VIRY.CZ

Jak Malwarebytes' Anti-Malware tak i Spybot... nalezají v registru:
DoubleD: [SBI $C8EAFEC8] ID třídy (Klíč registru, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:07, on 8.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Hanička\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: is-OQQJO.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1ca0eea7552b860) (gupdate1ca0eea7552b860) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6800 bytes

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Zapomněl jsem vypnout spyware programy běžící na pozadí-mám zopakovat?Nebo nevadí?

ComboFix 09-09-08.01 - Hanička 08.09.2009 20:10.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.828 [GMT 2:00]
Spuštěný z: c:\users\slaviaforever\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-08 do 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\users\slaviaforever\AppData\Local\temp
2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 16:25 . 2009-09-08 16:25 -------- d-----w- c:\programdata\is-KA4CM
2009-09-08 16:23 . 2009-09-08 16:23 -------- d-----w- c:\programdata\is-OQQJO
2009-09-08 16:23 . 2009-09-08 18:08 5861408 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-08 16:23 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\22270009.sys
2009-09-08 16:10 . 2009-09-08 16:11 -------- d-----w- C:\rsit
2009-09-08 15:04 . 2009-09-08 15:04 -------- d-----w- c:\program files\CONEXANT
2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Malwarebytes
2009-09-07 21:16 . 2009-09-07 21:31 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-09-07 21:06 . 2009-09-07 21:31 -------- d-----w- c:\program files\VITSOFT
2009-09-07 20:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 20:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 20:15 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-03 13:06 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:06 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 07:07 . 2009-09-03 11:55 -------- d-----w- C:\drak turnaje
2009-09-01 18:06 . 2009-09-01 18:13 -------- d-----w- C:\SHARE
2009-09-01 17:33 . 2009-09-01 17:58 -------- d-----w- c:\program files\Opera 10.10 Beta
2009-08-27 05:22 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 14:32 . 2009-08-29 10:03 -------- d-----w- C:\Záloha
2009-08-23 18:29 . 2009-08-31 18:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-23 18:27 . 2009-08-31 18:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-23 18:11 . 2009-08-23 18:11 -------- d-----w- c:\users\slaviaforever\AppData\Local\Adobe
2009-08-23 17:58 . 2009-08-23 17:58 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Safer Networking
2009-08-23 17:46 . 2009-08-23 17:46 -------- d-----w- c:\users\slaviaforever\AppData\Local\Opera
2009-08-23 17:04 . 2009-08-23 17:04 -------- d-----w- c:\program files\CCleaner
2009-08-23 16:22 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 16:22 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 16:22 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 16:22 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 16:22 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-23 16:22 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-23 16:22 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-23 16:22 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-23 08:38 . 2009-08-23 08:38 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 16:37 . 2007-01-08 21:09 625194 ----a-w- c:\windows\system32\perfh005.dat
2009-09-08 16:37 . 2007-01-08 21:09 124202 ----a-w- c:\windows\system32\perfc005.dat
2009-09-08 16:32 . 2009-07-27 18:45 -------- d-----w- c:\program files\Google
2009-09-08 16:23 . 2009-09-08 16:23 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-08 14:31 . 2008-06-04 10:13 -------- d-----w- c:\program files\CyberLink
2009-09-08 14:30 . 2008-06-04 10:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 14:30 . 2008-06-04 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 14:19 . 2008-11-12 17:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-08 14:18 . 2008-06-18 20:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-23 17:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 08:47 . 2008-06-18 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 08:38 . 2008-06-04 10:03 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2008-06-18 20:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-06-18 20:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-06-18 20:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-06-18 20:41 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-06-18 20:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-06-18 20:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-06-18 20:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-26 20:01 . 2009-07-26 20:00 -------- d-----w- c:\program files\PDFCreator
2009-07-21 21:52 . 2009-07-30 12:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 12:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 12:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 12:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 09:45 . 2009-07-17 09:45 -------- dc-h--w- c:\programdata\{11AE5274-ACE4-48DC-8781-BA074146E52A}
2009-07-11 18:24 . 2009-07-06 17:09 -------- d-----w- c:\program files\Vistumbler
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-15 14:53 . 2009-07-15 08:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 08:04 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 08:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 08:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 08:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-04 10:06 . 2008-06-04 10:06 76 --sh--r- c:\windows\CT4CET.bin
2008-06-04 17:38 . 2008-06-04 17:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-08 1994480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-24 282624]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Haniźka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-OQQJO.lnk - c:\users\Haniźka\Desktop\Virus Removal Tool\is-OQQJO\startup.exe [2009-9-8 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-4 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-2 805392]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):f7,78,d0,b0,11,02,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0CF26E59-EAD7-46CA-9186-037D2DA5E3A2}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3876DD4F-52A6-40BC-B878-6A8B066B2C42}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{8FF80374-E25A-4239-89FB-68EF17B75BC0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E9446D35-FB7F-4120-91D2-C04E11C2DDB1}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{8E253E68-6188-4E21-9B2D-61EC1075EBE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C416CAB7-ED33-4C74-BC7B-1DBC5435F269}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0BF4ED8E-4F38-48A1-B558-1900C53199E8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0C5588BC-AEDA-44B2-92CB-D2DFB442C491}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{12102056-4682-48D4-B1C4-148CB5DAB851}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"TCP Query User{9385BB33-92BA-486E-A24A-DE81C44457A6}c:\\program files\\armagetron advanced\\armagetronad.exe"= UDP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"UDP Query User{0C94D635-2287-4BBA-B587-241623FB09B6}c:\\program files\\armagetron advanced\\armagetronad.exe"= TCP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"TCP Query User{AFC0A333-6ADA-45B5-BEAB-761A64B7E24A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{9EC66746-7F4A-4B20-8163-7E741ACA89A1}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{FF153702-A7D9-4329-AC1E-3F2D99F5D940}c:\\program files\\opera 10.10 beta\\opera.exe"= UDP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser
"UDP Query User{526634F3-C686-4E5A-A670-C64DE732B4A6}c:\\program files\\opera 10.10 beta\\opera.exe"= TCP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [18.6.2008 22:41 114768]
R1 is-OQQJOdrv;is-OQQJOdrv;c:\windows\System32\drivers\22270009.sys [8.9.2009 18:23 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 15:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 15:07 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [4.6.2008 11:51 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.6.2008 22:41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.6.2008 22:41 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.6.2008 22:54 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [4.6.2008 19:45 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [4.6.2008 19:45 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [4.6.2008 19:45 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 15:07 7408]
S2 gupdate1ca0eea7552b860;Služba Google Update (gupdate1ca0eea7552b860);c:\program files\Google\Update\GoogleUpdate.exe [27.7.2009 20:45 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{82CE4849-3D1E-49EF-9BCB-D4BA60B43625}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 20:17
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(6244)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Celkový čas: 2009-09-08 20:20
ComboFix-quarantined-files.txt 2009-09-08 18:20
ComboFix2.txt 2009-09-07 21:00

Před spuštěním: Volných bajtů: 20 320 604 160
Po spuštění: Volných bajtů: 20 276 006 912

210 --- E O F --- 2009-09-08 13:02

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\programdata\is-KA4CM
c:\programdata\is-OQQJO

Collect::
c:\windows\system32\drivers\22270009.sys
c:\users\Haniźka\Desktop\Virus Removal Tool\is-OQQJO\startup.exe

Driver::
is-OQQJOdrv

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Nový výpis níže. Adware je stále přítomen.

ComboFix 09-09-08.01 - Hanička 08.09.2009 21:05.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.929 [GMT 2:00]
Spuštěný z: c:\users\Hanička\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hanička\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\system32\drivers\22270009.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\is-KA4CM
c:\programdata\is-KA4CM\~PRCustomProps#122.dat
c:\programdata\is-KA4CM\~PRObjects#122.dat
c:\programdata\is-OQQJO
c:\programdata\is-OQQJO\~PRCustomProps#122.dat
c:\programdata\is-OQQJO\~PRObjects#122.dat
c:\windows\system32\drivers\22270009.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-OQQJODRV
-------\Service_is-OQQJOdrv


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-08 do 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 19:12 . 2009-09-08 19:12 -------- d-----w- c:\users\slaviaforever\AppData\Local\temp
2009-09-08 19:12 . 2009-09-08 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-08 19:12 . 2009-09-08 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 16:23 . 2009-09-08 19:13 17711136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-08 16:10 . 2009-09-08 16:11 -------- d-----w- C:\rsit
2009-09-08 15:04 . 2009-09-08 15:04 -------- d-----w- c:\program files\CONEXANT
2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Malwarebytes
2009-09-07 21:16 . 2009-09-07 21:31 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-09-07 21:06 . 2009-09-07 21:31 -------- d-----w- c:\program files\VITSOFT
2009-09-07 20:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 20:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 20:15 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-03 13:06 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:06 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 07:07 . 2009-09-03 11:55 -------- d-----w- C:\drak turnaje
2009-09-01 18:06 . 2009-09-01 18:13 -------- d-----w- C:\SHARE
2009-09-01 17:33 . 2009-09-01 17:58 -------- d-----w- c:\program files\Opera 10.10 Beta
2009-08-27 05:22 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 14:32 . 2009-08-29 10:03 -------- d-----w- C:\Záloha
2009-08-23 18:29 . 2009-08-31 18:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-23 18:27 . 2009-08-31 18:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-23 18:11 . 2009-08-23 18:11 -------- d-----w- c:\users\slaviaforever\AppData\Local\Adobe
2009-08-23 17:58 . 2009-08-23 17:58 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Safer Networking
2009-08-23 17:46 . 2009-08-23 17:46 -------- d-----w- c:\users\slaviaforever\AppData\Local\Opera
2009-08-23 17:04 . 2009-08-23 17:04 -------- d-----w- c:\program files\CCleaner
2009-08-23 16:22 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 16:22 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 16:22 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 16:22 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 16:22 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-23 16:22 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-23 16:22 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-23 16:22 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-23 08:38 . 2009-08-23 08:38 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 19:13 . 2009-09-08 16:23 209672 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-08 16:37 . 2007-01-08 21:09 625194 ----a-w- c:\windows\system32\perfh005.dat
2009-09-08 16:37 . 2007-01-08 21:09 124202 ----a-w- c:\windows\system32\perfc005.dat
2009-09-08 16:32 . 2009-07-27 18:45 -------- d-----w- c:\program files\Google
2009-09-08 14:31 . 2008-06-04 10:13 -------- d-----w- c:\program files\CyberLink
2009-09-08 14:30 . 2008-06-04 10:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 14:30 . 2008-06-04 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 14:19 . 2008-11-12 17:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-08 14:18 . 2008-06-18 20:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-23 17:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 08:47 . 2008-06-18 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 08:38 . 2008-06-04 10:03 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2008-06-18 20:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-06-18 20:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-06-18 20:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-06-18 20:41 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-06-18 20:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-06-18 20:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-06-18 20:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-26 20:01 . 2009-07-26 20:00 -------- d-----w- c:\program files\PDFCreator
2009-07-21 21:52 . 2009-07-30 12:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 12:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 12:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 12:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 09:45 . 2009-07-17 09:45 -------- dc-h--w- c:\programdata\{11AE5274-ACE4-48DC-8781-BA074146E52A}
2009-07-11 18:24 . 2009-07-06 17:09 -------- d-----w- c:\program files\Vistumbler
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-11 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-15 14:53 . 2009-07-15 08:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 08:04 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 08:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 08:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 08:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-04 10:06 . 2008-06-04 10:06 76 --sh--r- c:\windows\CT4CET.bin
2008-06-04 17:38 . 2008-06-04 17:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_18.17.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 13:38 . 2009-09-08 16:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-18 13:38 . 2009-09-08 19:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-18 13:38 . 2009-09-08 19:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-18 13:38 . 2009-09-08 16:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-18 13:38 . 2009-09-08 19:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-18 13:38 . 2009-09-08 16:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-08 1994480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-24 282624]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Haniźka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-OQQJO.lnk - c:\users\Haniźka\Desktop\Virus Removal Tool\is-OQQJO\startup.exe [2009-9-8 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-4 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-2 805392]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):f7,78,d0,b0,11,02,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0CF26E59-EAD7-46CA-9186-037D2DA5E3A2}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3876DD4F-52A6-40BC-B878-6A8B066B2C42}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{8FF80374-E25A-4239-89FB-68EF17B75BC0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E9446D35-FB7F-4120-91D2-C04E11C2DDB1}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{8E253E68-6188-4E21-9B2D-61EC1075EBE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C416CAB7-ED33-4C74-BC7B-1DBC5435F269}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0BF4ED8E-4F38-48A1-B558-1900C53199E8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0C5588BC-AEDA-44B2-92CB-D2DFB442C491}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{12102056-4682-48D4-B1C4-148CB5DAB851}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"TCP Query User{9385BB33-92BA-486E-A24A-DE81C44457A6}c:\\program files\\armagetron advanced\\armagetronad.exe"= UDP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"UDP Query User{0C94D635-2287-4BBA-B587-241623FB09B6}c:\\program files\\armagetron advanced\\armagetronad.exe"= TCP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"TCP Query User{AFC0A333-6ADA-45B5-BEAB-761A64B7E24A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{9EC66746-7F4A-4B20-8163-7E741ACA89A1}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{FF153702-A7D9-4329-AC1E-3F2D99F5D940}c:\\program files\\opera 10.10 beta\\opera.exe"= UDP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser
"UDP Query User{526634F3-C686-4E5A-A670-C64DE732B4A6}c:\\program files\\opera 10.10 beta\\opera.exe"= TCP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [18.6.2008 22:41 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 15:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 15:07 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [4.6.2008 11:51 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.6.2008 22:41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.6.2008 22:41 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.6.2008 22:54 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [4.6.2008 19:45 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [4.6.2008 19:45 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [4.6.2008 19:45 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 15:07 7408]
S2 gupdate1ca0eea7552b860;Služba Google Update (gupdate1ca0eea7552b860);c:\program files\Google\Update\GoogleUpdate.exe [27.7.2009 20:45 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{82CE4849-3D1E-49EF-9BCB-D4BA60B43625}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 21:15
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5916)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Celkový čas: 2009-09-08 21:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-08 19:20
ComboFix2.txt 2009-09-08 18:20
ComboFix3.txt 2009-09-07 21:00

Před spuštěním: Volných bajtů: 20 226 469 888
Po spuštění: Volných bajtů: 19 984 109 568

257 --- E O F --- 2009-09-08 13:02
Nahr nˇ probŘhlo ŁspŘçnŘ

Spusťte znovu CF tímto skriptem:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}]

Tak nepomohlo ani toto. Napadá vás ještě něco?Předem děkuji za snahu.
Malwarebytes naleza stale
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.




výpis z combofix

ComboFix 09-09-09.09 - Hanička 10.09.2009 19:43.7.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.1022 [GMT 2:00]
Spuštěný z: c:\users\slaviaforever\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\slaviaforever\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-10 do 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 17:49 . 2009-09-10 17:49 -------- d-----w- c:\users\slaviaforever\AppData\Local\temp
2009-09-10 17:49 . 2009-09-10 17:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-10 17:49 . 2009-09-10 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 16:23 . 2009-09-08 19:13 17711136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-08 16:10 . 2009-09-08 16:11 -------- d-----w- C:\rsit
2009-09-08 15:04 . 2009-09-08 15:04 -------- d-----w- c:\program files\CONEXANT
2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Malwarebytes
2009-09-07 21:16 . 2009-09-07 21:31 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-09-07 21:06 . 2009-09-07 21:31 -------- d-----w- c:\program files\VITSOFT
2009-09-07 20:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 20:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 20:16 . 2009-09-07 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 20:15 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-03 13:06 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:06 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 07:07 . 2009-09-03 11:55 -------- d-----w- C:\drak turnaje
2009-09-01 18:06 . 2009-09-01 18:13 -------- d-----w- C:\SHARE
2009-09-01 17:33 . 2009-09-01 17:58 -------- d-----w- c:\program files\Opera 10.10 Beta
2009-08-27 05:22 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 14:32 . 2009-08-29 10:03 -------- d-----w- C:\Záloha
2009-08-23 18:29 . 2009-08-31 18:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-23 18:27 . 2009-08-31 18:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-23 18:11 . 2009-08-23 18:11 -------- d-----w- c:\users\slaviaforever\AppData\Local\Adobe
2009-08-23 17:58 . 2009-08-23 17:58 -------- d-----w- c:\users\slaviaforever\AppData\Roaming\Safer Networking
2009-08-23 17:46 . 2009-09-09 13:36 -------- d-----w- c:\users\slaviaforever\AppData\Local\Opera
2009-08-23 17:04 . 2009-08-23 17:04 -------- d-----w- c:\program files\CCleaner
2009-08-23 16:22 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 16:22 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 16:22 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 16:22 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 16:22 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-23 16:22 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-23 16:22 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-23 16:22 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-23 08:38 . 2009-08-23 08:38 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 17:40 . 2007-01-08 21:09 625194 ----a-w- c:\windows\system32\perfh005.dat
2009-09-10 17:40 . 2007-01-08 21:09 124202 ----a-w- c:\windows\system32\perfc005.dat
2009-09-08 19:13 . 2009-09-08 16:23 209672 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-08 16:32 . 2009-07-27 18:45 -------- d-----w- c:\program files\Google
2009-09-08 14:31 . 2008-06-04 10:13 -------- d-----w- c:\program files\CyberLink
2009-09-08 14:30 . 2008-06-04 10:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 14:30 . 2008-06-04 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 14:19 . 2008-11-12 17:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-08 14:18 . 2008-06-18 20:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-23 17:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 08:47 . 2008-06-18 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 08:38 . 2008-06-04 10:03 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2008-06-18 20:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-06-18 20:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-06-18 20:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-06-18 20:41 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-06-18 20:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-06-18 20:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-06-18 20:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-26 20:01 . 2009-07-26 20:00 -------- d-----w- c:\program files\PDFCreator
2009-07-21 21:52 . 2009-07-30 12:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 12:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 12:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 12:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 09:45 . 2009-07-17 09:45 -------- dc-h--w- c:\programdata\{11AE5274-ACE4-48DC-8781-BA074146E52A}
2009-06-15 14:53 . 2009-07-15 08:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 08:04 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 08:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 08:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 08:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-04 10:06 . 2008-06-04 10:06 76 --sh--r- c:\windows\CT4CET.bin
2008-06-04 17:38 . 2008-06-04 17:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-08_18.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-23 17:18 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\gatherWirelessInfo.vbs
+ 2009-07-11 09:54 . 2009-04-10 21:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanhlp.dll
+ 2008-06-23 17:18 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\gatherWirelessInfo.vbs
+ 2008-06-23 17:18 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\gatherWirelessInfo.vbs
+ 2008-06-23 17:20 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanhlp.dll
+ 2008-06-23 17:20 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanapi.dll
+ 2008-06-23 17:18 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\gatherWirelessInfo.vbs
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\gatherWirelessInfo.vbs
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\gatherWirelessInfo.vbs
+ 2009-07-11 09:56 . 2009-04-10 21:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\rrinstaller.exe
+ 2009-07-11 09:54 . 2009-04-10 21:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfps.dll
+ 2009-07-11 09:54 . 2009-04-10 21:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfpmp.exe
+ 2008-06-23 17:19 . 2008-01-19 07:33 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\rrinstaller.exe
+ 2008-06-23 17:19 . 2008-01-19 07:34 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfps.dll
+ 2008-06-23 17:19 . 2008-01-19 07:33 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfpmp.exe
+ 2008-06-04 10:02 . 2009-09-09 14:34 43174 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-10 17:37 62020 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-18 13:42 . 2009-09-10 05:35 10444 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3198895758-2613398957-186823724-1000_UserData.bin
+ 2008-06-18 13:38 . 2009-09-10 17:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-18 13:38 . 2009-09-08 16:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-18 13:38 . 2009-09-08 16:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-18 13:38 . 2009-09-10 17:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-18 13:38 . 2009-09-08 16:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-18 13:38 . 2009-09-10 17:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-11 09:54 . 2009-04-10 19:55 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mferror.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mferror.dll
+ 2006-11-02 10:33 . 2009-09-10 17:40 9390 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 16:37 9390 c:\windows\System32\perfh009.dat
+ 2009-09-09 14:32 . 2009-09-10 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-08 15:25 . 2009-09-08 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-08 15:25 . 2009-09-08 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-09 14:32 . 2009-09-10 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 19:57 . 2009-09-10 17:33 269996 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 10:33 . 2009-09-10 17:40 110254 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-08 16:37 110254 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2009-09-10 13:21 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-09-07 20:27 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-03 18:25 . 2009-09-10 13:24 147805794 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-08 1994480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-24 282624]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Haniźka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-OQQJO.lnk - c:\users\Haniźka\Desktop\Virus Removal Tool\is-OQQJO\startup.exe [2009-9-8 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-4 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-2 805392]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):f7,78,d0,b0,11,02,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0CF26E59-EAD7-46CA-9186-037D2DA5E3A2}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{3876DD4F-52A6-40BC-B878-6A8B066B2C42}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{8FF80374-E25A-4239-89FB-68EF17B75BC0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E9446D35-FB7F-4120-91D2-C04E11C2DDB1}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{8E253E68-6188-4E21-9B2D-61EC1075EBE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C416CAB7-ED33-4C74-BC7B-1DBC5435F269}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0BF4ED8E-4F38-48A1-B558-1900C53199E8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0C5588BC-AEDA-44B2-92CB-D2DFB442C491}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{12102056-4682-48D4-B1C4-148CB5DAB851}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"TCP Query User{9385BB33-92BA-486E-A24A-DE81C44457A6}c:\\program files\\armagetron advanced\\armagetronad.exe"= UDP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"UDP Query User{0C94D635-2287-4BBA-B587-241623FB09B6}c:\\program files\\armagetron advanced\\armagetronad.exe"= TCP:c:\program files\armagetron advanced\armagetronad.exe:armagetronad
"TCP Query User{AFC0A333-6ADA-45B5-BEAB-761A64B7E24A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{9EC66746-7F4A-4B20-8163-7E741ACA89A1}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{FF153702-A7D9-4329-AC1E-3F2D99F5D940}c:\\program files\\opera 10.10 beta\\opera.exe"= UDP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser
"UDP Query User{526634F3-C686-4E5A-A670-C64DE732B4A6}c:\\program files\\opera 10.10 beta\\opera.exe"= TCP:c:\program files\opera 10.10 beta\opera.exe:Opera Internet Browser

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [18.6.2008 22:41 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3.9.2008 15:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3.9.2008 15:07 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [4.6.2008 11:51 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.6.2008 22:41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.6.2008 22:41 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.6.2008 22:54 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [4.6.2008 19:45 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [4.6.2008 19:45 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [4.6.2008 19:45 7424]
S2 gupdate1ca0eea7552b860;Služba Google Update (gupdate1ca0eea7552b860);c:\program files\Google\Update\GoogleUpdate.exe [27.7.2009 20:45 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3.9.2008 15:07 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 18:45]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{82CE4849-3D1E-49EF-9BCB-D4BA60B43625}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 19:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3728)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Celkový čas: 2009-09-10 19:50
ComboFix-quarantined-files.txt 2009-09-10 17:50
ComboFix2.txt 2009-09-09 14:30
ComboFix3.txt 2009-09-09 14:12
ComboFix4.txt 2009-09-09 13:50
ComboFix5.txt 2009-09-10 17:41

Před spuštěním: Volných bajtů: 19 739 095 040
Po spuštění: Volných bajtů: 19 631 316 992

244 --- E O F --- 2009-09-08 13:02

Pomůže třeba toto?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hanička at 2009-09-10 20:29:44
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 19 GB (8%) free of 226 GB
Total RAM: 2037 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:56, on 10.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Opera 10.10 Beta\opera.exe
C:\Windows\system32\conime.exe
C:\Users\Hanička\AppData\Local\Opera\Opera 10.10 Beta\temporary_downloads\RSIT (1).exe
C:\Jirik\Hanička.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1ca0eea7552b860) (gupdate1ca0eea7552b860) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6949 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{82CE4849-3D1E-49EF-9BCB-D4BA60B43625}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-23 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-23 149280]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-11-12 405504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-06-24 282624]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-04 36864]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-12 3444736]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-07 159744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-08 1994480]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Hanička^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^is-OQQJO.lnk]
C:\Users\HANIKA~1\Desktop\VIRUSR~1\is-OQQJO\startup.exe [2008-11-12 65536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-10 20:23:06 ----A---- C:\avenger.txt
2009-09-10 19:51:36 ----A---- C:\logPoUprave_1.txt
2009-09-10 19:51:00 ----D---- C:\Windows\temp
2009-09-10 19:50:59 ----A---- C:\ComboFix.txt
2009-09-10 19:50:14 ----SHD---- C:\$RECYCLE.BIN
2009-09-10 15:31:27 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 15:31:27 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 15:31:26 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 15:31:25 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 15:31:25 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 15:30:21 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 15:30:18 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 15:30:18 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 15:30:18 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 15:30:18 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 15:30:18 ----A---- C:\Windows\system32\finger.exe
2009-09-10 15:30:18 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 15:30:17 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 15:27:03 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 15:25:06 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 15:25:01 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 15:24:59 ----A---- C:\Windows\system32\mf.dll
2009-09-08 21:21:37 ----A---- C:\logPoUprave.txt
2009-09-08 20:08:04 ----D---- C:\Qoobox
2009-09-08 18:10:54 ----D---- C:\rsit
2009-09-08 17:17:15 ----D---- C:\Windows\Minidump
2009-09-08 17:04:51 ----D---- C:\Program Files\CONEXANT
2009-09-08 15:38:36 ----D---- C:\Users\Hanička\AppData\Roaming\Uniblue
2009-09-07 23:42:46 ----D---- C:\Windows\pss
2009-09-07 23:16:16 ----D---- C:\Users\Hanička\AppData\Roaming\TweakNow RegCleaner
2009-09-07 23:16:16 ----D---- C:\Program Files\TweakNow RegCleaner
2009-09-07 23:12:39 ----D---- C:\Users\Hanička\AppData\Roaming\Smart PC Solutions
2009-09-07 23:12:38 ----D---- C:\ProgramData\TEMP
2009-09-07 23:06:32 ----D---- C:\Program Files\VITSOFT
2009-09-07 22:50:25 ----A---- C:\Windows\zip.exe
2009-09-07 22:50:25 ----A---- C:\Windows\SWXCACLS.exe
2009-09-07 22:50:25 ----A---- C:\Windows\SWSC.exe
2009-09-07 22:50:25 ----A---- C:\Windows\SWREG.exe
2009-09-07 22:50:25 ----A---- C:\Windows\sed.exe
2009-09-07 22:50:25 ----A---- C:\Windows\PEV.exe
2009-09-07 22:50:25 ----A---- C:\Windows\NIRCMD.exe
2009-09-07 22:50:25 ----A---- C:\Windows\grep.exe
2009-09-07 22:50:18 ----D---- C:\Windows\ERDNT
2009-09-07 22:16:52 ----D---- C:\Users\Hanička\AppData\Roaming\Malwarebytes
2009-09-07 22:16:46 ----D---- C:\ProgramData\Malwarebytes
2009-09-07 22:16:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-03 15:06:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-03 15:06:04 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-03 09:07:51 ----D---- C:\drak turnaje
2009-09-01 20:06:33 ----D---- C:\SHARE
2009-09-01 19:33:31 ----D---- C:\Program Files\Opera 10.10 Beta
2009-08-27 07:22:55 ----A---- C:\Windows\system32\tzres.dll
2009-08-26 16:32:14 ----D---- C:\Záloha
2009-08-23 20:29:09 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-23 20:27:31 ----D---- C:\ProgramData\Lavasoft
2009-08-23 19:04:21 ----D---- C:\Program Files\CCleaner
2009-08-23 18:22:43 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-23 18:22:37 ----A---- C:\Windows\system32\atl.dll
2009-08-23 18:22:31 ----A---- C:\Windows\system32\mstscax.dll
2009-08-23 18:22:27 ----A---- C:\Windows\system32\avifil32.dll
2009-08-23 18:22:19 ----A---- C:\Windows\system32\wmp.dll
2009-08-23 18:22:17 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-23 18:22:16 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-23 18:22:16 ----A---- C:\Windows\system32\spwmp.dll
2009-08-23 18:22:16 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-23 10:38:38 ----A---- C:\Windows\system32\javaws.exe
2009-08-23 10:38:38 ----A---- C:\Windows\system32\javaw.exe
2009-08-23 10:38:38 ----A---- C:\Windows\system32\java.exe
2009-08-23 10:38:38 ----A---- C:\Windows\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-09-10 20:29:46 ----D---- C:\Jirik
2009-09-10 20:23:14 ----D---- C:\Windows\rescache
2009-09-10 20:17:03 ----D---- C:\Windows\winsxs
2009-09-10 20:11:58 ----D---- C:\Windows\System32
2009-09-10 20:11:58 ----D---- C:\Windows\inf
2009-09-10 20:11:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-10 20:05:01 ----D---- C:\Windows\system32\cs-CZ
2009-09-10 20:05:00 ----D---- C:\Windows\system32\drivers
2009-09-10 20:01:09 ----D---- C:\Windows\Debug
2009-09-10 20:01:05 ----D---- C:\Windows\system32\catroot
2009-09-10 20:00:59 ----D---- C:\Program Files\Windows Mail
2009-09-10 20:00:38 ----D---- C:\Windows\ehome
2009-09-10 20:00:27 ----SHD---- C:\System Volume Information
2009-09-10 19:51:00 ----D---- C:\Windows
2009-09-10 19:49:19 ----A---- C:\Windows\system.ini
2009-09-10 19:46:47 ----D---- C:\Windows\AppPatch
2009-09-10 19:46:45 ----D---- C:\Program Files\Common Files
2009-09-10 15:24:31 ----D---- C:\Windows\system32\catroot2
2009-09-08 21:13:00 ----D---- C:\Windows\system32\config
2009-09-08 21:13:00 ----D---- C:\Boot
2009-09-08 21:12:01 ----D---- C:\ProgramData
2009-09-08 20:22:00 ----D---- C:\Windows\Prefetch
2009-09-08 18:53:57 ----SHD---- C:\Windows\Installer
2009-09-08 18:37:12 ----RD---- C:\Program Files
2009-09-08 18:33:16 ----D---- C:\Windows\system32\Tasks
2009-09-08 18:32:45 ----D---- C:\Program Files\Google
2009-09-08 18:32:44 ----D---- C:\Windows\Tasks
2009-09-08 17:56:47 ----SD---- C:\Windows\Downloaded Program Files
2009-09-08 16:31:37 ----D---- C:\Program Files\CyberLink
2009-09-08 16:31:05 ----SD---- C:\Users\Hanička\AppData\Roaming\Microsoft
2009-09-08 16:30:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-08 16:30:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 16:19:24 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-08 16:18:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-07 17:31:22 ----D---- C:\Instalace
2009-09-01 19:47:40 ----RD---- C:\Users
2009-09-01 19:33:40 ----D---- C:\Users\Hanička\AppData\Roaming\Opera
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-27 20:51:05 ----D---- C:\Users\Hanička\AppData\Roaming\Skype
2009-08-27 20:16:53 ----D---- C:\Users\Hanička\AppData\Roaming\skypePM
2009-08-27 07:21:56 ----D---- C:\Program Files\Internet Explorer
2009-08-24 13:24:42 ----D---- C:\Přírodopis prezentace
2009-08-23 20:11:40 ----D---- C:\Fotky
2009-08-23 19:10:04 ----D---- C:\Program Files\Windows Media Player
2009-08-23 10:47:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-23 10:38:17 ----D---- C:\Program Files\Java
2009-08-17 23:00:15 ----D---- C:\Users\Hanička\AppData\Roaming\vlc
2009-08-17 18:10:20 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-03 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-29 74480]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-07 155136]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-12 1044984]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-03 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-03 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-07-07 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-03 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 catchme;catchme; \??\C:\Users\HANIKA~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 slabbus;CP210x USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\slabbus.sys [2008-06-13 58368]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\Windows\system32\DRIVERS\slabser.sys [2008-06-13 75776]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-12 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 gupdate1ca0eea7552b860;Služba Google Update (gupdate1ca0eea7552b860); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-27 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-27 190448]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]

-----------------EOF-----------------

Položku, kterou MBAM nalezl, smažte. Vše ostatní vypadá OK.

:-)což o to- smazat tuto položku se snažím už 3 dny:-)když potvrdím výmaz, tak se zobrazí okne kde je info, že se vymaže položka po restartu pc. Po restartu ale položka v registru je stále a i ručne nelze odebrat:-)

Pak už jen obnovu systému k datu, kdy nebyl nakažen.

Zdravím-jen poznámka- po stažení aktualizace na Malwarebytes si tento SW poradil s odstraněním DoubleD z registru.

Hlavně, že se to podařilo.

spybot našel v mem pc doubled, můžete prosím pomoci? z 11entries PUPSC se mi podařilo pomocí combofixu odstranit 9, ale 2 tam zůstaly a nejdou odstranit. pc píše po restartu, ale nestalo se tak. odstranil jsem je i z karantény esetu, ale pořád nic. jsou to tyto:
1. (SBI S9A2CEF84) Type library
HKEY_CLASSES_ROOT\TypeLib\(883DFC00-8A21-411D-956C-73A4E4B7D16F) klíč v registru
2. (SBI SOB2D5COF) Interface
HKEY_CLASSES_ROOT\Interface\(480098C6-F6AD-4C61-9B5C-2BAE228A34D1) klíč v registru

ComboFix 10-02-12.01 - kretotaur 14.02.2010 18:37:21.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1943 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3739927416-3359866453-3552197657-1004
c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 12:26 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 17:35 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-14 17:09 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-14 17:09 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-13 17:11 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-14 18:45:28
ComboFix-quarantined-files.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 132 407 808
Po spuštění: Volných bajtů: 243 398 295 552

- - End Of File - - A9CE6A3BF3E3FC1ED8A6C529F8EE67DB


ComboFix 10-02-12.01 - kretotaur 14.02.2010 22:25:40.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2123 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\kretotaur\Documents\z loha registr….reg

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 21:17 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-14 21:06 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-14 20:16 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-14 19:20 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 22:29
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-14 22:31:41
ComboFix-quarantined-files.txt 2010-02-14 21:31
ComboFix2.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 426 111 488
Po spuštění: Volných bajtů: 243 397 619 712

- - End Of File - - 28C36F6C8971FC6E41D2F7A7CBC003B0



ComboFix 10-02-12.01 - kretotaur 15.02.2010 12:49:53.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1959 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 11:49 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-15 10:19 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-15 10:19 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-14 19:20 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 12:56
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-15 12:58:34
ComboFix-quarantined-files.txt 2010-02-15 11:58
ComboFix2.txt 2010-02-14 21:31
ComboFix3.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 461 701 632
Po spuštění: Volných bajtů: 243 421 720 576

- - End Of File - - 612C79B741A14B4CDAA76F40B8F86902

2kretotaur: Založte si, prosím, vlastní topic. Děkujeme.