VIRY.CZ

Dobrý den nemohu se zbavit viru neustále se spouští eset ho dá do karantény vyžaduje restart a po té se virus rozjede znovu.mám zpomalený comp vše nabíhá velmi pomalu programy i internet.Jsou i problémy s během některých programů. Můžete pomoci?
Zde je výpis z Combofix

ComboFix 11-05-25.02 - Jiří - Chvojka 26.05.2011 12:27:15.10.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1777 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jiří - Chvojka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msuunsers.dll
.
---- Předchozí spuštění -------
.
C:\CEPxD710.tmp
C:\CEPxD744.tmp
C:\CEPxD765.tmp
C:\CEPxD788.tmp
C:\CEPxD7A4.tmp
C:\CEPxD7C4.tmp
C:\CEPxD7E6.tmp
C:\CEPxD806.tmp
C:\CEPxD827.tmp
C:\CEPxD847.tmp
C:\CEPxD867.tmp
C:\CEPxD888.tmp
C:\CEPxD8A7.tmp
C:\CEPxD8C8.tmp
C:\CEPxD8E8.tmp
C:\CEPxD909.tmp
C:\CEPxD928.tmp
C:\CEPxD949.tmp
C:\CEPxD969.tmp
C:\CEPxD98B.tmp
C:\CEPxD9AA.tmp
C:\CEPxD9CA.tmp
C:\CEPxD9EB.tmp
C:\CEPxDA0A.tmp
C:\CEPxDA2B.tmp
C:\CEPxDA4B.tmp
C:\CEPxDA6C.tmp
C:\CEPxDA8C.tmp
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\TEMP\NOD2AF.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-26 do 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-22 16:54 . 2011-05-22 16:54 -------- d--h--r- c:\documents and settings\Šimon-Chvojka\Data aplikací\SecuROM
2011-05-20 09:34 . 2011-05-20 09:34 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\TrueCrypt
2011-05-19 05:04 . 2011-05-19 05:04 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-05-19 00:27 . 2011-05-21 18:17 -------- d-----w- C:\ubuntu
2011-05-17 20:34 . 2011-05-23 01:11 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\skypePM
2011-05-17 20:33 . 2011-05-23 04:53 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Skype
2011-05-17 06:40 . 2011-05-26 10:18 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\skypePM
2011-05-17 06:40 . 2011-05-24 22:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-17 06:37 . 2011-05-26 10:54 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\Skype
2011-05-17 06:37 . 2011-05-17 06:37 -------- d-----w- c:\program files\Common Files\Skype
2011-05-17 06:09 . 2011-05-17 06:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-05-16 16:08 . 2011-05-20 10:39 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Local Settings\Data aplikací\LastPass
2011-05-16 15:38 . 2011-05-16 15:38 -------- d-----w- c:\program files\ESET
2011-05-16 15:38 . 2011-05-16 15:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-05-15 16:57 . 2011-05-15 16:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 12:55 . 2011-05-14 12:58 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Password Manager XP
2011-05-14 12:51 . 2011-05-21 16:49 -------- d-----w- c:\program files\MSECache
2011-05-14 12:48 . 2011-05-14 12:55 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\GetRightToGo
2011-05-14 12:32 . 2011-05-17 01:08 -------- d-sh--w- c:\program files\ACSPMonitor
2011-05-10 16:25 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-10 16:25 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-10 16:24 . 2011-05-10 16:24 -------- d-----w- c:\program files\iPod
2011-05-10 16:24 . 2011-05-10 16:25 -------- d-----w- c:\program files\iTunes
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-05-10 16:22 . 2011-05-17 00:40 -------- d-----w- c:\program files\QuickTime
2011-05-10 16:22 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 16:22 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 16:21 . 2011-05-10 16:21 -------- d-----w- c:\program files\Bonjour
2011-05-10 09:09 . 2011-05-12 12:19 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\TrueCrypt
2011-05-10 09:07 . 2011-05-10 09:07 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-10 09:07 . 2011-05-10 09:39 -------- d-----w- c:\program files\TrueCrypt
2011-05-10 06:17 . 2004-03-08 21:00 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-05-10 06:17 . 2003-07-06 11:07 372736 ----a-w- c:\windows\system32\IJL_11.DLL
2011-05-09 14:18 . 2011-05-09 14:18 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Malwarebytes
2011-05-04 12:28 . 2011-05-04 12:28 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Local Settings\Data aplikací\Altaro
2011-05-04 12:28 . 2011-05-04 12:28 -------- d-----w- c:\documents and settings\Šimon-Chvojka\Data aplikací\Malwarebytes
2011-05-04 07:38 . 2002-02-18 16:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-05-04 07:38 . 2011-05-17 00:40 -------- d-----w- c:\program files\PC Inspector File Recovery
2011-05-01 11:49 . 2011-05-03 07:55 -------- d-----w- C:\ERDNT
2011-04-30 16:12 . 2011-04-30 16:12 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\Malwarebytes
2011-04-30 16:11 . 2011-04-30 16:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-30 16:11 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 16:11 . 2011-05-03 07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 16:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 16:07 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\02755142.sys
2011-04-30 16:07 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\0275514.sys
2011-04-30 16:07 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\02755141.sys
2011-04-30 12:16 . 2011-05-17 06:37 -------- d-----r- c:\program files\Skype
2011-04-29 15:04 . 2011-05-15 14:35 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-29 15:04 . 2011-04-29 15:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-04-29 15:03 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-29 15:03 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-08 05:14 . 2010-06-11 01:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-06-11 01:42 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-06-11 01:42 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-06-11 01:42 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-06-11 01:42 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-10-22 10:22 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-10-22 10:22 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-10-22 10:22 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-10-22 10:22 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 15:22 . 2011-04-04 15:20 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2011-04-04 13:53 . 2011-04-04 13:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-12 03:33 . 2011-03-12 03:33 388096 ----a-r- c:\documents and settings\Jiří - Chvojka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-08 00:42 . 2006-03-02 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-03-07 05:33 . 2010-06-10 23:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 16:32 . 2011-03-04 16:32 39424 ----a-w- c:\windows\zipinst.exe
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 01:28 . 2011-03-02 01:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-01 06:50 . 2011-03-01 06:50 219648 ----a-w- C:\uxtheme.uxtender
2011-03-01 05:14 . 2011-03-01 06:50 219648 ----a-w- c:\windows\system32\uxtheme.uxtender
2011-03-01 05:14 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme(2).dll
2011-04-14 16:38 . 2011-05-16 16:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVBV Service Ctrl"="c:\program files\DVBViewer\DVBVCtrl.exe" [2010-09-08 56320]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"snaej"="c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\all_in_one_keylogger_v3.1_crack.keygen.pack\all in one keylogger v3.1 crack keygen-res\ifjbio.exe" [2009-02-12 2031618]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2005-07-21 589824]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"TO2WCM_McciTrayApp"="c:\program files\TO2WCM\McciTrayApp.exe" [2008-01-30 1473536]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2009-09-22 2114752]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"snaej"="c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\all_in_one_keylogger_v3.1_crack.keygen.pack\all in one keylogger v3.1 crack keygen-res\ifjbio.exe" [2009-02-12 2031618]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe"
"P7131Appl"=c:\program files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe
"Memeo AutoSync"=c:\program files\Memeo\AutoSync\MemeoLauncher2.exe --silent
"Memeo Instant Backup"=c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
"Seagate Dashboard"=c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
"H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Daniela-Chvojková\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Video Server E\\Video Server E.exe"=
"c:\\Program Files\\DVBViewer\\dvbviewer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 02755142;02755142 Boot Guard Driver;c:\windows\system32\drivers\02755142.sys [30.4.2011 18:07 37392]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [25.12.2010 3:10 149376]
R1 02755141;02755141;c:\windows\system32\drivers\02755141.sys [30.4.2011 18:07 128016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 setup_9.0.0.722_30.04.2011_17-36drv;setup_9.0.0.722_30.04.2011_17-36drv;c:\windows\system32\drivers\0275514.sys [30.4.2011 18:07 315408]
R2 DVBVRecorder;DVBViewer Recording Service;c:\program files\DVBViewer\DVBVservice.exe [22.2.2011 12:37 617600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23.4.2010 2:33 25824]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [29.4.2011 17:04 2218600]
R2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService.exe [14.9.2010 5:55 61440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [9.9.2010 2:22 2831232]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11.6.2010 10:52 33792]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2010 10:54 136176]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11.6.2010 5:11 9216]
S3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys --> c:\windows\system32\DRIVERS\FlashUSB.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2010 10:54 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\progra~1\MSI\LIVEUP~1\NTACCESS.SYS --> c:\progra~1\MSI\LIVEUP~1\NTACCESS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30.4.2010 16:47 14088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2010 19:57 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:54]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: LastPass vyplňování formulářů - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: com\www.msi
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://62.177.122.219/cab/OCXChecker_6110.cab
DPF: {8C6E5902-B109-40D4-AC59-22A4B0D7261A} - hxxp://62.177.98.17:82/cab/RPB.cab
DPF: {C357FE0A-0556-4970-8990-64DF0B8E8C6B} - hxxp://86.63.215.229/WebCamX.cab
FF - ProfilePath - c:\documents and settings\Jiří - Chvojka\Data aplikací\Mozilla\Firefox\Profiles\5odgvbv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 12:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
skenování skrytých souborů ...
.
.
c:\windows\system32\msuunsers.dll 122880 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4588)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\msuunsers.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\rundll32.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-05-26 12:58:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-26 10:58
.
Před spuštěním: Volných bajtů: 23 145 041 920
Po spuštění: Volných bajtů: 23 119 745 024
.
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 6D837B8E7D675CDDCD409288A53FC6FB

další výpis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:31, on 26.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DVBViewer\DVBVservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\ASUS\P7131\Remote Control\RCService.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DVBViewer\DVBVCtrl.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TO2WCM_McciTrayApp] C:\Program Files\TO2WCM\McciTrayApp.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DVBV Service Ctrl] C:\Program Files\DVBViewer\DVBVCtrl.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-507921405-861567501-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass vyplňování formulářů - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://62.177.122.219/cab/OCXChecker_6110.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {8C6E5902-B109-40D4-AC59-22A4B0D7261A} (RPB[5.3.0.1] Control) - http://62.177.98.17:82/cab/RPB.cab
O16 - DPF: {C357FE0A-0556-4970-8990-64DF0B8E8C6B} (WebCamX Control) - http://86.63.215.229/WebCamX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVBViewer Recording Service (DVBVRecorder) - CM & V - C:\Program Files\DVBViewer\DVBVservice.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RCSERVICE - Unknown owner - C:\Program Files\ASUS\P7131\Remote Control\RCService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 9882 bytes

pouzi CFScript:

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snaej"=-

JaRon promiň mi vstup, ale to bude trošku jinak

jirka bj

Zdravím, dostal se tam jak

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\system32\ConduitEngine.tmp
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\all_in_one_keylogger_v3.1_crack.keygen.pack\all in one keylogger v3.1 crack keygen-res\ifjbio.exe

Folder::
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snaej"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snaej"=-

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Tady je

ComboFix 11-05-25.02 - Jiří - Chvojka 26.05.2011 13:47:32.11.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1768 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jiří - Chvojka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří - Chvojka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\All_In_One_Keylogger_v3.1_Crack.Keygen.Pack\All In One Keylogger v3.1 Crack KeyGen-RES\get_hw_code.exe
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\All_In_One_Keylogger_v3.1_Crack.Keygen.Pack\All In One Keylogger v3.1 Crack KeyGen-RES\ifjbio.exe
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\All_In_One_Keylogger_v3.1_Crack.Keygen.Pack\All In One Keylogger v3.1 Crack KeyGen-RES\keygen.exe
c:\documents and settings\jiří - chvojka\dokumenty\all in one keylogger v3.1\All_In_One_Keylogger_v3.1_Crack.Keygen.Pack\All In One Keylogger v3.1 Crack KeyGen-RES\ReadMe.txt
c:\windows\system32\msuunsers.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-26 do 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-22 16:54 . 2011-05-22 16:54 -------- d--h--r- c:\documents and settings\Šimon-Chvojka\Data aplikací\SecuROM
2011-05-20 09:34 . 2011-05-20 09:34 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\TrueCrypt
2011-05-19 05:04 . 2011-05-19 05:04 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-05-19 00:27 . 2011-05-21 18:17 -------- d-----w- C:\ubuntu
2011-05-17 20:34 . 2011-05-23 01:11 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\skypePM
2011-05-17 20:33 . 2011-05-23 04:53 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Skype
2011-05-17 06:40 . 2011-05-26 10:18 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\skypePM
2011-05-17 06:40 . 2011-05-24 22:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-17 06:37 . 2011-05-26 11:42 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\Skype
2011-05-17 06:37 . 2011-05-17 06:37 -------- d-----w- c:\program files\Common Files\Skype
2011-05-17 06:09 . 2011-05-17 06:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-05-16 16:08 . 2011-05-20 10:39 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Local Settings\Data aplikací\LastPass
2011-05-16 15:38 . 2011-05-16 15:38 -------- d-----w- c:\program files\ESET
2011-05-16 15:38 . 2011-05-16 15:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-05-15 16:57 . 2011-05-15 16:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 12:55 . 2011-05-14 12:58 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Password Manager XP
2011-05-14 12:51 . 2011-05-21 16:49 -------- d-----w- c:\program files\MSECache
2011-05-14 12:48 . 2011-05-14 12:55 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\GetRightToGo
2011-05-14 12:32 . 2011-05-17 01:08 -------- d-sh--w- c:\program files\ACSPMonitor
2011-05-10 16:25 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-10 16:25 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-10 16:24 . 2011-05-10 16:24 -------- d-----w- c:\program files\iPod
2011-05-10 16:24 . 2011-05-10 16:25 -------- d-----w- c:\program files\iTunes
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-10 16:23 . 2011-05-10 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-05-10 16:22 . 2011-05-17 00:40 -------- d-----w- c:\program files\QuickTime
2011-05-10 16:22 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 16:22 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 16:21 . 2011-05-10 16:21 -------- d-----w- c:\program files\Bonjour
2011-05-10 09:09 . 2011-05-12 12:19 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\TrueCrypt
2011-05-10 09:07 . 2011-05-10 09:07 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-10 09:07 . 2011-05-10 09:39 -------- d-----w- c:\program files\TrueCrypt
2011-05-10 06:17 . 2004-03-08 21:00 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-05-10 06:17 . 2003-07-06 11:07 372736 ----a-w- c:\windows\system32\IJL_11.DLL
2011-05-09 14:18 . 2011-05-09 14:18 -------- d-----w- c:\documents and settings\Daniela-Chvojková\Data aplikací\Malwarebytes
2011-05-04 12:28 . 2011-05-04 12:28 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Local Settings\Data aplikací\Altaro
2011-05-04 12:28 . 2011-05-04 12:28 -------- d-----w- c:\documents and settings\Šimon-Chvojka\Data aplikací\Malwarebytes
2011-05-04 07:38 . 2002-02-18 16:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-05-04 07:38 . 2011-05-17 00:40 -------- d-----w- c:\program files\PC Inspector File Recovery
2011-05-01 11:49 . 2011-05-03 07:55 -------- d-----w- C:\ERDNT
2011-04-30 16:12 . 2011-04-30 16:12 -------- d-----w- c:\documents and settings\Jiří - Chvojka\Data aplikací\Malwarebytes
2011-04-30 16:11 . 2011-04-30 16:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-30 16:11 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 16:11 . 2011-05-26 11:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 16:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 16:07 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\02755142.sys
2011-04-30 16:07 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\0275514.sys
2011-04-30 16:07 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\02755141.sys
2011-04-30 12:16 . 2011-05-17 06:37 -------- d-----r- c:\program files\Skype
2011-04-29 15:04 . 2011-05-15 14:35 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-29 15:04 . 2011-04-29 15:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-04-29 15:03 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-29 15:03 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-08 05:14 . 2010-06-11 01:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-06-11 01:42 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-06-11 01:42 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-06-11 01:42 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-06-11 01:42 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-10-22 10:22 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-10-22 10:22 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-10-22 10:22 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-10-22 10:22 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 15:22 . 2011-04-04 15:20 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2011-04-04 13:53 . 2011-04-04 13:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-12 03:33 . 2011-03-12 03:33 388096 ----a-r- c:\documents and settings\Jiří - Chvojka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-08 00:42 . 2006-03-02 12:00 44544 ----a-w- c:\windows\system32\alg.exe
2011-03-07 05:33 . 2010-06-10 23:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 16:32 . 2011-03-04 16:32 39424 ----a-w- c:\windows\zipinst.exe
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 01:28 . 2011-03-02 01:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-01 06:50 . 2011-03-01 06:50 219648 ----a-w- C:\uxtheme.uxtender
2011-03-01 05:14 . 2011-03-01 06:50 219648 ----a-w- c:\windows\system32\uxtheme.uxtender
2011-03-01 05:14 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme(2).dll
2011-04-14 16:38 . 2011-05-16 16:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVBV Service Ctrl"="c:\program files\DVBViewer\DVBVCtrl.exe" [2010-09-08 56320]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2005-07-21 589824]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"TO2WCM_McciTrayApp"="c:\program files\TO2WCM\McciTrayApp.exe" [2008-01-30 1473536]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2009-09-22 2114752]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe"
"P7131Appl"=c:\program files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe
"Memeo AutoSync"=c:\program files\Memeo\AutoSync\MemeoLauncher2.exe --silent
"Memeo Instant Backup"=c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
"Seagate Dashboard"=c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
"H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Daniela-Chvojková\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Video Server E\\Video Server E.exe"=
"c:\\Program Files\\DVBViewer\\dvbviewer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 02755142;02755142 Boot Guard Driver;c:\windows\system32\drivers\02755142.sys [30.4.2011 18:07 37392]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [25.12.2010 3:10 149376]
R1 02755141;02755141;c:\windows\system32\drivers\02755141.sys [30.4.2011 18:07 128016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 setup_9.0.0.722_30.04.2011_17-36drv;setup_9.0.0.722_30.04.2011_17-36drv;c:\windows\system32\drivers\0275514.sys [30.4.2011 18:07 315408]
R2 DVBVRecorder;DVBViewer Recording Service;c:\program files\DVBViewer\DVBVservice.exe [22.2.2011 12:37 617600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23.4.2010 2:33 25824]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [29.4.2011 17:04 2218600]
R2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService.exe [14.9.2010 5:55 61440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [9.9.2010 2:22 2831232]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11.6.2010 10:52 33792]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2010 10:54 136176]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11.6.2010 5:11 9216]
S3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys --> c:\windows\system32\DRIVERS\FlashUSB.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2010 10:54 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\progra~1\MSI\LIVEUP~1\NTACCESS.SYS --> c:\progra~1\MSI\LIVEUP~1\NTACCESS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30.4.2010 16:47 14088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2010 19:57 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:54]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: LastPass vyplňování formulářů - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: com\www.msi
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://62.177.122.219/cab/OCXChecker_6110.cab
DPF: {8C6E5902-B109-40D4-AC59-22A4B0D7261A} - hxxp://62.177.98.17:82/cab/RPB.cab
DPF: {C357FE0A-0556-4970-8990-64DF0B8E8C6B} - hxxp://86.63.215.229/WebCamX.cab
FF - ProfilePath - c:\documents and settings\Jiří - Chvojka\Data aplikací\Mozilla\Firefox\Profiles\5odgvbv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 14:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4920)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-05-26 14:26:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-26 12:26
ComboFix2.txt 2011-05-26 10:58
.
Před spuštěním: Volných bajtů: 23 231 438 848
Po spuštění: Volných bajtů: 23 212 851 200
.
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 1C5204B08FEDC55A964C17302EB69246

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

vypadá to že zmizel ale načítání a některé programy jdou pořád pomaleji.
v každém případě moc díky za pomoc jste super myslím že jste opravdu skvělí.J

jirka bj píše:vypadá to že zmizel ale načítání a některé programy jdou pořád pomaleji

Však jsme taky ještě nezkončili.

Tohle fixni v HJT :

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-21-507921405-861567501-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Google Update Service (gupdate)

Služba Google Update (gupdatem)

Google Software Updater (gusvc)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak dej vědět zda se to zlepšilo.

P.S. ty tvoje zkrášlovadla systému na rychlosti nepřidají

VIRY.CZ

prosím o pomoc-keylogger virus

prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus

Re: prosím o pomoc-keylogger virus