T Mobile MMS - vyřešeno

[vklatil]

Kolegovi přišla mailem MMS T mobile a nenapadlo ho nic lepšího než to otevřít. Projel jsem mu PC Nortonem, ale pořád má špatnou grafiku v aplikacích, kterou prý dříve neměl. Mohu poprosit o kontrolu logu?

Díky


ďťżLogfile of random's system information tool 1.09 (written by random/random)
Run by Jiří Černý at 2013-05-29 11:37:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 511 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:24, on 29.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\WINDOWS\STK03N\STK03NM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmup083.bin
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Jiří Černý\Local Settings\Temporary Internet Files\Content.IE5\0RWU55HI\RSIT[1].exe
C:\Program Files\trend micro\Jiří Černý.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\27.0.1453.94\npchrome_frame.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-839522115-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'OstatnĂ­')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: STK03N PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9649539375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {94AFFFCC-6C05-4814-B123-A941105AA77F} (SignedData Class) - https://sepo.army.cz/WebSepo/User/capicom.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\27.0.1453.94\npchrome_frame.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: SluĹžba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SluĹžba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7465 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F175C337-0088-4C0E-9B0B-12B416AD8EF6}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jiří Černý\Data aplikací\Mozilla\Firefox\Profiles\anur92a4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=AdobeÂŽ FlashÂŽ Player 11.7.700.202 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Jiří Černý\Data aplikací\Mozilla\Firefox\Profiles\anur92a4.default\extensions\
toolbar@ask.com
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Jiří Černý\Data aplikací\Mozilla\Firefox\Profiles\anur92a4.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23 72336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25 1520776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
ChromeFrame BHO - C:\Program Files\Google\Chrome\Application\27.0.1453.94\npchrome_frame.dll [2013-05-23 3313616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25 1520776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2013-04-25 1648264]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPQVideo]
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe [2007-05-07 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT\bin\hppusg.exe [2008-05-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT LEDM\bin\hppusg.exe [2009-08-04 30264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-10-30 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolBoxFX\bin\HPTLBXFX.exe [2008-04-02 53248]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
STK03N PNP Monitor.lnk - C:\WINDOWS\STK03N\STK03NM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\explorer.exe"="%windir%\explorer.exe"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\explorer.exe"="%windir%\explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MP42"=mpg4c32.dll
"VIDC.MPG4"=mpg4c32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"MSVideo8"=VfWWDM32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mp43"=mpg4c32.dll

======List of files/folders created in the last 1 month======

2013-05-29 11:37:10 ----D---- C:\Program Files\trend micro
2013-05-29 11:37:09 ----D---- C:\rsit
2013-05-24 13:46:28 ----D---- C:\Program Files\NortonInstaller
2013-05-24 12:28:26 ----D---- C:\Documents and Settings\Jiří Černý\Data aplikací\Mecoleo
2013-05-24 12:28:26 ----D---- C:\Documents and Settings\Jiří Černý\Data aplikací\Alryoz

======List of files/folders modified in the last 1 month======

2013-05-29 11:37:15 ----D---- C:\WINDOWS\Prefetch
2013-05-29 11:37:10 ----RD---- C:\Program Files
2013-05-29 10:46:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-29 10:40:12 ----D---- C:\WINDOWS\system32
2013-05-29 10:36:34 ----D---- C:\WINDOWS\Temp
2013-05-29 10:26:07 ----D---- C:\WINDOWS
2013-05-29 10:16:29 ----D---- C:\WINDOWS\SoftwareDistribution
2013-05-29 10:15:36 ----D---- C:\Program Files\CCleaner
2013-05-29 10:12:32 ----D---- C:\Program Files\Mozilla Firefox
2013-05-29 09:47:17 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-29 09:29:57 ----A---- C:\WINDOWS\hpbafd.ini
2013-05-27 12:12:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-27 12:12:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-05-27 11:35:31 ----D---- C:\Documents and Settings\All Users\Data aplikacĂ­\Norton
2013-05-27 11:35:18 ----SHD---- C:\System Volume Information
2013-05-27 11:35:18 ----D---- C:\Program Files\Common Files
2013-05-27 11:34:14 ----D---- C:\WINDOWS\system32\drivers
2013-05-27 10:19:01 ----A---- C:\WINDOWS\WINCMD.INI
2013-05-24 18:25:57 ----SD---- C:\WINDOWS\Tasks
2013-05-24 18:25:48 ----D---- C:\Documents and Settings\Jiří Černý\Data aplikací\Systweak
2013-05-24 13:47:17 ----D---- C:\Documents and Settings\All Users\Data aplikacĂ­\NortonInstaller
2013-05-24 13:21:39 ----SHD---- C:\WINDOWS\Installer
2013-05-24 13:05:24 ----HD---- C:\Config.Msi
2013-05-24 13:05:24 ----A---- C:\WINDOWS\ODBC.INI
2013-05-24 13:04:54 ----SD---- C:\Documents and Settings\Jiří Černý\Data aplikací\Microsoft
2013-05-24 12:41:43 ----D---- C:\Documents and Settings\Jiří Černý\Data aplikací\Identities
2013-05-24 12:28:10 ----SHD---- C:\Documents and Settings\Jiří Černý\Data aplikací\cbfuwtct
2013-05-23 09:26:16 ----A---- C:\WINDOWS\NeroDigital.ini
2013-05-22 13:01:54 ----D---- C:\Program Files\Ask.com
2013-05-15 11:06:40 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-03 08:13:40 ----D---- C:\Documents and Settings\All Users\Data aplikacĂ­\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 MLPTDR_C;MLPTDR_C; \??\C:\WINDOWS\system32\MLPTDR_C.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-11-03 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-11-03 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-11-03 21568]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;DekodĂŠr Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-11-01 451599]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4usb Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2003-07-21 16800]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPEWSFXBULK;HPEWSFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2010-03-06 17408]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;Cinergy T USB XS; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-09-14 202624]
S3 USB28xxOEM;Cinergy T USB XS Custom Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-09-14 5376]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
R2 hpqddsvc;SluĹžba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2010-04-07 99896]
R2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-04-04 181664]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;SluĹžba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-05 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;SluĹžba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-05 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-06 115168]
S3 WMPNetworkSvc;SluĹžba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Uvidíme, jestli ho zdetekuje.

[vklatil]

Posílám log z Combofixu. Díky.


ComboFix 13-05-30.02 - Jiří Černý 30.05.2013 14:45:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.291 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ji°Ý Lernř\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\msssc.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-30 )))))))))))))))))))))))))))))))
.
.
2013-05-30 08:03 . 2013-05-30 08:03 -------- d-----w- c:\documents and settings\Ostatní\Data aplikací\ZoomBrowser EX
2013-05-30 08:02 . 2013-05-30 08:02 -------- d-----w- c:\documents and settings\Ostatní\Local Settings\Data aplikací\Apple Computer
2013-05-29 09:37 . 2013-05-29 09:37 -------- d-----w- c:\program files\trend micro
2013-05-29 09:37 . 2013-05-29 09:37 -------- d-----w- C:\rsit
2013-05-27 09:09 . 2013-05-27 09:09 -------- d-----w- c:\documents and settings\Ostatní\Local Settings\Data aplikací\Sun
2013-05-24 11:46 . 2013-05-27 09:35 -------- d-----w- c:\program files\NortonInstaller
2013-05-24 10:28 . 2013-05-24 10:39 -------- d-----w- c:\documents and settings\Jiří Černý\Data aplikací\Alryoz
2013-05-24 10:28 . 2013-05-24 10:28 -------- d-----w- c:\documents and settings\Jiří Černý\Data aplikací\Mecoleo
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 09:06 . 2012-06-15 11:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 09:06 . 2011-08-01 06:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 03:35 . 2013-04-23 06:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 07:25 . 2012-10-11 08:24 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 07:25 . 2010-04-21 10:08 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-06 02:14 . 2012-10-10 08:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2012-6-26 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2008-05-07 08:38 36864 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]
2009-08-04 16:21 30264 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT LEDM\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-10-29 22:40 245760 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-04-02 10:06 53248 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 09:06]
.
2012-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-05 13:35]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-05 13:35]
.
2013-05-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-04-25 15:36]
.
2013-05-30 c:\windows\Tasks\User_Feed_Synchronization-{F175C337-0088-4C0E-9B0B-12B416AD8EF6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.254 62.44.3.3
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.listicka.cz/toolbar.cab
FF - ProfilePath - c:\documents and settings\Jiří Černý\Data aplikací\Mozilla\Firefox\Profiles\anur92a4.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-HPPQVideo - c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml
AddRemove-SPZ2001 - c:\windows\unin0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-30 15:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-05-30 15:15:29
ComboFix-quarantined-files.txt 2013-05-30 13:15
.
Před spuštěním: 3 831 521 280
Po spuštění: 4 515 704 832
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3098D0BFF5792E7B237D8764F9B81DC2

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte opět na kořenový adresář c:\ jako CFScript.txt. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[vklatil]

Díky moc. Počítač běhá jako nikdy. Jen mám stále problém s grafkou v programech a dále nejde změnit formát datumu - pořád to píše, že zadaná hodnota je neplatná...... Viz příloha. Je to jen v tom profilu co se tam spustil ten vir, ve druhem profilu je to ok.

log z combofixu po vyčištění:

ComboFix 13-05-30.02 - Jiří Černý 31.05.2013 11:16:30.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.283 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-30 13:36 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-30 13:36 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-05-30 08:03 . 2013-05-30 08:03 -------- d-----w- c:\documents and settings\Ostatní\Data aplikací\ZoomBrowser EX
2013-05-30 08:02 . 2013-05-30 08:02 -------- d-----w- c:\documents and settings\Ostatní\Local Settings\Data aplikací\Apple Computer
2013-05-29 09:37 . 2013-05-29 09:37 -------- d-----w- c:\program files\trend micro
2013-05-29 09:37 . 2013-05-29 09:37 -------- d-----w- C:\rsit
2013-05-27 09:09 . 2013-05-27 09:09 -------- d-----w- c:\documents and settings\Ostatní\Local Settings\Data aplikací\Sun
2013-05-24 11:46 . 2013-05-27 09:35 -------- d-----w- c:\program files\NortonInstaller
2013-05-24 10:28 . 2013-05-24 10:39 -------- d-----w- c:\documents and settings\Jiří Černý\Data aplikací\Alryoz
2013-05-24 10:28 . 2013-05-24 10:28 -------- d-----w- c:\documents and settings\Jiří Černý\Data aplikací\Mecoleo
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 09:06 . 2012-06-15 11:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 09:06 . 2011-08-01 06:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2004-08-18 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-23 06:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-19 07:25 . 2012-10-11 08:24 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 07:25 . 2010-04-21 10:08 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-17 15:45 2072192 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-18 12:00 2195584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 02:14 . 2012-10-10 08:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2012-6-26 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2008-05-07 08:38 36864 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]
2009-08-04 16:21 30264 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP UT LEDM\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-10-29 22:40 245760 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-04-02 10:06 53248 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\HPLaserJetService\HPLaserJetService.exe [24.6.2009 11:57 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [9.11.2010 14:51 99896]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [4.9.2002 3:31 19296]
S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [15.8.2011 11:26 9344]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [9.11.2010 14:53 17408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 09:06]
.
2012-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-05 13:35]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-05 13:35]
.
2013-05-31 c:\windows\Tasks\User_Feed_Synchronization-{F175C337-0088-4C0E-9B0B-12B416AD8EF6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.254 62.44.3.3
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.listicka.cz/toolbar.cab
FF - ProfilePath - c:\documents and settings\Jiří Černý\Data aplikací\Mozilla\Firefox\Profiles\anur92a4.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-31 11:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-05-31 11:46:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-31 09:46
ComboFix2.txt 2013-05-30 13:15
.
Před spuštěním: 4 105 203 712
Po spuštění: 4 111 876 096
.
- - End Of File - - D5F082C0BB8F5175356B7B5778C107B9

[Rudy]

Log je již OK. Problém je v tom, že virus nic nedetekuje (alespoň zatím). Ve FF si zkuste pohrát s nastavením (nástroje>možnosti>obsah), ale ten datum bude zřejmě žádat opravu systému z instal. média. Příp. Vytvoření nového profilu, překopírování dokumentů a smazání pův. profilu.