic2_c.KLQ a nejde ven.Dik

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 4.4.2011 19:53:03
================================================================

SmallARK
================================================================
[?]NtClose -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtCreateKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtCreatePagingFile -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtEnumerateKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtEnumerateValueKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtOpenFile -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtOpenKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\AVGIDSShim.Sys
[?]NtQueryKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtQueryValueKey -> C:\WINDOWS\system32\drivers\a347bus.sys
[?]NtSetSystemPowerState -> C:\WINDOWS\system32\drivers\a347bus.sys
[R]NtTerminateProcess -> C:\WINDOWS\system32\drivers\AVGIDSShim.Sys
[R]NtTerminateThread -> C:\WINDOWS\system32\drivers\AVGIDSShim.Sys
[R]NtWriteVirtualMemory -> C:\WINDOWS\system32\drivers\AVGIDSShim.Sys

Běžící procesy
================================================================

C:\PROGRAM FILES\NEC ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQBAM08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGPC01.EXE
C:\PROGRAM FILES\NEC ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQBAM08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGPC01.EXE

Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[R] HDeck.exe
Spouští se po startu HKLM Run [HDAudDeck]

[R] FourEngine.exe
Spouští se po startu HKLM Run [Six Engine]

[R] BCU.exe
Spouští se po startu HKLM Run [BCU]

[?] nusb3mon.exe
Spouští se po startu HKLM Run [NUSB3MON]
Soubor 7%

[S] rundll32.exe
Spouští se po startu HKLM Run [NvMediaCenter]

[R] GrooveMonitor.exe
Ověřený Microsoft: Ne
Spouští se po startu HKLM Run [GrooveMonitor]

[R] avgtray.exe
Spouští se po startu HKLM Run [AVG_TRAY]

[?] winampa.exe
Spouští se po startu HKLM Run [WinampAgent]
Soubor 14%

[R] hpwuSchd2.exe
Spouští se po startu HKLM Run [HP Software Update]

[R] AdobeARM.exe
Spouští se po startu HKLM Run [Adobe ARM]

[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]

[R] hpqtra08.exe
Spouští se po startu Po spuštění []

[?] hpqste08.exe
Soubor 7%

[?] hpqbam08.exe
Soubor 14%

[?] hpqgpc01.exe
Soubor 7%

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[R] HDeck.exe
Spouští se po startu HKLM Run [HDAudDeck]

[R] FourEngine.exe
Spouští se po startu HKLM Run [Six Engine]

[R] BCU.exe
Spouští se po startu HKLM Run [BCU]

[?] nusb3mon.exe
Spouští se po startu HKLM Run [NUSB3MON]
Nemá okno
Soubor 7%

[S] rundll32.exe
Spouští se po startu HKLM Run [NvMediaCenter]

[R] GrooveMonitor.exe
Ověřený Microsoft: Ne
Spouští se po startu HKLM Run [GrooveMonitor]

[R] avgtray.exe
Spouští se po startu HKLM Run [AVG_TRAY]

[?] winampa.exe
Spouští se po startu HKLM Run [WinampAgent]
Nemá okno
Soubor 14%

[R] hpwuSchd2.exe
Spouští se po startu HKLM Run [HP Software Update]

[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]

[R] Skype.exe
Podvržená cesta modulu: (00400000) C:\Program Files\Skype\Phone\Skype.exe

[R] hpqtra08.exe
Spouští se po startu Po spuštění []

[?] hpqste08.exe
Nemá okno
Soubor 7%

[?] hpqbam08.exe
Nemá okno
Soubor 14%

[?] hpqgpc01.exe
Nemá okno
Soubor 7%

[R] mscorsvw.exe
Ověřený Microsoft: Ne

Po spuštění
================================================================

HKLM Run
|_ [R][HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
|_ [R][Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe -b
|_ [?][NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
|_ [?][WinampAgent] C:\Program Files\Winamp\winampa.exe
|_ [R][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [R][nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
|_ [R][DWQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP (Soubor nenalezen)
|_ [?][>{99820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM BHO
|_ [?][{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] hpqcxs08
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE Context Manager Objects
| |_ MD5: 0A3C6AA4A9FC38C20BA4EAC2C3351C05
|
|_ Jméno: hpqcxs08
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] Služba HP CUE DeviceDiscovery
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE DeviceDiscovery Service
| |_ MD5: F3F72A2A86C22610BCA5439FA789DD52
|
|_ Jméno: hpqddsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] HP Network Devices Support
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP Network Devices Support
| |_ MD5: 79737E0F7D25DE8405CB34D4C9882253
|
|_ Jméno: HPSLPSVC
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RPCSS

[?] Net Driver HPZ12
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\WINDOWS\system32\HPZinw12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 510C138564486FF926A3F773205C63D1
|
|_ Jméno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Pml Driver HPZ12
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\WINDOWS\system32\HPZipm12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 37E5E8FFBAD35605DAEEC3224EA0E465
|
|_ Jméno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[R] TuneUp Theme Extension
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\WINDOWS\System32\uxtuneup.dll
| |_ Výrobce: TuneUp Software
| |_ Popis: TuneUp Theme Extension
| |_ MD5: 3A335BB79F9D93F1D33CA07F8986E004
|
|_ Jméno: UxTuneUp
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: Themes

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] a347bus
|_ Cesta: C:\WINDOWS\system32\DRIVERS\a347bus.sys
| |_ Výrobce:
| |_ Popis: Plug and Play BIOS Extension
| |_ MD5: 1F61CACACB521215F39061789147968C
|
|_ Jméno: a347bus
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] a347scsi
|_ Cesta: C:\WINDOWS\System32\Drivers\a347scsi.sys
| |_ Výrobce:
| |_ Popis: SCSI miniport
| |_ MD5: 113E4B318BBAA7483CA4E582A4D63F49
|
|_ Jméno: a347scsi
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Ovladač procesoru HwPState AMD
|_ Cesta: C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
| |_ Výrobce: Advanced Micro Devices
| |_ Popis: AMD Processor Driver
| |_ MD5: 033448D435E65C4BD72E70521FD05C76
|
|_ Jméno: AmdPPM
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Standardní řadič disku IDE/ESDI
|_ Cesta: C:\WINDOWS\system32\DRIVERS\atapi.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: atapi
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] NEC Electronics USB 3.0 Hub Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
| |_ Výrobce: NEC Electronics Corporation
| |_ Popis: USB 3.0 Hub Driver
| |_ MD5: 9A3879B890F395EF8007A69543B56E8D
|
|_ Jméno: nusb3hub
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] NEC Electronics USB 3.0 Host Controller Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
| |_ Výrobce: NEC Electronics Corporation
| |_ Popis: USB 3.0 Host Controller Driver
| |_ MD5: 61C3A3C6B35F596831358D954D20712F
|
|_ Jméno: nusb3xhc
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58
| |_ MD5: 18C9B152DA7BEA76B2F9E4B6412E0AAF
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: CB9310A5A910648D359C99A857E22A54
|
|_ Jméno: RTLE8023xp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (2008) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (3272) alg.exe 127.0.0.1:1030 LISTENING
TCP (664) firefox.exe 127.0.0.1:3193 <-> 127.0.0.1:3194 ESTABLISHED
TCP (664) firefox.exe 127.0.0.1:3194 <-> 127.0.0.1:3193 ESTABLISHED
TCP (664) firefox.exe 127.0.0.1:3195 <-> 127.0.0.1:3196 ESTABLISHED
TCP (664) firefox.exe 127.0.0.1:3196 <-> 127.0.0.1:3195 ESTABLISHED
TCP (0) 127.0.0.1:3408 TIME_WAIT
TCP (0) 127.0.0.1:3409 TIME_WAIT
TCP (2336) firefox.exe 127.0.0.1:3410 <-> 127.0.0.1:3411 ESTABLISHED
TCP (2336) firefox.exe 127.0.0.1:3411 <-> 127.0.0.1:3410 ESTABLISHED
TCP (2336) firefox.exe 127.0.0.1:3416 <-> 127.0.0.1:3417 ESTABLISHED
TCP (2336) firefox.exe 127.0.0.1:3417 <-> 127.0.0.1:3416 ESTABLISHED
TCP (4) Systém 192.168.1.2:139 LISTENING
TCP (5392) jucheck.exe 192.168.1.2:1235 CLOSE_WAIT
TCP (3432) jucheck.exe 192.168.1.2:1371 CLOSE_WAIT
TCP (2288) opera.exe 192.168.1.2:2878 <-> 95.168.207.36:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3414 <-> 74.125.43.105:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3418 <-> 74.125.43.147:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3419 <-> 74.125.43.103:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3420 <-> 74.125.43.103:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3421 <-> 74.125.43.190:443 ESTABLISHED
TCP (0) 192.168.1.2:3422 TIME_WAIT
TCP (2336) firefox.exe 192.168.1.2:3432 <-> 74.125.43.113:80 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3434 <-> 74.125.43.91:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3437 <-> 74.125.43.91:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3438 <-> 74.125.43.91:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3439 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3440 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3441 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3442 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3443 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3444 <-> 74.125.43.132:443 ESTABLISHED
TCP (2336) firefox.exe 192.168.1.2:3445 <-> 74.125.43.132:443 ESTABLISHED
TCP (4916) UPM.exe 192.168.1.2:3458 <-> 109.123.209.238:80 ESTABLISHED
TCP (4916) UPM.exe 192.168.1.2:3459 <-> 95.100.248.11:80 ESTABLISHED
TCP (4916) UPM.exe 192.168.1.2:3460 <-> 194.7.155.81:80 ESTABLISHED
TCP (4916) UPM.exe 192.168.1.2:3461 <-> 199.7.71.190:80 ESTABLISHED
TCP (664) firefox.exe 192.168.1.2:3462 <-> 74.125.43.102:80 ESTABLISHED
TCP (664) firefox.exe 192.168.1.2:3463 <-> 74.125.43.102:80 ESTABLISHED
UDP (152) svchost.exe 0.0.0.0:427 <-> 199.7.52.190:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445
UDP (1696) lsass.exe 0.0.0.0:500
UDP (1696) lsass.exe 0.0.0.0:4500
UDP (4268) Skype.exe 127.0.0.1:1078
UDP (612) svchost.exe 127.0.0.1:1900
UDP (4) Systém 192.168.1.2:137
UDP (4) Systém 192.168.1.2:138
UDP (152) svchost.exe 192.168.1.2:427
UDP (2288) opera.exe 192.168.1.2:1079
UDP (2288) opera.exe 192.168.1.2:1900
UDP (612) svchost.exe 192.168.1.2:1900

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] uxtheme.dll
|_ Cesta: C:\WINDOWS\system32\uxtheme.dll
|_ MD5: AA5837459D8C7B54710EC41641FA8513
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ winlogon.exe (1588)
|_ lsass.exe (1696)
|_ svchost.exe (1920)
|_ svchost.exe (2008)
|_ svchost.exe (264)
|_ svchost.exe (436)
|_ svchost.exe (612)
|_ spoolsv.exe (868)
|_ avgwdsvc.exe (968)
|_ explorer.exe (1640)
|_ svchost.exe (1648)
|_ svchost.exe (152)
|_ svchost.exe (464)
|_ svchost.exe (824)
|_ jusched.exe (896)
|_ HDeck.exe (1068)
|_ svchost.exe (1208)
|_ FourEngine.exe (1268)
|_ BCU.exe (1364)
|_ nusb3mon.exe (1372)
|_ rundll32.exe (1488)
|_ TuneUpUtilitiesService32.exe (1500)
|_ GrooveMonitor.exe (136)
|_ avgtray.exe (1560)
|_ winampa.exe (1604)
|_ hpwuSchd2.exe (156)
|_ AdobeARM.exe (1616)
|_ ctfmon.exe (2144)
|_ hpqtra08.exe (2240)
|_ wmiprvse.exe (2248)
|_ TuneUpUtilitiesApp32.exe (1000)
|_ alg.exe (3272)
|_ unsecapp.exe (3280)
|_ wmiprvse.exe (3428)
|_ hpqste08.exe (3756)
|_ hpqbam08.exe (512)
|_ hpqgpc01.exe (648)
|_ winlogon.exe (1760)
|_ explorer.exe (2704)
|_ jusched.exe (3324)
|_ HDeck.exe (2904)
|_ FourEngine.exe (2872)
|_ BCU.exe (3236)
|_ nusb3mon.exe (3136)
|_ rundll32.exe (2760)
|_ GrooveMonitor.exe (2692)
|_ avgtray.exe (3452)
|_ winampa.exe (2092)
|_ hpwuSchd2.exe (2436)
|_ ctfmon.exe (284)
|_ Skype.exe (4268)
|_ DTLite.exe (4436)
|_ unsecapp.exe (5404)
|_ hpqtra08.exe (5448)
|_ wmiapsrv.exe (5332)
|_ hpqste08.exe (5544)
|_ hpqbam08.exe (5656)
|_ hpqgpc01.exe (6024)
|_ opera.exe (2288)
|_ jucheck.exe (5392)
|_ jucheck.exe (3432)
|_ mmc.exe (568)
|_ mscorsvw.exe (5128)
|_ firefox.exe (664)
|_ wuauclt.exe (2752)
|_ firefox.exe (2336)
|_ UPM.exe (4916)

[?] sfc_os.dll
|_ Cesta: C:\WINDOWS\system32\sfc_os.dll
|_ MD5: 04E297298C682F2E8415868F724C6D91
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ winlogon.exe (1588)
|_ svchost.exe (264)
|_ spoolsv.exe (868)
|_ UPM.exe (4916)

[?] hpqddsvc.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
|_ MD5: F3F72A2A86C22610BCA5439FA789DD52
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (1648)

[?] hpocxi08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
|_ MD5: 20009970E46FF07E74A1D1AF1B5E3530
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (1648)

[?] hpqcob08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
|_ MD5: A6D91E8682CF74A68486F2B9886418BD
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (1648)
|_ hpqtra08.exe (2240)
|_ hpqste08.exe (3756)
|_ hpqtra08.exe (5448)
|_ hpqste08.exe (5544)

[?] hpqcxs08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
|_ MD5: 0A3C6AA4A9FC38C20BA4EAC2C3351C05
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (1648)

[?] hpqddcmn.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
|_ MD5: 7E53957E73BFB209D49932A9DDEBEDE4
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (1648)
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpslpsvc32.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
|_ MD5: 79737E0F7D25DE8405CB34D4C9882253
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (152)

[?] aigear.dll
|_ Cesta: C:\Program Files\ASUS\EPU-4 Engine\AiGear.dll
|_ MD5: FA5CF5CC82D4E39103DEC713E3790FF9
|_ Výrobce: AsusTek Inc.
|_ Procesy
|_ FourEngine.exe (1268)
|_ FourEngine.exe (2872)

[?] ainap.dll
|_ Cesta: C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
|_ MD5: 97C9AEF1C6DB6E3E5994B139AA3B2FAC
|_ Výrobce: ?
|_ Procesy
|_ FourEngine.exe (1268)
|_ FourEngine.exe (2872)

[?] pngio.dll
|_ Cesta: C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
|_ MD5: 5BBC951150E738F108C6D3D325BD4029
|_ Výrobce:
|_ Procesy
|_ FourEngine.exe (1268)
|_ FourEngine.exe (2872)

[?] asio.dll
|_ Cesta: C:\WINDOWS\system32\AsIO.dll
|_ MD5: B6296A1E765612688E7E9800CEBF2AC8
|_ Výrobce: Copyright (C) 2010
|_ Procesy
|_ FourEngine.exe (1268)
|_ FourEngine.exe (2872)

[?] asspindowntimeout.dll
|_ Cesta: C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
|_ MD5: 2730BC63D4896F7976D9D31BC9786EBA
|_ Výrobce: ?
|_ Procesy
|_ FourEngine.exe (1268)

[?] asacpi.dll
|_ Cesta: C:\Program Files\ASUS\EPU-4 Engine\AsAcpi.dll
|_ MD5: 60C44E5B40F1845800494001464CD627
|_ Výrobce: ASUS
|_ Procesy
|_ FourEngine.exe (1268)
|_ FourEngine.exe (2872)

[?] sqlite3.dll
|_ Cesta: C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
|_ MD5: 7C2DC40E725BCBB3B5F2757EB1443325
|_ Výrobce:
|_ Procesy
|_ BCU.exe (1364)
|_ BCU.exe (3236)

[?] nusb3mon.dll
|_ Cesta: C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
|_ MD5: 83ECB3325F8A7BF3E810D9E2156C2A8A
|_ Výrobce: NEC Electronics Corporation
|_ Procesy
|_ nusb3mon.exe (1372)
|_ nusb3mon.exe (3136)

[?] 771fa7.rbf
|_ Cesta: C:\Config.Msi\771fa7.rbf
|_ MD5: 39FF1BD0E33F1936AEFCB4936D9D8536
|_ Výrobce: NVIDIA Corporation
|_ Procesy
|_ rundll32.exe (1488)
|_ rundll32.exe (2760)

[?] hpqrif08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
|_ MD5: 3C69CE161C7007E9AD53A325492D446A
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpqmif08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
|_ MD5: B0A41262968DD6FCE3933527892D4A24
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpodio08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
|_ MD5: 248C42A72B2D5D14114566B0CF3F8076
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqste08.exe (3756)
|_ hpqtra08.exe (5448)
|_ hpqste08.exe (5544)

[?] hpqddusr.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
|_ MD5: 03211597018F96769F7F731039F692E1
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpqusg.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
|_ MD5: B4FEBBAC47297242F04EF7F14FE6DF99
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpotradd.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
|_ MD5: 5FD3B3E2F6EC82889C9ACD52C7A80E6B
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpquio08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
|_ MD5: C0E1D09C01019F27F2B06BBA152CDB07
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpqtra08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
|_ MD5: 87814D70ADAB6837817BC6FB4DBEDDDD
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpqtao08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
|_ MD5: DD1173E82083162858D1D4EAF43EC69B
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpotra08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
|_ MD5: EEEB27E29B3B9C1F49B89EF31326135B
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpotra08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
|_ MD5: 720088D0FD9B0FFA1E23973BE0C21C39
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqtra08.exe (2240)
|_ hpqtra08.exe (5448)

[?] hpzipr12.dll
|_ Cesta: C:\WINDOWS\system32\HPZipr12.dll
|_ MD5: B1C979C02FE013B2B9C0717C26AE1485
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqgpb01.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
|_ MD5: 347A39B69AC03B8F56D8807B989F5CA8
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqstp08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
|_ MD5: A516D2C3AD3837E0B3168C85F239E23D
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqssm08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
|_ MD5: 9E438543222120696C04A39BFAC56FB6
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqsplh08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
|_ MD5: 55CF0A197DC8972AC829B30ACAE00E5E
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqsem08.rsc
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
|_ MD5: CA7AC8091046956DF8510F5EABA6F9BE
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqwso08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
|_ MD5: F0842CF3C0B33C07B2CA1692900F21B4
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqsti08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
|_ MD5: 9F6258F4166AB24B4B681EB1ED44534C
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqstp08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
|_ MD5: 0EE03D901B5DCD3941686B95FCC98C89
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ hpqste08.exe (3756)
|_ hpqste08.exe (5544)

[?] hpqgpreh.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll
|_ MD5: CC190B07E357BCD40C2AFB57B9A67B7F
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ hpqgpc01.exe (648)
|_ hpqgpc01.exe (6024)

[?] hprbevst.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
|_ MD5: CBBAF06C2AC8882D239C8DC5BFA197FD
|_ Výrobce: Hewlett Packard
|_ Procesy
|_ hpqgpc01.exe (648)
|_ hpqgpc01.exe (6024)

[?] aspnet_isapi.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
|_ MD5: 056E6BFD6314BBB84D5DFB1CA529CD60
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ Skype.exe (4268)

[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 02A8B0BAC1CA35CB450F5EACC93641A9
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 1EB2951F37C03280E701C536B9F694CB
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpxrestub.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\components\hpXREStub.dll
|_ MD5: 27F87473C96FE9EC6A71CD1F1BD2DCD3
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpxre.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\hpXRE.dll
|_ MD5: 4F0600DD0D8E9FA742654931B3D00925
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpxpmtl.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\components\hpXPMTL.dll
|_ MD5: 151092A6AC1D654EF5733C657FE84DC5
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpxpmtc.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\components\hpXPMTC.dll
|_ MD5: B154750A0BB6F7605596D1552E204032
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpswpoperation.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\components\hpSWPOperation.dll
|_ MD5: DDE8E0F31B5806F24D728B11778E4D6F
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpneologging.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\hpNeoLogging.dll
|_ MD5: 32D8BE1860EFA6C2F5570D217CA75BEF
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ firefox.exe (664)
|_ firefox.exe (2336)

[?] hpseymour.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\components\hpSeymour.dll
|_ MD5: BD54A5700752F578EB9395010BA2A030
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (2336)

Výpis souborů
================================================================
\System32:
[?] AsIO.dll 7 no vrfy, {021C954E}
[?] atl70.dll 12 ncmpny, {6B2F353B}
[?] atl71.dll 12 ncmpny, {A711E96B}
[X] BDEADMIN.CPL 100 ncmpny, cx (CODE)?, {399B5A57}
[!] cmdow.exe 63 no vrfy, cx (.data)?, {5DEF173A}
[?] cook3260.dll 7 no vrfy, {359B6201}
[X] DBCLIENT.DLL 100 ncmpny, cx (CODE)?, time mism., {EA8F6D0A}
[?] drv23260.dll 7 no vrfy, {E7EE1610}
[?] drv33260.dll 7 no vrfy, {FC54A40B}
[?] drv43260.dll 7 no vrfy, {20CB648E}
[?] hpbmiapi.dll 7 no vrfy, {3BF4E0F2}
[?] hpboid.dll 7 no vrfy, {5263A32D}
[?] hpboidps.dll 7 no vrfy, {178F49E8}
[?] hpbpro.dll 7 no vrfy, {E90C9B2E}
[?] hpbprops.dll 7 no vrfy, {CE10638C}
[?] hplbdchn.dll 7 no vrfy, {D33FC3DA}
[?] HPZidr12.dll 7 no vrfy, {3EA6BDE3}
[?] HPZinw12.dll 7 no vrfy, {D09A6C11}
[?] HPZipm12.dll 7 no vrfy, {377721D4}
[?] HPZipr12.dll 7 no vrfy, {D88CFEC5}
[?] hpzipt12.dll 7 no vrfy, {D599556A}
[?] hpzisn12.dll 7 no vrfy, {AEDEE07E}
[?] javacpl.cpl 14 no vrfy, {87FAB590}
[?] mfc70.dll 12 ncmpny, {3085DC5A}
[?] mfc70u.dll 12 ncmpny, {7CE2471B}
[?] mfc71.dll 12 ncmpny, {56A4B392}
[?] mfc71u.dll 12 ncmpny, {DA9A541A}
[?] msvci70.dll 12 ncmpny, {839A3260}
[?] msvcp71.dll 12 ncmpny, {2D00678D}
[?] msvcr70.dll 12 ncmpny, {44C2575C}
[?] msvcr71.dll 12 ncmpny, {25B399E8}
[?] nvdisps.dll 14 no vrfy, {8899C6FC}
[?] nvgames.dll 7 no vrfy, {976BDC9A}
[?] nvmccss.dll 7 no vrfy, {CA499D2A}
[?] nvmobls.dll 14 no vrfy, {DFDC6853}
[?] nvviddec.ax 7 no vrfy, {8DB649CE}
[?] nvvitvs.dll 14 no vrfy, {44B1EE74}
[?] nvwddi.dll 7 no vrfy, {77878C59}
[?] nvwss.dll 14 no vrfy, {AF9DDBEE}
[?] Pncrt.dll 7 no vrfy, {E234DFAD}
[?] setup.exe 12 ncmpny, {089DD0BA}
[?] setupold.exe 12 ncmpny, {41070263}
[?] sfc_os.dll 12 ncmpny, {1730E4D7}
[?] sipr3260.dll 7 no vrfy, {1B5FB9A7}
[?] TsWpfWrp.exe 12 ncmpny, {12E02F67}
[?] uxtheme.dll 12 ncmpny, {75A9D244}
[?] VCdRom.sys 25 ncmpny, {F53FD1E7}
[?] viahdcpl.cpl 14 no vrfy, {F44E368C}
[?] xvidcore.dll 12 ncmpny, {F02B0B26}
[?] xvidvfw.dll 12 ncmpny, {AD6B3A5E}

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Udělejte sken ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix nešlo spustit přes avg,tak mam jen log z HijackThis.Snad to bude stačit.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:02, on 4.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpress ... pe%3DWEB01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -b
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9520 bytes

Pomocí HJT to nezlikvidujeme. Pro práci s CF budete muset AVG dočasně odinstalovat.

ComboFix 11-04-15.03 - admin 16.04.2011 10:07:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3198.2453 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lucka\Data aplikací\pcouffin.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-16 do 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-16 08:00 . 2011-04-16 08:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2011-04-16 08:00 . 2011-04-16 08:00 -------- d-----w- c:\program files\Total Uninstall 5
2011-04-16 07:57 . 2011-04-16 07:57 -------- d-----w- c:\windows\LastGood
2011-04-16 07:41 . 2011-04-16 07:41 -------- d-----w- C:\AVGTemp
2011-04-15 16:08 . 2009-05-05 07:06 247296 ------w- c:\windows\system32\dllcache\mswsock.dll
2011-04-07 19:35 . 2011-04-16 06:46 -------- d-----w- c:\documents and settings\admin\Data aplikací\skypePM
2011-04-04 18:59 . 2011-04-04 18:59 -------- d-----w- c:\documents and settings\admin\Data aplikací\TeamViewer
2011-04-04 18:59 . 2011-04-04 18:59 -------- d-----w- c:\program files\TeamViewer
2011-04-04 18:51 . 2011-04-04 18:51 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-04 18:51 . 2011-04-04 18:51 -------- d-----w- c:\program files\Trend Micro
2011-04-04 18:50 . 2011-04-04 18:50 -------- d-----w- c:\windows\system32\LogFiles
2011-04-04 18:43 . 2011-04-04 18:43 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-04-04 18:42 . 2011-04-04 18:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-04 18:34 . 2011-04-16 08:08 -------- d-----w- c:\documents and settings\admin\Data aplikací\Skype
2011-04-04 18:34 . 2011-04-04 18:34 -------- d-----w- c:\program files\Common Files\Skype
2011-04-04 17:52 . 2011-04-04 17:52 -------- d-----w- c:\program files\Ultimate Process Manager
2011-04-04 17:07 . 2011-04-04 17:07 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-04 17:07 . 2011-04-04 17:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-04 17:07 . 2011-04-04 17:07 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-04 17:07 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-04-04 17:07 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-04 17:07 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-04 17:07 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-04 17:07 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-04 16:48 . 2011-04-04 16:48 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Malwarebytes
2011-04-04 16:48 . 2011-04-04 16:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-04 16:48 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 16:48 . 2011-04-04 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 16:48 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 15:18 . 2011-03-31 15:18 -------- d-----w- c:\documents and settings\Irča
2011-03-28 17:46 . 2011-03-29 12:35 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\WMTools Downloaded Files
2011-03-24 16:17 . 2011-03-24 16:17 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Microsoft Help
2011-03-18 14:17 . 2011-03-18 14:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\vsosdk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:31 . 2011-02-12 16:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2009-06-04 00:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2009-06-28 17:47 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 19:27 . 2011-02-28 19:26 87608 ----a-w- c:\documents and settings\Lucka\Data aplikací\inst.exe
2011-02-28 19:27 . 2011-02-28 19:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-22 23:26 . 2009-06-28 17:48 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:26 . 2009-06-28 17:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:26 . 2009-06-04 00:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-18 12:08 . 2009-06-04 00:30 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 19:56 . 2011-02-17 19:52 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-17 13:19 . 2009-05-05 07:07 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2009-05-05 07:07 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 06:37 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 17:10 . 2011-02-12 17:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-12 17:10 . 2011-02-12 17:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 06:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2011-02-12 16:56 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-02-12 16:56 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:42 . 2008-04-14 06:51 440832 ----a-w- c:\windows\system32\shimgvw.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
.
.
.
c:\windows\System32\drivers\beep.sys ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-12 148888]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-07 74752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-06-04 128512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\u Torrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12.2.2011 20:28 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12.2.2011 20:28 5248]
R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [5.5.2009 9:38 9096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.2.2011 21:52 218688]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [5.3.2010 11:15 235752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 19:04 1051976]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [22.1.2010 13:21 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [22.1.2010 13:21 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.2.2011 19:44 57248]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 12:18 10064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12.2.2011 19:30 2136224]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [4.4.2011 20:59 2296696]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fuk.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\nv4qsaox.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 10:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-796845957-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,d9,59,e5,e9,06,78,41,b7,8a,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,d9,59,e5,e9,06,78,41,b7,8a,59,\
.
Celkový čas: 2011-04-16 10:10:20
ComboFix-quarantined-files.txt 2011-04-16 08:10
.
Před spuštěním: Volných bajtů: 236 684 791 808
Po spuštění: Volných bajtů: 236 938 035 200
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
.
- - End Of File - - E63C50E30BDD8053DE97A8492E9EFE66

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
C:\WINDOWS\system32\ReinstallBackups\0034\DriverFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu