problémy se stahováním

freEDelL · Příspěvek od **freEDelL** » úte 29. pro 2009, 17:29

Zdravím, chtěl jsem se zeptat ohledně problémů se stahováním. Nevím si rady. Před nedávnem (asi 2 dny) mi nahlásil Avast v PC vir. Škodlivé soubory jsem odstranil a dal jsem důkladně kontrolovat počítač. NOD, Avast, Spybot ani Microsoft Security Essentials nic nenašli. Tudíž jsem usuzoval, že je vše v pořádku, až náhle když jsem stahoval, tak mi soubory dojely do 99% a jakmile se měly překopírovat ze skryté složky kam se ukládaly na plochu, tak se nezkopírovaly a zůstaly viset na těch 99%. Dělá mi to jak IE tak Google Chrome, nějak to nechápu. Ani do jiných složek mi to stahování nejede. Nevíte čím to může být? Zda nějakým pozůstatkem z viru, trojana nebo bůh ví co to bylo, nebo je chyba někde jinde?

Díky moc za rady. F.

jan.svoboda · Příspěvek od **jan.svoboda** » úte 29. pro 2009, 17:33

Ahoj, tak prvně, dva antiviry na PC (Avast, Nod) jsou horší než žádný, to ale vyřešíme po vyčištění PC. Viděl bych to na problém havěti. Vlož sem log z HijackThis a uvidíme dále.

Návod: Stáhni jej třeba odtud http://go.trendmicro.com/free-tools/hij ... ckThis.exe a spusť, klikni na Do a system scan and save a log, po chvíli se zobrazí log v Poznámkovém dokumentu, jeho obsah sem vlož.

Příspěvek od **zombux** » úte 29. pro 2009, 17:40

chyba může bejt taky v nabořeném antiviru - obvykle při ukončení stahování z netu a přesunu z "temp-downloadu" do cílové složky antivir kontroluje co se vlastně děje.

jan.svoboda · Příspěvek od **jan.svoboda** » úte 29. pro 2009, 17:43

To je fakt. Ale log by stejně hodil, když píše, že měl havěť v PC.

freEDelL · Příspěvek od **freEDelL** » úte 29. pro 2009, 23:40

takže, tady máte ten log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:17, on 29.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Launch Manager\FanSysTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ondra\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest_start.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8805 bytes

je tam něco divného?

jan.svoboda · Příspěvek od **jan.svoboda** » úte 29. pro 2009, 23:55

Není, jenom, znáš/používáš NetSoftware? Ještě pro jistotu vlož log z ComboFixu, ale vyapdá to čistě

Pokud to tím nebude, jak již psal Zombux, napříkald zkusit přeinstalovat antivir, protože může být problém tam.

Stahni si ComboFix
( http://download.bleepingcomputer.com/sUBs/ComboFix.exe , http://www.forospyware.com/sUBs/ComboFix.exe ) na plochu,

beta: http://download.bleepingcomputer.com/sU ... ttyFix.exe

- ukoncete vsechna aktivni okna a spuste ho pod uctem administratora.
- potvrdte licencni podminky - klik na "Ano", pripadne dalsi vyzvy programu.
- zapiste si informace proc se ukoncil nebo co mu brani v provozu (sdelte radci)
- nechte stahnout i nainstalovat recovery konzolu (velmi doporucuji)
- behem skenu neklikejte do zobrazeneho okna, je mozne ze CF restartuje PC.
- sken by mel trvat max. 20 minut. Pokud ani do uvedene doby nedojde k jeho ukonceni, ukoncite ho, kdy uvedeny problem nahlaste radci.
- po ukonceni se otevre log (textovy soubor) - pokud se tak nestane lze log najit C:\ComboFix.txt - cely obsah logu zkopirujte do sveho prispevku

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 00:40

netsoftware na tomto pc tuším nemám, teda na 99% ne...teď jdu zkusit ten ComboFix a pak se hodím log...

//EDIT: přidávám log z combofixu

ComboFix 09-12-29.04 - Ondra 30.12.2009 0:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2269.882 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3433778454-1113714331-1554994461-500
c:\$recycle.bin\S-1-5-21-948171023-2604957255-2144845928-1004
c:\$recycle.bin\S-1-5-21-948171023-2604957255-2144845928-1005
c:\program files\ICQ6.5\ICQLRun.exe
C:\test.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 08:56 . 2009-12-29 09:08 -------- d-----w- c:\program files\Euro Truck Simulator
2009-12-29 08:30 . 2009-12-29 08:30 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:30 . 2009-12-29 08:30 -------- d-----w- c:\users\Ondra\AppData\Local\Mozilla
2009-12-28 00:11 . 2009-12-28 00:11 -------- d-----w- c:\programdata\ATI
2009-12-27 23:57 . 2009-12-27 23:57 10134 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{E2D60526-A01D-E603-52BC-E541C8640920}\ARPPRODUCTICON.exe
2009-12-27 23:56 . 2009-12-27 23:56 -------- d-----w- c:\program files\ATI
2009-12-27 12:16 . 2009-12-27 12:16 -------- d-----w- c:\program files\ESET
2009-12-26 22:26 . 2009-12-26 22:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 22:24 . 2009-12-26 22:24 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-26 22:20 . 2009-12-26 22:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-26 22:19 . 2009-12-26 22:19 -------- d-----w- c:\program files\Patrick M. Kolla
2009-12-25 11:59 . 2009-12-25 11:59 -------- d-----w- c:\program files\Zaparit
2009-12-25 10:18 . 2009-12-25 10:18 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-25 10:18 . 2009-12-25 10:18 -------- d-----w- c:\users\Ondra\SystemRequirementsLab
2009-12-21 23:20 . 2009-12-21 23:20 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-12-21 23:20 . 2009-03-31 13:08 2789480 -c--a-w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe
2009-12-21 22:39 . 2009-12-21 23:19 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-12-21 22:39 . 2008-08-11 11:26 2864992 -c--a-r- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe
2009-12-20 17:34 . 2009-12-20 17:34 -------- d-----w- c:\program files\Common Files\Steam
2009-12-20 17:33 . 2009-12-29 08:00 -------- d-----w- c:\program files\Steam
2009-12-17 09:41 . 2009-12-17 09:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 15:15 . 2009-12-13 15:15 -------- d-----w- c:\users\Ondra\AppData\Roaming\Zoner
2009-12-13 15:14 . 2009-12-13 15:14 -------- d-----w- c:\program files\Zoner
2009-12-11 14:36 . 2009-12-11 14:36 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-11 14:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-11 14:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-11 14:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-11 14:03 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-11 14:03 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-11 14:03 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-11 14:03 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-11 14:03 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-11 14:03 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-11 14:03 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-11 14:03 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-11 14:03 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-11 14:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-11 14:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-11 14:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-11 09:00 . 2009-12-11 09:01 -------- d-----w- c:\windows\system32\ca-ES
2009-12-11 09:00 . 2009-12-11 09:00 -------- d-----w- c:\windows\system32\eu-ES
2009-12-11 09:00 . 2009-12-11 09:00 -------- d-----w- c:\windows\system32\vi-VN
2009-12-11 03:30 . 2009-04-11 06:28 595456 ----a-w- c:\windows\system32\schedsvc.dll
2009-12-11 03:29 . 2009-04-11 06:28 38400 ----a-w- c:\windows\system32\rtffilt.dll
2009-12-11 03:29 . 2009-04-11 06:28 222720 ----a-w- c:\windows\system32\umpnpmgr.dll
2009-12-11 03:29 . 2009-04-11 06:27 799744 ----a-w- c:\windows\system32\certutil.exe
2009-12-11 03:29 . 2009-04-11 06:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-11 03:29 . 2009-04-11 06:28 282624 ----a-w- c:\windows\system32\w32time.dll
2009-12-11 03:28 . 2009-04-11 04:42 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-12-11 03:28 . 2009-04-11 06:28 364032 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-11 03:28 . 2009-04-11 06:27 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-12-11 03:28 . 2009-04-11 04:15 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 03:28 . 2009-04-11 06:28 274432 ----a-w- c:\windows\system32\bcrypt.dll
2009-12-11 03:28 . 2009-04-11 06:28 11776 ----a-w- c:\windows\system32\msshooks.dll
2009-12-11 03:28 . 2009-04-11 06:28 60416 ----a-w- c:\windows\system32\msscntrs.dll
2009-12-11 03:28 . 2009-04-11 06:28 40960 ----a-w- c:\windows\system32\bthserv.dll
2009-12-11 03:27 . 2009-04-11 06:27 241128 ----a-w- c:\windows\system32\rsaenh.dll
2009-12-11 03:27 . 2009-04-11 06:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-12-11 03:27 . 2009-04-11 06:28 332800 ----a-w- c:\windows\system32\msihnd.dll
2009-12-11 03:27 . 2009-04-11 06:28 150528 ----a-w- c:\windows\system32\MMDevAPI.dll
2009-12-11 03:27 . 2009-02-18 18:39 35680 ----a-w- c:\windows\system32\TsWpfWrp.exe
2009-12-11 03:27 . 2009-04-11 06:28 43008 ----a-w- c:\windows\system32\msstrc.dll
2009-12-11 03:26 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-12-11 03:26 . 2009-04-11 06:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2009-12-11 03:26 . 2009-03-30 04:42 93512 ----a-w- c:\windows\system32\dfshim.dll
2009-12-11 03:26 . 2009-04-11 06:28 122368 ----a-w- c:\windows\system32\inetpp.dll
2009-12-11 03:26 . 2009-04-11 06:28 310272 ----a-w- c:\windows\system32\mtxclu.dll
2009-12-11 03:25 . 2009-04-11 06:28 129024 ----a-w- c:\windows\system32\cryptsvc.dll
2009-12-11 03:25 . 2009-04-11 06:28 153088 ----a-w- c:\windows\system32\fundisc.dll
2009-12-11 03:25 . 2009-04-11 06:28 26112 ----a-w- c:\windows\system32\hidserv.dll
2009-12-11 03:25 . 2009-03-30 04:42 80720 ----a-w- c:\windows\system32\mscories.dll
2009-12-11 03:25 . 2009-04-11 06:28 130560 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2009-12-11 03:25 . 2009-04-11 06:28 343040 ----a-w- c:\windows\system32\wmicmiplugin.dll
2009-12-11 03:25 . 2009-04-11 06:28 153088 ----a-w- c:\windows\system32\profsvc.dll
2009-12-11 03:25 . 2009-04-11 06:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-12-11 03:24 . 2009-04-11 06:28 107520 ----a-w- c:\windows\system32\imapi.dll
2009-12-11 03:24 . 2009-04-11 06:27 73216 ----a-w- c:\windows\system32\msiexec.exe
2009-12-11 03:23 . 2009-04-11 06:32 125928 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2009-12-11 03:23 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2009-12-11 03:23 . 2009-04-11 06:28 1020928 ----a-w- c:\windows\system32\wdc.dll
2009-12-11 03:23 . 2009-04-11 06:28 1671680 ----a-w- c:\windows\system32\chsbrkr.dll
2009-12-11 03:23 . 2009-04-11 04:14 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-11 03:23 . 2009-04-11 06:28 252928 ----a-w- c:\windows\system32\iassdo.dll
2009-12-11 03:22 . 2009-04-11 06:28 1823744 ----a-w- c:\windows\system32\pnidui.dll
2009-12-11 03:22 . 2009-04-11 06:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-12-11 03:22 . 2009-04-11 06:28 127488 ----a-w- c:\windows\system32\spoolsv.exe
2009-12-11 03:22 . 2009-02-18 18:38 9048 ----a-w- c:\windows\system32\icardres.dll
2009-12-11 03:22 . 2009-04-11 06:27 636416 ----a-w- c:\windows\system32\autofmt.exe
2009-12-11 03:22 . 2009-04-11 06:32 265688 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-12-11 03:22 . 2009-04-11 06:28 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-11 03:22 . 2009-04-11 06:32 35304 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2009-12-11 03:22 . 2009-04-11 06:28 126976 ----a-w- c:\windows\system32\wersvc.dll
2009-12-11 03:21 . 2009-04-11 06:32 50664 ----a-w- c:\windows\system32\PSHED.DLL
2009-12-11 03:21 . 2009-02-18 18:39 92918 ----a-w- c:\windows\system32\slmgr.vbs
2009-12-11 03:21 . 2009-04-11 06:32 122344 ----a-w- c:\windows\system32\drivers\Storport.sys
2009-12-11 03:21 . 2009-04-11 06:32 245736 ----a-w- c:\windows\system32\clfs.sys
2009-12-11 03:21 . 2009-04-11 06:28 242176 ----a-w- c:\windows\system32\pdh.dll
2009-12-11 03:21 . 2009-04-11 06:28 757248 ----a-w- c:\windows\system32\azroles.dll
2009-12-11 03:21 . 2009-04-11 06:28 633856 ----a-w- c:\windows\system32\CertEnrollUI.dll
2009-12-11 03:20 . 2009-04-11 06:32 54248 ----a-w- c:\windows\system32\drivers\partmgr.sys
2009-12-11 03:20 . 2009-04-11 06:28 1107968 ----a-w- c:\windows\system32\pidgenx.dll
2009-12-11 03:20 . 2009-04-11 06:28 867328 ----a-w- c:\windows\system32\wmpmde.dll
2009-12-11 03:20 . 2009-04-11 06:28 314368 ----a-w- c:\windows\system32\winlogon.exe
2009-12-11 03:18 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2009-12-11 03:18 . 2009-04-11 06:28 189952 ----a-w- c:\windows\system32\winmm.dll
2009-12-11 03:18 . 2009-04-11 06:28 340992 ----a-w- c:\windows\system32\RelMon.dll
2009-12-11 03:18 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-12-11 03:18 . 2009-04-11 06:28 612864 ----a-w- c:\windows\system32\rdpencom.dll
2009-12-11 03:18 . 2009-04-11 06:28 115712 ----a-w- c:\windows\system32\WinSCard.dll
2009-12-11 03:18 . 2009-04-11 06:28 860160 ----a-w- c:\windows\system32\WerFaultSecure.exe
2009-12-11 03:18 . 2009-04-11 06:28 13312 ----a-w- c:\windows\system32\spcmsg.dll
2009-12-11 03:18 . 2009-04-11 06:28 194560 ----a-w- c:\windows\system32\offfilt.dll
2009-12-11 03:16 . 2009-04-11 06:28 551936 ----a-w- c:\windows\system32\prnntfy.dll
2009-12-11 03:15 . 2009-04-11 06:28 825856 ----a-w- c:\windows\system32\rasdlg.dll
2009-12-11 03:14 . 2009-04-11 06:28 1224192 ----a-w- c:\windows\system32\sud.dll
2009-12-11 03:14 . 2009-04-11 06:28 175616 ----a-w- c:\windows\system32\dot3svc.dll
2009-12-11 03:14 . 2009-04-11 06:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2009-12-11 03:14 . 2009-04-11 06:28 464384 ----a-w- c:\windows\system32\pcaui.dll
2009-12-11 03:14 . 2009-04-11 06:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-12-11 03:14 . 2009-04-11 06:28 2515968 ----a-w- c:\windows\system32\accessibilitycpl.dll
2009-12-11 03:14 . 2009-04-11 06:28 57344 ----a-w- c:\windows\system32\samlib.dll
2009-12-11 03:14 . 2009-04-11 06:28 52224 ----a-w- c:\windows\system32\mmci.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 23:53 . 2009-11-03 08:21 -------- d-----w- c:\program files\ICQ6.5
2009-12-29 23:40 . 2008-10-07 10:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-29 08:24 . 2009-11-09 21:13 -------- d-----w- c:\program files\NetSoftware
2009-12-29 07:58 . 2009-11-03 08:21 -------- d-----w- c:\users\Ondra\AppData\Roaming\ICQ
2009-12-28 22:40 . 2009-11-06 15:18 -------- d-----w- c:\programdata\Codemasters
2009-12-28 20:13 . 2008-04-14 13:47 639248 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:13 . 2008-04-14 13:47 135978 ----a-w- c:\windows\system32\perfc005.dat
2009-12-28 00:02 . 2009-11-02 21:14 -------- d-----w- c:\program files\ATI Technologies
2009-12-27 23:47 . 2009-11-10 21:40 2032 ----a-w- c:\users\Ondra\AppData\Local\d3d9caps.dat
2009-12-27 22:47 . 2009-11-03 05:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-27 22:47 . 2009-11-03 05:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-26 11:35 . 2009-11-03 00:53 -------- d-----w- c:\users\Ondra\AppData\Roaming\uTorrent
2009-12-26 09:01 . 2008-10-07 11:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 12:12 . 2009-11-28 10:47 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-25 12:11 . 2009-11-28 10:46 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 14:00 . 2009-11-19 23:25 -------- d-----w- c:\users\Ondra\AppData\Roaming\AIMP
2009-12-21 22:40 . 2009-11-02 23:47 22328 ----a-w- c:\users\Ondra\AppData\Roaming\PnkBstrK.sys
2009-12-21 22:40 . 2009-11-02 23:47 22328 ----a-w- c:\users\Ondra\AppData\Roaming\PnkBstrK.sys
2009-12-21 22:40 . 2009-11-03 01:11 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-20 17:31 . 2009-11-08 23:02 132648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-20 17:30 . 2009-11-02 15:12 8224 ----a-w- c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-17 09:40 . 2009-11-02 15:41 -------- d-----w- c:\program files\Java
2009-12-16 19:20 . 2009-11-02 16:01 -------- d-----w- c:\programdata\Microsoft Help
2009-12-11 14:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-11 14:36 . 2009-12-11 14:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-11 09:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-11 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-08 15:26 . 2009-11-03 01:09 -------- d-----w- c:\programdata\Media Center Programs
2009-12-05 12:25 . 2009-11-03 09:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-04 21:53 . 2009-11-03 21:57 -------- d-----w- c:\programdata\TrackMania
2009-12-03 17:18 . 2009-11-08 15:35 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-03 14:25 . 2009-11-08 15:34 -------- d-----w- c:\programdata\TuneUp Software
2009-11-28 10:46 . 2009-11-28 10:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-24 23:54 . 2009-11-09 18:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-11-09 18:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-09 18:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-09 18:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 22:46 . 2009-11-22 22:46 -------- d-----w- c:\users\Ondra\AppData\Roaming\Media Player Classic
2009-11-21 06:40 . 2009-12-10 20:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 20:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 20:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 20:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 00:45 . 2009-11-20 20:52 -------- d-----w- c:\program files\Sony Ericsson
2009-11-20 22:43 . 2009-11-20 22:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-11-20 22:32 . 2009-11-20 22:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-11-20 22:15 . 2009-11-20 22:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-20 22:02 . 2009-11-20 22:02 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-11-20 22:02 . 2009-11-20 22:02 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-11-20 22:02 . 2009-11-20 22:02 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-11-20 20:52 . 2009-11-20 20:52 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-19 23:25 . 2009-11-02 15:49 -------- d-----w- c:\program files\AIMP2
2009-11-17 09:17 . 2009-11-08 15:36 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-17 09:12 . 2009-11-08 15:36 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-11-17 09:12 . 2009-11-08 15:36 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-16 22:08 . 2009-11-16 22:08 -------- d-----w- c:\users\Ondra\AppData\Roaming\proDAD
2009-11-16 22:08 . 2009-11-16 22:08 -------- d-----w- c:\program files\proDAD
2009-11-16 22:08 . 2009-11-16 22:08 -------- d-----w- c:\program files\LooksBuilderSE
2009-11-16 22:07 . 2009-11-16 22:06 -------- d-----w- c:\program files\Boris FX, Inc
2009-11-16 22:05 . 2009-11-16 21:51 -------- d-----w- c:\program files\Pinnacle
2009-11-16 22:03 . 2009-11-16 22:03 29926 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-11-16 22:03 . 2009-11-16 22:03 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-11-16 22:02 . 2009-11-16 22:02 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-11-16 21:51 . 2009-11-16 21:51 -------- d-----w- c:\programdata\Studio 12
2009-11-16 21:51 . 2009-11-16 21:51 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-11-16 21:51 . 2009-11-16 21:51 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-11-16 21:51 . 2009-11-16 21:46 -------- d-----w- c:\programdata\Pinnacle
2009-11-16 20:20 . 2009-11-16 20:10 -------- d-----w- c:\users\Ondra\AppData\Roaming\Publish Providers
2009-11-16 20:10 . 2009-11-16 20:10 -------- d-----w- c:\program files\VSTplugins
2009-11-16 20:09 . 2009-11-16 20:09 -------- d-----w- c:\users\Ondra\AppData\Roaming\Sony
2009-11-16 20:05 . 2009-11-16 20:05 -------- d-----w- c:\program files\Sony Setup
2009-11-16 02:13 . 2009-11-16 02:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 21:24 . 2009-11-12 21:23 -------- d-----w- c:\users\Ondra\AppData\Roaming\Windows Sidebar Styler
2009-11-12 21:21 . 2009-11-12 21:21 -------- d-----w- c:\program files\Stanimir Stoyanov
2009-11-12 06:24 . 2009-11-12 06:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-10 18:13 . 2009-11-10 18:13 -------- d-----w- c:\users\Ondra\AppData\Roaming\atitray
2009-11-10 18:13 . 2009-11-03 18:53 -------- d-----w- c:\program files\Ray Adams
2009-11-10 10:24 . 2009-11-10 10:24 1924440 ----a-w- c:\users\Ondra\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-11-09 18:25 . 2009-11-09 18:25 -------- d-----w- c:\program files\Alwil Software
2009-11-09 18:24 . 2009-11-09 18:24 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-08 23:25 . 2009-11-08 23:25 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-08 23:25 . 2009-11-08 23:25 515832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-08 15:35 . 2009-11-08 15:35 -------- d-----w- c:\users\Ondra\AppData\Roaming\TuneUp Software
2009-11-08 15:33 . 2009-11-08 15:33 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-08 13:57 . 2009-11-08 13:57 -------- d-----w- c:\program files\Codemasters
2009-11-07 13:17 . 2009-11-07 13:17 -------- d-----w- c:\users\Ondra\AppData\Roaming\Nero
2009-11-06 15:09 . 2009-11-06 15:09 -------- d-----w- c:\program files\OpenAL
2009-11-06 14:36 . 2009-11-06 14:36 -------- d-----w- c:\program files\GoldWave
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 09:05 . 2009-11-03 12:52 -------- d-----w- c:\program files\Microsoft Works
2009-11-04 09:11 . 2009-11-04 09:11 -------- d-----w- c:\program files\Ubisoft
2009-11-03 22:36 . 2009-11-02 19:06 -------- d-----w- c:\program files\AMD
2009-11-03 21:54 . 2009-11-03 21:52 -------- d-----w- c:\program files\TmNationsForever
2009-11-03 18:52 . 2009-11-03 18:50 -------- d-----w- c:\program files\ATITool
2009-11-03 16:18 . 2009-11-03 16:18 -------- d-----w- c:\program files\Quick StartUp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest_start.exe" [2009-05-24 334928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-07-04 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2009-11-09 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-03 98304]

c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FSCRecovery"=c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6f,ab,04,69,56,7a,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [9.11.2009 19:25 114768]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [24.10.2009 19:03 19232]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [28.12.2009 0:37 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [9.11.2009 19:25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [9.11.2009 19:25 53328]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [29.9.2009 13:05 95896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26.12.2009 23:27 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7.10.2008 12:30 84240]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18.6.2009 18:48 42480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.11.2009 20:54 721904]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.11.2009 16:28 26736]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [20.11.2009 23:02 13224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [20.11.2009 21:52 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [20.11.2009 21:52 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [20.11.2009 21:52 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s916mgmt.sys [20.11.2009 21:52 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [20.11.2009 21:52 100008]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [7.10.2008 12:32 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-klogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 00:54
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-12-30 00:59:11
ComboFix-quarantined-files.txt 2009-12-29 23:59

Před spuštěním: Volných bajtů: 39 498 829 824
Po spuštění: Volných bajtů: 40 201 752 576

- - End Of File - - 040CB5D9F74A9CC85D35DD7D32CF8B59

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 10:53

Před pokračováním vypni rezidenční štít antiviru (Avast) + antispywaru (Winows Defender, Spybot).

Otevři Poznámkový blok a vlož do něj tento skript (kromě Kód):

Kód: Vybrat vše

File::
c:\users\Ondra\AppData\Local\d3d9caps.dat

Folder::
C:\Program Files\NetSoftware

Ulož na plochu jako CFScript.txt. Pak jej myší přetáhni nad ikonu ComboFix a pusť. CF se spustí a vykoná příkazy ze skriptu.

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 12:45

provedl jsem, zobrazil se tento log

Kód: Vybrat vše

ComboFix 09-12-29.04 - Ondra 30.12.2009  12:29:18.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.420.1029.18.2269.1301 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Ondra\AppData\Local\d3d9caps.dat"
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NetSoftware
c:\program files\NetSoftware\filelist.dat
c:\program files\NetSoftware\gemgecko.dll
c:\program files\NetSoftware\gemius.url
c:\program files\NetSoftware\IEHelper.dll
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\NetSoftware\netsoftware.ini
c:\program files\NetSoftware\netsoftware.new
c:\program files\NetSoftware\nmprivate.key
c:\program files\NetSoftware\nmpublic.key
c:\program files\NetSoftware\nppool.dat
c:\program files\NetSoftware\nppool000.dat
c:\program files\NetSoftware\rmNetsoftware.exe
c:\program files\NetSoftware\Starter.exe
c:\users\Ondra\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((   Soubory vytvořené od 2009-11-28 do 2009-12-30  )))))))))))))))))))))))))))))))
.

2009-12-30 11:35 . 2009-12-30 11:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2009-12-30 11:35 . 2009-12-30 11:35	--------	d-----w-	c:\users\hry\AppData\Local\temp
2009-12-30 11:35 . 2009-12-30 11:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2009-12-30 09:13 . 2009-12-30 09:13	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2009-12-30 09:10 . 2009-12-30 09:10	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2009-12-30 08:30 . 2009-12-30 08:30	--------	d-----w-	c:\program files\Microsoft Security Essentials
2009-12-30 08:29 . 2009-11-24 23:48	23120	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-12-30 08:29 . 2009-11-24 23:49	48560	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-12-30 08:29 . 2009-11-24 23:47	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-12-30 08:29 . 2009-09-15 11:55	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-12-30 08:29 . 2009-09-15 11:55	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-12-30 08:29 . 2009-11-24 23:54	1280480	----a-w-	c:\windows\system32\aswBoot.exe
2009-12-30 08:29 . 2009-09-15 11:55	53328	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2009-12-29 23:59 . 2009-12-30 11:36	--------	d-----w-	c:\users\Ondra\AppData\Local\temp
2009-12-29 23:44 . 2009-12-29 23:44	--------	d-----w-	c:\users\Ondra\AppData\Local\ESET
2009-12-29 08:56 . 2009-12-30 00:23	--------	d-----w-	c:\program files\Euro Truck Simulator
2009-12-29 08:30 . 2009-12-29 08:30	0	----a-w-	c:\windows\nsreg.dat
2009-12-29 08:30 . 2009-12-29 08:30	--------	d-----w-	c:\users\Ondra\AppData\Local\Mozilla
2009-12-28 00:11 . 2009-12-28 00:11	--------	d-----w-	c:\programdata\ATI
2009-12-27 23:57 . 2009-12-27 23:57	10134	----a-r-	c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{E2D60526-A01D-E603-52BC-E541C8640920}\ARPPRODUCTICON.exe
2009-12-27 23:56 . 2009-12-27 23:56	--------	d-----w-	c:\program files\ATI
2009-12-26 22:26 . 2009-12-30 08:23	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-12-26 22:24 . 2009-12-26 22:24	--------	d-----w-	c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24	--------	d-----w-	c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24	--------	d-----w-	c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-26 22:24 . 2009-12-26 22:24	--------	d-----w-	c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-26 22:20 . 2009-12-30 08:21	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-12-26 22:19 . 2009-12-26 22:19	--------	d-----w-	c:\program files\Patrick M. Kolla
2009-12-25 11:59 . 2009-12-25 11:59	--------	d-----w-	c:\program files\Zaparit
2009-12-25 10:18 . 2009-12-25 10:18	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-12-25 10:18 . 2009-12-25 10:18	--------	d-----w-	c:\users\Ondra\SystemRequirementsLab
2009-12-21 23:20 . 2009-12-21 23:20	--------	dc-h--w-	c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-12-21 23:20 . 2009-03-31 13:08	2789480	-c--a-w-	c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe
2009-12-21 22:39 . 2009-12-21 23:19	--------	dc-h--w-	c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-12-21 22:39 . 2008-08-11 11:26	2864992	-c--a-r-	c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe
2009-12-20 17:34 . 2009-12-20 17:34	--------	d-----w-	c:\program files\Common Files\Steam
2009-12-20 17:33 . 2009-12-29 08:00	--------	d-----w-	c:\program files\Steam
2009-12-17 09:41 . 2009-12-17 09:40	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-12-13 15:15 . 2009-12-13 15:15	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Zoner
2009-12-13 15:14 . 2009-12-13 15:14	--------	d-----w-	c:\program files\Zoner
2009-12-11 14:36 . 2009-12-11 14:36	--------	d-----w-	c:\program files\Windows Portable Devices
2009-12-11 14:05 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2009-12-11 14:05 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2009-12-11 14:05 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2009-12-11 14:03 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-11 14:03 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2009-12-11 14:03 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2009-12-11 14:03 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2009-12-11 14:03 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2009-12-11 14:03 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2009-12-11 14:03 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-11 14:03 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2009-12-11 14:03 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-11 14:02 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2009-12-11 14:02 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2009-12-11 14:02 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2009-12-11 09:00 . 2009-12-11 09:01	--------	d-----w-	c:\windows\system32\ca-ES
2009-12-11 09:00 . 2009-12-11 09:00	--------	d-----w-	c:\windows\system32\eu-ES
2009-12-11 09:00 . 2009-12-11 09:00	--------	d-----w-	c:\windows\system32\vi-VN
2009-12-11 03:30 . 2009-04-11 06:28	595456	----a-w-	c:\windows\system32\schedsvc.dll
2009-12-11 03:29 . 2009-04-11 06:28	38400	----a-w-	c:\windows\system32\rtffilt.dll
2009-12-11 03:29 . 2009-04-11 06:28	222720	----a-w-	c:\windows\system32\umpnpmgr.dll
2009-12-11 03:29 . 2009-04-11 06:27	799744	----a-w-	c:\windows\system32\certutil.exe
2009-12-11 03:29 . 2009-04-11 06:28	996352	----a-w-	c:\windows\system32\WMNetMgr.dll
2009-12-11 03:29 . 2009-04-11 06:28	282624	----a-w-	c:\windows\system32\w32time.dll
2009-12-11 03:28 . 2009-04-11 04:42	226304	----a-w-	c:\windows\system32\drivers\usbport.sys
2009-12-11 03:28 . 2009-04-11 06:28	364032	----a-w-	c:\windows\system32\IPSECSVC.DLL
2009-12-11 03:28 . 2009-04-11 06:27	704512	----a-w-	c:\windows\system32\PhotoScreensaver.scr
2009-12-11 03:28 . 2009-04-11 04:15	288768	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-11 03:28 . 2009-04-11 06:28	274432	----a-w-	c:\windows\system32\bcrypt.dll
2009-12-11 03:28 . 2009-04-11 06:28	11776	----a-w-	c:\windows\system32\msshooks.dll
2009-12-11 03:28 . 2009-04-11 06:28	60416	----a-w-	c:\windows\system32\msscntrs.dll
2009-12-11 03:28 . 2009-04-11 06:28	40960	----a-w-	c:\windows\system32\bthserv.dll
2009-12-11 03:27 . 2009-04-11 06:27	241128	----a-w-	c:\windows\system32\rsaenh.dll
2009-12-11 03:27 . 2009-04-11 06:32	527848	----a-w-	c:\windows\system32\drivers\ndis.sys
2009-12-11 03:27 . 2009-04-11 06:28	332800	----a-w-	c:\windows\system32\msihnd.dll
2009-12-11 03:27 . 2009-04-11 06:28	150528	----a-w-	c:\windows\system32\MMDevAPI.dll
2009-12-11 03:27 . 2009-02-18 18:39	35680	----a-w-	c:\windows\system32\TsWpfWrp.exe
2009-12-11 03:27 . 2009-04-11 06:28	43008	----a-w-	c:\windows\system32\msstrc.dll
2009-12-11 03:26 . 2009-04-11 06:28	152576	----a-w-	c:\windows\system32\wbem\wmiprov.dll
2009-12-11 03:26 . 2009-04-11 06:28	738816	----a-w-	c:\windows\system32\inetcomm.dll
2009-12-11 03:26 . 2009-03-30 04:42	93512	----a-w-	c:\windows\system32\dfshim.dll
2009-12-11 03:26 . 2009-04-11 06:28	122368	----a-w-	c:\windows\system32\inetpp.dll
2009-12-11 03:26 . 2009-04-11 06:28	310272	----a-w-	c:\windows\system32\mtxclu.dll
2009-12-11 03:25 . 2009-04-11 06:28	129024	----a-w-	c:\windows\system32\cryptsvc.dll
2009-12-11 03:25 . 2009-04-11 06:28	153088	----a-w-	c:\windows\system32\fundisc.dll
2009-12-11 03:25 . 2009-04-11 06:28	26112	----a-w-	c:\windows\system32\hidserv.dll
2009-12-11 03:25 . 2009-03-30 04:42	80720	----a-w-	c:\windows\system32\mscories.dll
2009-12-11 03:25 . 2009-04-11 06:28	130560	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2009-12-11 03:25 . 2009-04-11 06:28	343040	----a-w-	c:\windows\system32\wmicmiplugin.dll
2009-12-11 03:25 . 2009-04-11 06:28	153088	----a-w-	c:\windows\system32\profsvc.dll
2009-12-11 03:25 . 2009-04-11 06:28	449024	----a-w-	c:\windows\system32\termsrv.dll
2009-12-11 03:24 . 2009-04-11 06:28	107520	----a-w-	c:\windows\system32\imapi.dll
2009-12-11 03:24 . 2009-04-11 06:27	73216	----a-w-	c:\windows\system32\msiexec.exe
2009-12-11 03:23 . 2009-04-11 06:32	125928	----a-w-	c:\windows\system32\drivers\Classpnp.sys
2009-12-11 03:23 . 2009-04-11 06:32	149480	----a-w-	c:\windows\system32\drivers\pci.sys
2009-12-11 03:23 . 2009-04-11 06:28	1020928	----a-w-	c:\windows\system32\wdc.dll
2009-12-11 03:23 . 2009-04-11 06:28	1671680	----a-w-	c:\windows\system32\chsbrkr.dll
2009-12-11 03:23 . 2009-04-11 04:14	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2009-12-11 03:23 . 2009-04-11 06:28	252928	----a-w-	c:\windows\system32\iassdo.dll
2009-12-11 03:22 . 2009-04-11 06:28	1823744	----a-w-	c:\windows\system32\pnidui.dll
2009-12-11 03:22 . 2009-04-11 06:32	53224	----a-w-	c:\windows\system32\drivers\termdd.sys
2009-12-11 03:22 . 2009-04-11 06:28	127488	----a-w-	c:\windows\system32\spoolsv.exe
2009-12-11 03:22 . 2009-02-18 18:38	9048	----a-w-	c:\windows\system32\icardres.dll
2009-12-11 03:22 . 2009-04-11 06:27	636416	----a-w-	c:\windows\system32\autofmt.exe
2009-12-11 03:22 . 2009-04-11 06:32	265688	----a-w-	c:\windows\system32\drivers\acpi.sys
2009-12-11 03:22 . 2009-04-11 06:28	172032	----a-w-	c:\windows\system32\scrrun.dll
2009-12-11 03:22 . 2009-04-11 06:32	35304	----a-w-	c:\windows\system32\drivers\crashdmp.sys
2009-12-11 03:22 . 2009-04-11 06:28	126976	----a-w-	c:\windows\system32\wersvc.dll
2009-12-11 03:21 . 2009-04-11 06:32	50664	----a-w-	c:\windows\system32\PSHED.DLL
2009-12-11 03:21 . 2009-02-18 18:39	92918	----a-w-	c:\windows\system32\slmgr.vbs
2009-12-11 03:21 . 2009-04-11 06:32	122344	----a-w-	c:\windows\system32\drivers\Storport.sys
2009-12-11 03:21 . 2009-04-11 06:32	245736	----a-w-	c:\windows\system32\clfs.sys
2009-12-11 03:21 . 2009-04-11 06:28	242176	----a-w-	c:\windows\system32\pdh.dll
2009-12-11 03:21 . 2009-04-11 06:28	757248	----a-w-	c:\windows\system32\azroles.dll
2009-12-11 03:21 . 2009-04-11 06:28	633856	----a-w-	c:\windows\system32\CertEnrollUI.dll
2009-12-11 03:20 . 2009-04-11 06:32	54248	----a-w-	c:\windows\system32\drivers\partmgr.sys
2009-12-11 03:20 . 2009-04-11 06:28	1107968	----a-w-	c:\windows\system32\pidgenx.dll
2009-12-11 03:20 . 2009-04-11 06:28	867328	----a-w-	c:\windows\system32\wmpmde.dll
2009-12-11 03:20 . 2009-04-11 06:28	314368	----a-w-	c:\windows\system32\winlogon.exe
2009-12-11 03:18 . 2009-04-11 06:32	19944	----a-w-	c:\windows\system32\kdusb.dll
2009-12-11 03:18 . 2009-04-11 06:28	189952	----a-w-	c:\windows\system32\winmm.dll
2009-12-11 03:18 . 2009-04-11 06:28	340992	----a-w-	c:\windows\system32\RelMon.dll
2009-12-11 03:18 . 2009-04-11 04:45	185856	----a-w-	c:\windows\system32\drivers\netbt.sys
2009-12-11 03:18 . 2009-04-11 06:28	612864	----a-w-	c:\windows\system32\rdpencom.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 11:21 . 2008-10-07 10:29	12	----a-w-	c:\windows\bthservsdp.dat
2009-12-30 09:43 . 2009-11-02 16:01	--------	d-----w-	c:\programdata\Microsoft Help
2009-12-30 09:24 . 2008-04-14 13:47	639248	----a-w-	c:\windows\system32\perfh005.dat
2009-12-30 09:24 . 2008-04-14 13:47	135978	----a-w-	c:\windows\system32\perfc005.dat
2009-12-29 23:53 . 2009-11-03 08:21	--------	d-----w-	c:\program files\ICQ6.5
2009-12-29 07:58 . 2009-11-03 08:21	--------	d-----w-	c:\users\Ondra\AppData\Roaming\ICQ
2009-12-28 22:40 . 2009-11-06 15:18	--------	d-----w-	c:\programdata\Codemasters
2009-12-28 00:02 . 2009-11-02 21:14	--------	d-----w-	c:\program files\ATI Technologies
2009-12-27 22:47 . 2009-11-03 05:32	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2009-12-27 22:47 . 2009-11-03 05:32	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2009-12-26 11:35 . 2009-11-03 00:53	--------	d-----w-	c:\users\Ondra\AppData\Roaming\uTorrent
2009-12-26 09:01 . 2008-10-07 11:29	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-25 12:12 . 2009-11-28 10:47	138576	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-12-25 12:11 . 2009-11-28 10:46	215104	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-12-23 14:00 . 2009-11-19 23:25	--------	d-----w-	c:\users\Ondra\AppData\Roaming\AIMP
2009-12-21 22:40 . 2009-11-02 23:47	22328	----a-w-	c:\users\Ondra\AppData\Roaming\PnkBstrK.sys
2009-12-21 22:40 . 2009-11-02 23:47	22328	----a-w-	c:\users\Ondra\AppData\Roaming\PnkBstrK.sys
2009-12-21 22:40 . 2009-11-03 01:11	669184	----a-w-	c:\windows\system32\pbsvc.exe
2009-12-20 17:31 . 2009-11-08 23:02	132648	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-20 17:30 . 2009-11-02 15:12	8224	----a-w-	c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-17 09:40 . 2009-11-02 15:41	--------	d-----w-	c:\program files\Java
2009-12-11 14:36 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-12-11 14:36 . 2009-12-11 14:36	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-12-11 09:01 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-12-11 09:01 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-12-08 15:26 . 2009-11-03 01:09	--------	d-----w-	c:\programdata\Media Center Programs
2009-12-05 12:25 . 2009-11-03 09:12	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-12-04 21:53 . 2009-11-03 21:57	--------	d-----w-	c:\programdata\TrackMania
2009-12-03 17:18 . 2009-11-08 15:35	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2009-12-03 14:25 . 2009-11-08 15:34	--------	d-----w-	c:\programdata\TuneUp Software
2009-11-30 07:51 . 2009-11-30 07:41	--------	d-----w-	c:\program files\Notebook Hardware Control
2009-11-30 00:20 . 2009-11-30 00:20	--------	d-----w-	c:\users\Ondra\AppData\Roaming\ViStart
2009-11-30 00:19 . 2009-11-30 00:19	--------	d-----w-	c:\users\Ondra\AppData\Roaming\ViGlance
2009-11-28 10:46 . 2009-11-28 10:46	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-11-22 22:46 . 2009-11-22 22:46	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Media Player Classic
2009-11-21 06:40 . 2009-12-10 20:39	916480	----a-w-	c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 20:39	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 20:39	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 20:39	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-11-21 00:45 . 2009-11-20 20:52	--------	d-----w-	c:\program files\Sony Ericsson
2009-11-20 22:43 . 2009-11-20 22:43	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-11-20 22:32 . 2009-11-20 22:32	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-11-20 22:15 . 2009-11-20 22:15	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-20 22:02 . 2009-11-20 22:02	25512	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2009-11-20 22:02 . 2009-11-20 22:02	13224	----a-w-	c:\windows\system32\drivers\ggflt.sys
2009-11-20 22:02 . 2009-11-20 22:02	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2009-11-20 20:52 . 2009-11-20 20:52	--------	d-----w-	c:\programdata\Sony Ericsson
2009-11-19 23:25 . 2009-11-02 15:49	--------	d-----w-	c:\program files\AIMP2
2009-11-17 09:17 . 2009-11-08 15:36	29512	----a-w-	c:\windows\system32\TURegOpt.exe
2009-11-17 09:12 . 2009-11-08 15:36	21320	----a-w-	c:\windows\system32\authuitu.dll
2009-11-17 09:12 . 2009-11-08 15:36	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2009-11-16 22:08 . 2009-11-16 22:08	--------	d-----w-	c:\users\Ondra\AppData\Roaming\proDAD
2009-11-16 22:08 . 2009-11-16 22:08	--------	d-----w-	c:\program files\proDAD
2009-11-16 22:08 . 2009-11-16 22:08	--------	d-----w-	c:\program files\LooksBuilderSE
2009-11-16 22:07 . 2009-11-16 22:06	--------	d-----w-	c:\program files\Boris FX, Inc
2009-11-16 22:05 . 2009-11-16 21:51	--------	d-----w-	c:\program files\Pinnacle
2009-11-16 22:03 . 2009-11-16 22:03	29926	----a-r-	c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-11-16 22:03 . 2009-11-16 22:03	--------	d-----w-	c:\program files\Common Files\Pinnacle
2009-11-16 22:02 . 2009-11-16 22:02	--------	d-----w-	c:\programdata\Pinnacle Studio Ultimate
2009-11-16 21:51 . 2009-11-16 21:51	--------	d-----w-	c:\programdata\Studio 12
2009-11-16 21:51 . 2009-11-16 21:51	--------	d-----w-	c:\programdata\Pinnacle Studio Plus
2009-11-16 21:51 . 2009-11-16 21:51	--------	d-----w-	c:\program files\Common Files\Yahoo!
2009-11-16 21:51 . 2009-11-16 21:46	--------	d-----w-	c:\programdata\Pinnacle
2009-11-16 20:20 . 2009-11-16 20:10	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Publish Providers
2009-11-16 20:10 . 2009-11-16 20:10	--------	d-----w-	c:\program files\VSTplugins
2009-11-16 20:09 . 2009-11-16 20:09	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Sony
2009-11-16 20:05 . 2009-11-16 20:05	--------	d-----w-	c:\program files\Sony Setup
2009-11-16 02:13 . 2009-11-16 02:13	216576	----a-w-	c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 21:24 . 2009-11-12 21:23	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Windows Sidebar Styler
2009-11-12 21:21 . 2009-11-12 21:21	--------	d-----w-	c:\program files\Stanimir Stoyanov
2009-11-12 06:24 . 2009-11-12 06:24	94208	----a-w-	c:\windows\system32\RTNUninst32.dll
2009-11-10 18:13 . 2009-11-10 18:13	--------	d-----w-	c:\users\Ondra\AppData\Roaming\atitray
2009-11-10 18:13 . 2009-11-03 18:53	--------	d-----w-	c:\program files\Ray Adams
2009-11-10 10:24 . 2009-11-10 10:24	1924440	----a-w-	c:\users\Ondra\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-11-09 18:25 . 2009-11-09 18:25	--------	d-----w-	c:\program files\Alwil Software
2009-11-08 23:25 . 2009-11-08 23:25	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-08 23:25 . 2009-11-08 23:25	515832	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-08 15:35 . 2009-11-08 15:35	--------	d-----w-	c:\users\Ondra\AppData\Roaming\TuneUp Software
2009-11-08 15:33 . 2009-11-08 15:33	--------	d-sh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-08 13:57 . 2009-11-08 13:57	--------	d-----w-	c:\program files\Codemasters
2009-11-07 13:17 . 2009-11-07 13:17	--------	d-----w-	c:\users\Ondra\AppData\Roaming\Nero
2009-11-06 15:09 . 2009-11-06 15:09	--------	d-----w-	c:\program files\OpenAL
2009-11-06 14:36 . 2009-11-06 14:36	--------	d-----w-	c:\program files\GoldWave
2009-11-06 09:59 . 2009-11-06 09:59	15406728	----a-w-	c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59	13642888	----a-w-	c:\windows\system32\xlivefnt.dll
2009-11-05 09:05 . 2009-11-03 12:52	--------	d-----w-	c:\program files\Microsoft Works
2009-11-04 09:11 . 2009-11-04 09:11	--------	d-----w-	c:\program files\Ubisoft
2009-11-03 22:36 . 2009-11-02 19:06	--------	d-----w-	c:\program files\AMD
2009-11-03 21:54 . 2009-11-03 21:52	--------	d-----w-	c:\program files\TmNationsForever
2009-11-03 18:52 . 2009-11-03 18:50	--------	d-----w-	c:\program files\ATITool
2009-11-03 16:18 . 2009-11-03 16:18	--------	d-----w-	c:\program files\Quick StartUp
2009-11-03 16:17 . 2009-11-02 15:05	--------	d-----w-	c:\program files\Picasa2
2009-11-03 15:49 . 2009-11-03 15:49	--------	d-----w-	c:\program files\GamePark
2009-11-03 12:52 . 2006-11-02 12:37	--------	d-----w-	c:\program files\MSBuild
2009-11-03 12:51 . 2009-11-03 12:51	--------	d-----w-	c:\program files\Microsoft.NET
2009-12-30 00:07 . 2009-12-30 00:07	61440	----a-w-	c:\program files\mozilla firefox\components\gemgecko.dll
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest_start.exe" [2009-05-24 334928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-07-04 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-03 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FSCRecovery"=c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6f,ab,04,69,56,7a,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [30.12.2009 9:29 114768]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [24.10.2009 19:03 19232]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [28.12.2009 0:37 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [30.12.2009 9:29 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [30.12.2009 9:29 53328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.11.2009 16:28 26736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7.10.2008 12:30 84240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.11.2009 20:54 721904]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [20.11.2009 23:02 13224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18.6.2009 18:48 42480]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [20.11.2009 21:52 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [20.11.2009 21:52 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [20.11.2009 21:52 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s916mgmt.sys [20.11.2009 21:52 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [20.11.2009 21:52 100008]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [7.10.2008 12:32 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NetSoftware - c:\program files\NetSoftware\Starter.exe
AddRemove-NetSoftware - c:\program files\NetSoftware\rmNetSoftware.exe



**************************************************************************
skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-12-30  12:39:09
ComboFix-quarantined-files.txt  2009-12-30 11:39
ComboFix2.txt  2009-12-29 23:59

Před spuštěním: Volných bajtů: 38 141 263 872
Po spuštění: Volných bajtů: 38 099 386 368

- - End Of File - - 538407E91B02222E14BC07B94915ADC7

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 12:52

Již je log v pořádku. A Netsoftware jsi tam nainstalovaný měl, protože přes mnou psaný skript jej ComboFix právě smazal

Ještě vlož aktuální log z HijackThis.

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 12:56

Tady je log z HijackThis

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:51, on 30.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ondra\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest_start.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7328 bytes

už je vše v pořádku?

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 13:15

Fixni (označ čtevreček vedle řádku a klikni na Fix it)

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll (file missing)
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll

Jsou to jen zbytečnosti. Jinak vše v pořádku. Nyní zkus přeinstalovat antivir a znovu zkus stahování.

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 13:26

antivir jsem už přeinstaloval...vadí to nebo to mám udělat ještě jednou?

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 13:27

Nene neva, znovu to již nedělej. A stahování stále nefunguje?

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 13:34

teď jsem stahoval 5 dílů mashe a všechny se postahovaly v pohodě. Díky moc, jsem ti moc vděčný

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 13:35

Nemáš zač, ale ohledně problému s antivirem poděkuj Zombuxovi

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 13:47

tak tímto děkuji i Zombuxovi za vyřešení mého problému, jsem rád, že jsou tu lidi, kteří ví co dělají a dokáží pomoct

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 13:53

No jo, tak sice tu všichni radí ve volném čase, ale já tu jsem rád a něco se i přiučím. A příště mě problém, že to blokuje antivir, snad napadne už samotného

Tak přeji hezký Nový rok

freEDelL · Příspěvek od **freEDelL** » stř 30. pro 2009, 13:57

taky jsem se něco přiučil, jen by mě ještě zajímalo, co přesně ten netsoftware znamená? je to taky nějaká havěť či co? Jinak také přeji šťastný nový rok

//EDIT: a ještě bych měl dotaz, zda onen netsoftware mohl být příčinou grafických problémů ve hře racedriver GRID?.

jan.svoboda · Příspěvek od **jan.svoboda** » stř 30. pro 2009, 14:18

Dotazy rád odpovím, pokud vím, takže co tě zajímá, ptej se

NetSoftware... no víceméně je to společnost. Dle Googlu má pár svejch produktů na PC. Avšak se bude jednat ne přímo o viry apod., ale o spyware, adware, otravný software apod. Tak teoreticky příčinou garfických problém by i být mohl, avšak se mi to zas tak nezdá... To předtím byli nějaké problémy a teďkon funguje v pohodě? Ikdyž kromě NetSoftware problémy mohla způsobovat havěť, kterou ComboFix sám smazal (o které ví, že je špatná).
Např:

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3433778454-1113714331-1554994461-500
c:\$recycle.bin\S-1-5-21-948171023-2604957255-2144845928-1004
c:\$recycle.bin\S-1-5-21-948171023-2604957255-2144845928-1005
c:\program files\ICQ6.5\ICQLRun.exe
C:\test.txt

problémy se stahováním

problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním

Re: problémy se stahováním