Stále se mi otevírají reklamní okna,na různé hry,travian atd

[votrok3]

Při surfování na netu,cca každý tři minutky se otevře nějaký okno,různé hry,facebook atd.
RSIT,díky za kontrolu a radu,je to fakt otravný.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pepa at 2009-08-04 19:40:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (36%) free of 100 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:22, on 4.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\RSIT.exe
C:\Program Files\trend micro\Pepa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.icq.com/online/online2/mah ... uncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{710120A8-A4C6-4A10-9123-D67457242280}: NameServer = 90.183.241.6,90.183.241.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8095 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll [2009-07-09 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll [2009-08-04 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL [2009-08-04 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-20 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-18 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll [2009-08-04 372592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-29 81920]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-06-09 278528]
"ClocX"=C:\Program Files\ClocX\ClocX.exe [2007-07-26 270336]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\HDDHealth.exe -wl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSoftware]
C:\Program Files\NetSoftware\Starter.exe [2008-10-30 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-09-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
C:\Program Files\Vyčistit Počítač\UUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\EA Sports\NHL08\nhl2008.exe"="C:\Program Files\EA Sports\NHL08\nhl2008.exe:*:Disabled:nhl2008"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Golden Land\GoldenLand.exe"="C:\Program Files\Golden Land\GoldenLand.exe:*:Enabled:GoldenLand"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\World of Padman\wop.exe"="C:\World of Padman\wop.exe:*:Enabled:wop"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-04 19:40:57 ----D---- C:\Program Files\trend micro
2009-08-04 19:40:55 ----D---- C:\rsit
2009-08-04 19:16:02 ----A---- C:\lop.txt
2009-08-04 17:38:48 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-04 17:38:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-04 17:38:29 ----D---- C:\WINDOWS\LastGood
2009-08-04 17:38:28 ----D---- C:\Program Files\Symantec
2009-08-04 17:38:28 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-04 17:38:28 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-08-04 17:38:08 ----D---- C:\Program Files\Windows Sidebar
2009-08-04 17:38:08 ----D---- C:\Program Files\Norton 360
2009-08-04 17:38:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2009-08-04 17:38:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2009-08-04 17:35:42 ----D---- C:\Program Files\NortonInstaller
2009-08-04 17:35:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2009-08-04 14:56:59 ----D---- C:\Program Files\Windows Defender
2009-08-04 12:32:13 ----D---- C:\Program Files\Windows Live Safety Center
2009-07-31 15:50:21 ----D---- C:\Program Files\Media Access Startup
2009-07-31 15:50:12 ----D---- C:\Program Files\Internet Saving Optimizer
2009-07-31 15:50:00 ----D---- C:\Program Files\DoubleD
2009-07-29 07:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-25 19:33:01 ----D---- C:\Program Files\ICQ6.5
2009-07-23 10:29:41 ----A---- C:\WINDOWS\Disney.ini
2009-07-23 10:29:10 ----R---- C:\WINDOWS\system32\Winstr.dll
2009-07-23 10:29:10 ----R---- C:\WINDOWS\system32\Winsdec.dll
2009-07-23 10:29:10 ----R---- C:\WINDOWS\system32\Winplay.dll
2009-07-23 10:29:10 ----R---- C:\WINDOWS\system32\EDEC.DLL
2009-07-23 10:29:10 ----R---- C:\WINDOWS\system32\DEC130.DLL
2009-07-23 10:28:34 ----D---- C:\Program Files\Disney Interactive
2009-07-23 09:38:59 ----D---- C:\WINDOWS\AM
2009-07-23 09:38:03 ----D---- C:\Program Files\Pepa Chytrouš
2009-07-23 09:35:18 ----D---- C:\Program Files\KSB
2009-07-15 08:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 08:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 08:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-04 19:40:57 ----RD---- C:\Program Files
2009-08-04 19:40:57 ----D---- C:\WINDOWS\Temp
2009-08-04 19:35:40 ----SD---- C:\WINDOWS\Tasks
2009-08-04 19:28:34 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 19:16:05 ----D---- C:\WINDOWS\Prefetch
2009-08-04 18:19:38 ----SHD---- C:\System Volume Information
2009-08-04 18:19:38 ----D---- C:\WINDOWS\system32\Restore
2009-08-04 17:39:35 ----SHD---- C:\WINDOWS\Installer
2009-08-04 17:39:35 ----HD---- C:\Config.Msi
2009-08-04 17:38:48 ----HD---- C:\WINDOWS\inf
2009-08-04 17:38:48 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 17:38:48 ----D---- C:\WINDOWS\system32
2009-08-04 17:38:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-04 17:38:29 ----D---- C:\WINDOWS
2009-08-04 17:38:28 ----D---- C:\Program Files\Common Files
2009-08-04 17:38:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 17:36:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 15:54:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-04 14:56:59 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-08-04 14:47:51 ----D---- C:\Program Files\Vyčistit Počítač
2009-08-04 14:36:36 ----D---- C:\Documents and Settings\Pepa\Data aplikací\Skype
2009-08-04 14:27:22 ----D---- C:\Program Files\DAEMON Tools
2009-08-04 12:32:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-04 12:28:54 ----D---- C:\Documents and Settings\Pepa\Data aplikací\skypePM
2009-08-02 19:32:40 ----D---- C:\WinFast WorkArea
2009-08-02 15:32:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-02 11:40:25 ----D---- C:\Program Files\Bonzo - Útěk z Olympu
2009-07-31 17:12:34 ----D---- C:\Program Files\Centauri
2009-07-31 16:00:28 ----A---- C:\WINDOWS\system.ini
2009-07-31 15:50:26 ----A---- C:\WINDOWS\win.ini
2009-07-29 07:26:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 07:26:36 ----D---- C:\WINDOWS\WinSxS
2009-07-29 06:31:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-26 07:25:46 ----D---- C:\Program Files\ICQ6Toolbar
2009-07-25 19:34:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-07-25 19:33:33 ----D---- C:\Program Files\ICQ6
2009-07-23 10:29:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-18 19:11:38 ----D---- C:\Program Files\Cenega Czech
2009-07-18 18:05:23 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 18:05:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 08:12:56 ----A---- C:\WINDOWS\imsins.BAK
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SRTSPX.SYS []
R1 SYMTDI;Symantec Network Dispatch Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SYMTDI.SYS []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2005-06-07 193792]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2005-06-07 9600]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2005-06-07 33536]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090804.003\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-20 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SRTSP;Symantec Real Time Storage Protection; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SRTSP.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-04 36400]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 aqnu88n5;aqnu88n5; C:\WINDOWS\system32\drivers\aqnu88n5.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMFW;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SYMFW.SYS []
S3 SYMIDS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SYMIDS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-04 36400]
S3 SYMNDIS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.086\SYMNDIS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [2009-08-04 115560]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-29 155716]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-18 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[votrok3]

ComboFix 09-08-04.01 - Pepa 04.08.2009 21:04.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1339 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ Mafia Mod Starter .lnk
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\Installer\14aaa73.msp
c:\windows\Installer\14aaa78.msp
c:\windows\Installer\1620c19.msp
c:\windows\Installer\1620c1a.msp
c:\windows\Installer\1620c1b.msp
c:\windows\Installer\1620c1c.msp
c:\windows\Installer\1620c1d.msp
c:\windows\Installer\1620c1e.msp
c:\windows\Installer\1620c1f.msp
c:\windows\Installer\1620c20.msp
c:\windows\Installer\1620c21.msp
c:\windows\Installer\1648ba2.msp
c:\windows\Installer\1648ba3.msp
c:\windows\Installer\1648ba4.msp
c:\windows\Installer\1648ba5.msp
c:\windows\Installer\1648ba6.msp
c:\windows\Installer\1648ba7.msp
c:\windows\Installer\1648ba8.msp
c:\windows\Installer\1648ba9.msp
c:\windows\Installer\1648baa.msp
c:\windows\Installer\1648bab.msp
c:\windows\Installer\1658d9c.msp
c:\windows\Installer\1658d9d.msp
c:\windows\Installer\1658d9e.msp
c:\windows\Installer\1658d9f.msp
c:\windows\Installer\1658da0.msp
c:\windows\Installer\1658db1.msp
c:\windows\Installer\1658db2.msp
c:\windows\Installer\1658db3.msp
c:\windows\Installer\1658db4.msp
c:\windows\Installer\1658db5.msp
c:\windows\Installer\1658db6.msp
c:\windows\Installer\1658db7.msp
c:\windows\Installer\1b8bc2.msp
c:\windows\Installer\1b8bc7.msp
c:\windows\Installer\1b8bcc.msp
c:\windows\Installer\362669.msp
c:\windows\Installer\3892e9.msp
c:\windows\Installer\4f4fb6.msp
c:\windows\Installer\4f4fbc.msp
c:\windows\Installer\4f4fc2.msp
c:\windows\Installer\791456.msp
c:\windows\Installer\79145b.msp
c:\windows\Installer\7f182.msp
c:\windows\Installer\7f187.msp
c:\windows\Installer\7f18c.msp
c:\windows\Installer\d2ebe9.msp
c:\windows\Installer\d2ebef.msp
c:\windows\Installer\d2ebf5.msp
c:\windows\Installer\f0eeb.msp
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 17:40 . 2009-08-04 17:41 -------- d-----w- c:\program files\trend micro
2009-08-04 17:40 . 2009-08-04 17:41 -------- d-----w- C:\rsit
2009-08-04 15:38 . 2009-01-15 10:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-04 15:38 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-04 15:38 . 2009-08-04 15:38 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-04 15:38 . 2009-08-04 15:38 -------- d-----w- c:\windows\LastGood
2009-08-04 15:38 . 2009-08-04 15:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-04 15:38 . 2009-08-04 15:38 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-04 15:38 . 2009-08-04 15:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-04 15:38 . 2009-08-04 15:38 -------- d-----w- c:\program files\Symantec
2009-08-04 15:38 . 2009-08-04 15:38 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-04 15:38 . 2009-08-04 15:38 -------- d-----w- c:\program files\Norton 360
2009-08-04 15:38 . 2009-08-04 15:38 -------- d-----w- c:\program files\Windows Sidebar
2009-08-04 15:35 . 2009-08-04 15:35 -------- d-----w- c:\program files\NortonInstaller
2009-08-04 12:56 . 2009-08-04 12:57 -------- d-----w- c:\program files\Windows Defender
2009-08-04 10:32 . 2009-08-04 10:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-31 18:10 . 2009-07-31 18:10 -------- d-----w- c:\documents and settings\Pepa\P5JavaClientSettings
2009-07-31 13:50 . 2009-07-31 13:50 -------- d-----w- c:\program files\DoubleD
2009-07-25 17:33 . 2009-07-25 17:35 -------- d-----w- c:\program files\ICQ6.5
2009-07-23 08:29 . 2000-05-03 08:17 98816 ------r- c:\windows\system32\DEC130.DLL
2009-07-23 08:29 . 2000-05-03 08:17 96768 ------r- c:\windows\system32\Winsdec.dll
2009-07-23 08:29 . 2000-05-03 08:17 80896 ------r- c:\windows\system32\Winstr.dll
2009-07-23 08:29 . 2000-05-03 08:17 60416 ------r- c:\windows\system32\Winplay.dll
2009-07-23 08:29 . 2000-05-03 08:17 117248 ------r- c:\windows\system32\EDEC.DLL
2009-07-23 08:28 . 2009-07-23 08:28 -------- d-----w- c:\program files\Disney Interactive
2009-07-23 07:38 . 2009-07-23 07:38 -------- d-----w- c:\windows\AM
2009-07-23 07:38 . 2009-07-23 07:38 -------- d-----w- c:\program files\Pepa Chytrouš
2009-07-23 07:35 . 2009-07-23 07:35 -------- d-----w- c:\program files\KSB

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 15:38 . 2009-08-04 15:38 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-04 15:38 . 2009-08-04 15:38 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-04 12:47 . 2008-04-03 11:09 -------- d-----w- c:\program files\Vyčistit Počítač
2009-08-04 12:27 . 2009-03-22 06:55 -------- d-----w- c:\program files\DAEMON Tools
2009-08-02 09:40 . 2009-03-15 09:11 -------- d-----w- c:\program files\Bonzo - Útěk z Olympu
2009-07-31 15:12 . 2008-03-01 14:46 -------- d-----w- c:\program files\Centauri
2009-07-26 05:25 . 2008-09-11 16:17 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-25 17:33 . 2008-09-11 16:15 -------- d-----w- c:\program files\ICQ6
2009-07-23 08:29 . 2007-09-23 21:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 17:11 . 2009-01-02 13:46 -------- d-----w- c:\program files\Cenega Czech
2009-07-04 18:41 . 2007-12-24 17:08 -------- d-----w- c:\program files\Ubi Soft
2009-07-02 13:59 . 2009-07-02 13:55 -------- d-----w- c:\program files\Gothic III
2009-06-27 16:44 . 2006-03-02 12:00 79174 ----a-w- c:\windows\system32\perfc005.dat
2009-06-27 16:44 . 2006-03-02 12:00 432332 ----a-w- c:\windows\system32\perfh005.dat
2009-06-26 16:51 . 2006-03-02 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 17:04 . 2008-03-12 15:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2008-10-28 11:18 . 2008-10-28 11:18 2037908 ----a-w- c:\program files\149.rar
2008-10-28 07:45 . 2008-10-28 07:44 1522 ----a-w- c:\program files\sun_debug.txt
2008-10-28 07:44 . 2008-10-28 07:44 21 ----a-w- c:\program files\sun_debug1.txt
2008-10-28 07:44 . 2008-10-28 07:44 1144963 ----a-w- c:\program files\actualearth.exe
2008-10-28 07:43 . 2008-10-28 07:43 1077379 ----a-w- c:\program files\actualearth.zip
2008-10-26 10:40 . 2008-10-26 10:40 589101 ----a-w- c:\program files\actualmoon.exe
2008-10-26 10:39 . 2008-10-26 10:39 521517 ----a-w- c:\program files\actualmoon.zip
2008-05-04 06:48 . 2008-05-04 06:49 1336031 ----a-w- c:\program files\wrar371cz.exe
2007-11-20 20:50 . 2007-11-20 20:50 5452292 ----a-w- c:\program files\DVDFab Platinum 3.0.7.2 - Final.exe
2007-02-21 22:15 . 2008-10-26 10:40 638976 ----a-w- c:\program files\setup_actualmoon1.5.exe
2007-02-20 18:29 . 2008-10-28 07:44 1196032 ----a-w- c:\program files\setup_actualearth1.2.exe
2007-02-20 18:22 . 2008-10-26 10:40 517 ----a-w- c:\program files\file_id.diz
2009-07-30 23:39 . 2009-08-04 14:06 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-30 11:53 . 2008-10-30 11:53 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-06-09 278528]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Sports\\NHL08\\nhl2008.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [4.8.2009 17:38 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [4.8.2009 17:38 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [4.8.2009 17:38 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [4.8.2009 20:29 276344]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.9.2008 18:17 222968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [4.8.2009 17:38 115560]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.6.2005 9:26 193792]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7.6.2005 9:26 9600]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7.6.2005 9:26 33536]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [25.9.2007 8:34 9446]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - BHDRVX86
*NewlyCreated* - CCHP
*NewlyCreated* - ERASERUTILDRV10910
*NewlyCreated* - IDSXPX86
*NewlyCreated* - N360
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - SRTSP
*NewlyCreated* - SRTSPX
*NewlyCreated* - SYMEFA
*NewlyCreated* - SYMEVENT
*NewlyCreated* - SYMFW
*NewlyCreated* - SYMIDS
*NewlyCreated* - SYMNDIS
*NewlyCreated* - SYMTDI
*Deregistered* - EraserUtilDrv10910
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDIS
.
Obsah adresáře 'Naplánované úlohy'

2009-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {710120A8-A4C6-4A10-9123-D67457242280} = 90.183.241.6,90.183.241.2
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mahjong_escape_ancient_china/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Pepa\Data aplikací\Mozilla\Firefox\Profiles\hcs7pkw1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 21:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
Celkový čas: 2009-08-04 21:09
ComboFix-quarantined-files.txt 2009-08-04 19:09

Před spuštěním: Volných bajtů: 37 560 692 736
Po spuštění: Volných bajtů: 37 525 291 008

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
339 --- E O F --- 2009-07-29 05:26

[votrok3]

Díky moc problém vyřešen,fakt max.spokojenost.Ještě jednou dík votrok

[Rudy]

ještě musíme dočistit. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\DoubleD

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[votrok3]

Tak jsem to dočistil,snad to bude v pohodě,akorát se chci ještě zeptat,můžu to použít i v budoucnu,nebo to je nějak nebezpečné?Díky votrok



ComboFix 09-08-04.03 - Pepa 05.08.2009 19:15.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1509 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pepa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pepa\Plocha\CFScript.txt..txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DoubleD

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-05 do 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-04 17:40 . 2009-08-04 17:41 -------- d-----w- c:\program files\trend micro
2009-08-04 17:40 . 2009-08-04 17:41 -------- d-----w- C:\rsit
2009-08-04 15:38 . 2009-08-05 17:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-04 15:38 . 2009-08-05 17:14 -------- d-----w- c:\program files\Norton 360
2009-08-04 15:35 . 2009-08-04 15:35 -------- d-----w- c:\program files\NortonInstaller
2009-08-04 12:56 . 2009-08-04 12:57 -------- d-----w- c:\program files\Windows Defender
2009-08-04 10:32 . 2009-08-04 10:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-31 18:10 . 2009-07-31 18:10 -------- d-----w- c:\documents and settings\Pepa\P5JavaClientSettings
2009-07-25 17:33 . 2009-07-25 17:35 -------- d-----w- c:\program files\ICQ6.5
2009-07-23 08:29 . 2000-05-03 08:17 98816 ------r- c:\windows\system32\DEC130.DLL
2009-07-23 08:29 . 2000-05-03 08:17 96768 ------r- c:\windows\system32\Winsdec.dll
2009-07-23 08:29 . 2000-05-03 08:17 80896 ------r- c:\windows\system32\Winstr.dll
2009-07-23 08:29 . 2000-05-03 08:17 60416 ------r- c:\windows\system32\Winplay.dll
2009-07-23 08:29 . 2000-05-03 08:17 117248 ------r- c:\windows\system32\EDEC.DLL
2009-07-23 08:28 . 2009-07-23 08:28 -------- d-----w- c:\program files\Disney Interactive
2009-07-23 07:38 . 2009-07-23 07:38 -------- d-----w- c:\windows\AM
2009-07-23 07:38 . 2009-07-23 07:38 -------- d-----w- c:\program files\Pepa Chytrouš
2009-07-23 07:35 . 2009-07-23 07:35 -------- d-----w- c:\program files\KSB

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 15:07 . 2009-08-05 15:07 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 15:07 . 2009-08-05 15:07 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 15:07 . 2009-08-05 15:07 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-05 15:07 . 2009-08-05 15:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 14:19 . 2008-12-31 09:27 -------- d-----w- c:\program files\EA GAMES
2009-08-04 12:47 . 2008-04-03 11:09 -------- d-----w- c:\program files\Vyčistit Počítač
2009-08-04 12:27 . 2009-03-22 06:55 -------- d-----w- c:\program files\DAEMON Tools
2009-08-02 09:40 . 2009-03-15 09:11 -------- d-----w- c:\program files\Bonzo - Útěk z Olympu
2009-07-31 15:12 . 2008-03-01 14:46 -------- d-----w- c:\program files\Centauri
2009-07-26 05:25 . 2008-09-11 16:17 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-25 17:33 . 2008-09-11 16:15 -------- d-----w- c:\program files\ICQ6
2009-07-23 08:29 . 2007-09-23 21:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 17:11 . 2009-01-02 13:46 -------- d-----w- c:\program files\Cenega Czech
2009-07-04 18:41 . 2007-12-24 17:08 -------- d-----w- c:\program files\Ubi Soft
2009-07-02 13:59 . 2009-07-02 13:55 -------- d-----w- c:\program files\Gothic III
2009-06-27 16:44 . 2006-03-02 12:00 79174 ----a-w- c:\windows\system32\perfc005.dat
2009-06-27 16:44 . 2006-03-02 12:00 432332 ----a-w- c:\windows\system32\perfh005.dat
2009-06-26 16:51 . 2006-03-02 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 17:04 . 2008-03-12 15:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2008-10-28 11:18 . 2008-10-28 11:18 2037908 ----a-w- c:\program files\149.rar
2008-10-28 07:45 . 2008-10-28 07:44 1522 ----a-w- c:\program files\sun_debug.txt
2008-10-28 07:44 . 2008-10-28 07:44 21 ----a-w- c:\program files\sun_debug1.txt
2008-10-28 07:44 . 2008-10-28 07:44 1144963 ----a-w- c:\program files\actualearth.exe
2008-10-28 07:43 . 2008-10-28 07:43 1077379 ----a-w- c:\program files\actualearth.zip
2008-10-26 10:40 . 2008-10-26 10:40 589101 ----a-w- c:\program files\actualmoon.exe
2008-10-26 10:39 . 2008-10-26 10:39 521517 ----a-w- c:\program files\actualmoon.zip
2008-05-04 06:48 . 2008-05-04 06:49 1336031 ----a-w- c:\program files\wrar371cz.exe
2007-11-20 20:50 . 2007-11-20 20:50 5452292 ----a-w- c:\program files\DVDFab Platinum 3.0.7.2 - Final.exe
2007-02-21 22:15 . 2008-10-26 10:40 638976 ----a-w- c:\program files\setup_actualmoon1.5.exe
2007-02-20 18:29 . 2008-10-28 07:44 1196032 ----a-w- c:\program files\setup_actualearth1.2.exe
2007-02-20 18:22 . 2008-10-26 10:40 517 ----a-w- c:\program files\file_id.diz
2008-10-30 11:53 . 2008-10-30 11:53 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_19.07.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 17:14 . 2009-08-04 15:38 36400 c:\windows\LastGood\system32\DRIVERS\SymIM.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-06-09 278528]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Sports\\NHL08\\nhl2008.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.9.2008 18:17 222968]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [7.6.2005 9:26 193792]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [7.6.2005 9:26 9600]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [7.6.2005 9:26 33536]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [25.9.2007 8:34 9446]
R4 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090730.003\IDSxpx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090730.003\IDSxpx86.sys [?]
R4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0300000.086\SYMEFA.SYS [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - BHDrvx86
*Deregistered* - ccHP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
.
Obsah adresáře 'Naplánované úlohy'

2009-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {710120A8-A4C6-4A10-9123-D67457242280} = 90.183.241.6,90.183.241.2
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.icq.com/online/online2/mahjong_escape_ancient_china/SpinTopGamesLauncher.cab
FF - ProfilePath - c:\documents and settings\Pepa\Data aplikací\Mozilla\Firefox\Profiles\hcs7pkw1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 19:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------


- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-08-05 19:20
ComboFix-quarantined-files.txt 2009-08-05 17:20
ComboFix2.txt 2009-08-04 19:09

Před spuštěním: Volných bajtů: 37 202 640 896
Po spuštění: Volných bajtů: 37 149 736 960

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
235 --- E O F --- 2009-07-29 05:26

[Rudy]

Log již vypadá čistý. ComboFix se obecně nedoporučuje k používání laiky. Používejte buď nainstalovaný antivir, nebo některý příležitostný skener, např. DrWeb CureIt: http://www.freedrweb.com/cureit/ .

[Maniak_92]

Mám stejný problém a program ComboFix mi jej vyřešit nepomohl.
Předem říkám že jsem lajk,co se týče software. Můžete poradit prosím poradit ještě něco?


ComboFix 12-01-13.03 - Administrator 13.01.2012 23:43:53.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2510 [GMT 1:00]
Spuštěný z: d:\dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\aptmp.exe
c:\documents and settings\Administrator\Plocha\Dáreček
c:\documents and settings\Administrator\Plocha\Dáreček
c:\documents and settings\Administrator\WINDOWS
c:\program files\FunWebProducts
c:\program files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}
c:\program files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\chrome\wyeke.jar
c:\program files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}\install.rdf
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\tmp394.tmp
c:\windows\system32\tmp395.tmp
c:\windows\system32\tmpCE2.tmp
c:\windows\system32\tmpCE3.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-13 do 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2011-12-24 10:13 . 2011-12-24 10:13 -------- d-----w- c:\documents and settings\Administrator\temp
2011-12-22 10:59 . 2011-12-28 16:32 -------- d-----w- C:\Hamachi
2011-12-21 18:30 . 2011-12-21 18:30 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-12-21 18:30 . 2011-12-21 18:30 -------- d-----w- c:\program files\Common Files\Steam
2011-12-21 18:30 . 2012-01-13 22:59 -------- d-----w- C:\Steam
2011-12-20 17:26 . 2011-12-20 19:26 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Trine2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 22:18 . 2011-03-04 21:08 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-05 22:17 . 2011-03-20 13:07 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-05 22:17 . 2011-03-04 21:08 270408 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-05 18:59 . 2011-03-04 21:08 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-28 16:35 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-11-28 18:01 . 2010-06-29 16:22 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-11-30 17:59 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-21 16:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-11-30 18:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-11-30 18:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-11-30 18:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-11-30 18:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2009-11-30 18:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2009-11-30 18:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2009-11-30 18:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 05:45 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 06:52 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2009-01-23 09:19 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-01-23 09:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-01-23 09:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-01-23 09:19 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2008-04-14 06:51 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:29 . 2008-04-14 06:51 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2008-04-14 06:51 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 12:58 . 2011-08-05 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-28 05:32 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 06:06 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-23 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 10:12 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-30 39408]
"Steam"="c:\steam\Steam.exe" [2011-12-21 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-8-25 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-8-25 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-8-25 102400]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-29 946176]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"d:\\Star Wars JK II Jedi Outcast\\JediOutcast.exe"=
"d:\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\Hamachi\\hamachi-2-ui.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\FEAR\\FEAR.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"d:\\Warcraft III\\lancraft.exe"=
"d:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Steam\\Steam.exe"=
"c:\\Tunngle\\tnglctrl.exe"=
"c:\\Tunngle\\tunngle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:battle.netu
"23596:TCP"= 23596:TCP:BitComet 23596 TCP
"23596:UDP"= 23596:UDP:BitComet 23596 UDP
"58019:TCP"= 58019:TCP:Pando Media Booster
"58019:UDP"= 58019:UDP:Pando Media Booster
"13219:TCP"= 13219:TCP:BitComet 13219 TCP
"13219:UDP"= 13219:UDP:BitComet 13219 UDP
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4.2.2010 14:00 40464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.12.2010 14:27 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 14:47 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.3.2011 17:00 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.11.2009 19:00 314456]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [7.6.2008 14:54 84752]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/27 12:24];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 11:58 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.11.2009 19:00 20568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\hamachi\hamachi-2.exe -s --> c:\hamachi\hamachi-2.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [22.11.2010 9:50 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [11.1.2011 23:54 94880]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [7.6.2008 14:54 223248]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19.6.2010 18:56 47360]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [3.12.2011 18:50 27136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2010 12:01 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2010 12:01 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [22.11.2010 9:50 15232]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 TunngleService;TunngleService;c:\tunngle\TnglCtrl.exe [3.12.2011 18:50 751464]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-11-22 07:40]
.
2012-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 11:01]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 11:01]
.
2011-06-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2010-09-17 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-09-07 17:44]
.
2010-09-22 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-09-07 17:44]
.
2012-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-484061587-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-484061587-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-01-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-04-29 10:12]
.
2010-10-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-07 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4wdyf96y.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-DreamWorks Interactive: Neverhood - d:\neverhood\setup95.exe
AddRemove-PC Translator - c:\docume~1\ADMINI~1\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 23:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,63,64,fd,6b,ea,b2,4f,84,8e,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,e4,32,5d,c8,3a,c1,4f,8d,7d,3f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,63,64,fd,6b,ea,b2,4f,84,8e,9f,\
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,cc,7a,1e,a2,2c,e0,af,c2,2a,dc,5c,71,4c,03,2a,97,33,a3,f8,6c,f1,8f,
7b,a5,41,6c,f6,96,a9,b1,46,7d,8f,29,40,a0,65,8d,5b,b5,5d,b6,9a,21,5d,f3,1a,\
"??"=hex:44,ca,f5,31,76,2b,31,9c,16,e7,62,1b,a5,52,1d,3c
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:a5,d2,42,1c,80,a5,07,11,f9,58,13,7f,e5,65,ea,26,35,a2,23,bc,5b,
69,f8,50,ca,9e,6c,6b,56,6b,31,aa,2d,5c,58,4f,35,8e,5c,b6,76,c4,3b,06,1f,07,\
"rkeysecu"=hex:45,49,77,30,67,09,ff,79,28,36,66,b6,57,32,17,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\hamachi\hamachi-2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2012-01-14 00:07:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-13 23:07
.
Před spuštěním: Volných bajtů: 18 088 660 992
Po spuštění: Volných bajtů: 18 395 308 032
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - A86F3FC4B1120B4D299F8491F739F631

[motji]

Dobrý večer
Založte si prosím vlastní topic, takto by to bylo nepřehledné.
Děkujeme za pochopení