fast browser search

[mira.m.]

Potřeboval bych pomoc při odstranění Fast browser search. Ve firefoxu po kliknutí na nové okno dojde k otevření stránky fast browser search místo prázdné stránky jak to bylo dříve. Dále byl ve windows v položce přidat odebrat programy program Fast browser search, který nereagoval na pokusy odinstalování. Pomocí Combofixu se ho nějakým zázrakem podařilo odinstalovat ale ve firefoxu zůstalo vše při starém.

LOG:
ComboFix 10-05-10.03 - Kristýna 11.05.2010 12:47:12.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.958.504 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kristýna\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100511-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NavExcel Search Toolbar
c:\program files\NavExcel Search Toolbar\NavExcelBar.dll
c:\program files\NavExcel Search Toolbar\settings.dat
c:\program files\SGPSA
c:\windows\system32\1T76d2EtKoVT.dat
c:\windows\system32\3r3pvjPnRS875D7a.dat
c:\windows\system32\411Ccqg2nQ1.dat
c:\windows\system32\5j3BL.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-04 14:03 . 2010-05-04 14:04 -------- d-----w- c:\program files\OpenTTD
2010-04-26 11:45 . 2010-04-26 11:45 -------- d-----w- c:\program files\Axis Communications
2010-04-26 11:45 . 2010-04-26 11:45 -------- d-----w- c:\program files\Makov kodek

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 14:56 . 2007-05-08 17:40 -------- d-----w- c:\program files\DAEMON Tools
2010-04-17 12:58 . 2009-06-04 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:25 . 2009-01-03 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-12 20:25 . 2008-02-13 10:33 -------- d-----w- c:\program files\ICQToolbar
2010-04-12 20:25 . 2009-12-04 12:19 -------- d-----w- c:\program files\GameSpy Arcade
2010-04-06 17:16 . 2010-04-06 17:16 -------- d-----w- c:\program files\RADVideo
2010-04-06 14:06 . 2009-11-19 08:43 -------- d-----w- c:\program files\QuickTime
2010-04-01 09:46 . 2010-01-29 13:30 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:46 . 2009-06-04 10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-06-04 10:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 05:23 . 2001-10-25 12:00 74516 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 05:23 . 2001-10-25 12:00 401230 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 12:36 . 2010-03-26 12:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-26 12:36 . 2010-03-26 12:36 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-15 17:53 . 2009-06-22 18:41 -------- d-----w- c:\program files\Common Files\Real
2010-03-15 17:53 . 2010-03-15 17:52 -------- d-----w- c:\program files\real
2010-03-15 17:53 . 2010-03-15 17:53 -------- d-----w- c:\program files\Common Files\xing shared
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-24 273200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2006-04-11 176128]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\WINDOWS\\system32\\VTTrayp.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\Sony\\SonicStage\\SSAAD.exe"=
"c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Moravian Instruments\\Control Web 5 CZE\\cw5.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Documents and Settings\\Kristýna\\Dokumenty\\ICQ\\194969369\\ReceivedFiles\\324823895 Dobrmi\\Microsoft Games\\Age of Empires II\\Empires2.exe"=
"c:\\Documents and Settings\\Kristýna\\Dokumenty\\ICQ\\194969369\\ReceivedFiles\\324823895 Dobrmi\\Microsoft Games\\Age of Empires II\\age2_x1.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.5.2009 17:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.5.2009 17:56 20560]
R2 CwIPCSvc;Control Web IPC;c:\program files\Moravian Instruments\Shared\cwsvc.exe [11.2.2008 6:00 69632]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.1.2009 1:00 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2007 22:57 642560]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\KRISTN~1\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\KRISTN~1\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [29.12.2009 16:24 13224]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1303643608-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1303643608-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mondozoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E8ED87DA-0F7E-44DA-902B-2525870DCFAB} = 213.211.45.3,212.96.160.1
FF - ProfilePath - c:\documents and settings\Kristýna\Data aplikací\Mozilla\Firefox\Profiles\r8gs6zhj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 1A03A6}&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-WgaLogon - (no file)
AddRemove-Worms Armageddon Demo - c:\team17\Worms Armageddon Demo\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 12:51
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-1303643608-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-05-11 12:53:06
ComboFix-quarantined-files.txt 2010-05-11 10:53

Před spuštěním: 1 907 232 768
Po spuštění: 2 003 763 200

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8D2FC95962121193EB988F10D848BE05

[cernohous13]

Zdravím,

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
"QuickTime Task"=-

Driver::
cdrmkaun

DDS::
uStart Page = hxxp://seznam.cz/

Firefox::
FF - ProfilePath - c:\documents and settings\Kristýna\Data aplikací\Mozilla\Firefox\Profiles\r8gs6zhj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q=
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... &v=19&tid={7A8C2949-556F-26D8-2D85-CFCA861A03A6}&q=

File::
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1303643608-1801674531-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1303643608-1801674531-1003.job

Udělej ještě scan aktualizovaným MBAM - log mi ukaž.

[mira.m.]

taky zdravím, problém i po combofixu je stejný

log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11.5.2010 14:56:05
mbam-log-2010-05-11 (14-56-05).txt

Typ skenu: Rychlý sken
Skenované objekty: 124700
Uplynulý čas: 6 minuta(y), 48 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[cernohous13]

Potřebuji log ComboFixu po spuštění scriptem

[mira.m.]

ok hned se do toho dám. jinak když ve firefoxu dám about:config, tam si vyfiltruju co se týká toho fast browser search a dám tam všechny položky obnovit na výchozí nastavení, tak se vše upraví jak bylo dříve, ale stačí vypnout a zapnout prohlížeč a vše je zase nastaveno na fast browser search.

[mira.m.]

ComboFix 10-05-10.03 - Kristýna 11.05.2010 14:31:57.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.958.591 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kristýna\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kristýna\Plocha\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100511-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1303643608-1801674531-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1303643608-1801674531-1003.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1303643608-1801674531-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1303643608-1801674531-1003.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRMKAUN
-------\Service_cdrmkaun


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 11:00 . 2010-05-11 11:01 -------- d-----w- c:\windows\LastGood.Tmp
2010-05-04 14:03 . 2010-05-04 14:04 -------- d-----w- c:\program files\OpenTTD
2010-04-26 11:45 . 2010-04-26 11:45 -------- d-----w- c:\program files\Axis Communications
2010-04-26 11:45 . 2010-04-26 11:45 -------- d-----w- c:\program files\Makov kodek

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 14:56 . 2007-05-08 17:40 -------- d-----w- c:\program files\DAEMON Tools
2010-04-17 12:58 . 2009-06-04 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:25 . 2009-01-03 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-12 20:25 . 2008-02-13 10:33 -------- d-----w- c:\program files\ICQToolbar
2010-04-12 20:25 . 2009-12-04 12:19 -------- d-----w- c:\program files\GameSpy Arcade
2010-04-06 17:16 . 2010-04-06 17:16 -------- d-----w- c:\program files\RADVideo
2010-04-06 14:06 . 2009-11-19 08:43 -------- d-----w- c:\program files\QuickTime
2010-04-01 09:46 . 2010-01-29 13:30 -------- d-----w- c:\program files\ICQ7.0
2010-03-29 22:46 . 2009-06-04 10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-06-04 10:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 05:23 . 2001-10-25 12:00 74516 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 05:23 . 2001-10-25 12:00 401230 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 12:36 . 2010-03-26 12:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-26 12:36 . 2010-03-26 12:36 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-15 17:53 . 2009-06-22 18:41 -------- d-----w- c:\program files\Common Files\Real
2010-03-15 17:53 . 2010-03-15 17:52 -------- d-----w- c:\program files\real
2010-03-15 17:53 . 2010-03-15 17:53 -------- d-----w- c:\program files\Common Files\xing shared
.

((((((((((((((((((((((((((((( SnapShot@2010-05-11_10.51.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-11 12:37 . 2010-05-11 12:37 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-05-11 11:00 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-05-11 11:00 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2010-05-11 11:00 . 2008-10-16 13:09 43544 c:\windows\LastGood.Tmp\system32\wups2.dll
+ 2010-05-11 11:00 . 2008-10-16 13:08 34328 c:\windows\LastGood.Tmp\system32\wups.dll
+ 2010-05-11 11:00 . 2008-10-16 13:09 51224 c:\windows\LastGood.Tmp\system32\wuauclt.exe
+ 2010-05-11 11:00 . 2008-10-16 13:09 92696 c:\windows\LastGood.Tmp\system32\cdm.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2007-02-19 10:30 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-02-19 10:30 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-02-19 10:30 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-05-11 11:00 . 2008-10-16 13:13 202776 c:\windows\LastGood.Tmp\system32\wuweb.dll
+ 2010-05-11 11:00 . 2008-10-16 13:12 323608 c:\windows\LastGood.Tmp\system32\wucltui.dll
+ 2010-05-11 11:00 . 2008-10-16 13:12 561688 c:\windows\LastGood.Tmp\system32\wuapi.dll
+ 2007-02-19 10:30 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-02-19 10:30 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-05-11 11:00 . 2008-10-16 13:13 1809944 c:\windows\LastGood.Tmp\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-24 273200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2006-04-11 176128]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\WINDOWS\\system32\\VTTrayp.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\Sony\\SonicStage\\SSAAD.exe"=
"c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Moravian Instruments\\Control Web 5 CZE\\cw5.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Documents and Settings\\Kristýna\\Dokumenty\\ICQ\\194969369\\ReceivedFiles\\324823895 Dobrmi\\Microsoft Games\\Age of Empires II\\Empires2.exe"=
"c:\\Documents and Settings\\Kristýna\\Dokumenty\\ICQ\\194969369\\ReceivedFiles\\324823895 Dobrmi\\Microsoft Games\\Age of Empires II\\age2_x1.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2007 22:57 642560]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.5.2009 17:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.5.2009 17:56 20560]
R2 CwIPCSvc;Control Web IPC;c:\program files\Moravian Instruments\Shared\cwsvc.exe [11.2.2008 6:00 69632]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.1.2009 1:00 246520]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [29.12.2009 16:24 13224]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E8ED87DA-0F7E-44DA-902B-2525870DCFAB} = 213.211.45.3,212.96.160.1
FF - ProfilePath - c:\documents and settings\Kristýna\Data aplikací\Mozilla\Firefox\Profiles\r8gs6zhj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 14:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x86381788]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86381788
\Driver\ACPI -> ACPI.sys @ 0xf7339cb8
\Driver\atapi -> prosync1.sys @ 0xf7a546c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71d7ba0
PacketIndicateHandler -> NDIS.sys @ 0xf71e4b21
SendHandler -> NDIS.sys @ 0xf71c287b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-1303643608-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-05-11 14:42:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-11 12:42
ComboFix2.txt 2010-05-11 10:53

Před spuštěním: 1 653 944 320
Po spuštění: 1 578 950 656

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4495E1024E2D89077E88AAA7D4C31F81

[cernohous13]

ale v logu CF se v údajích o FF už nic takového neukazuje

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC
Až skončíme tak ho tlačítkem "Re-enable" zase zavedeš

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

[mira.m.]

FF v about:config stále píše:
browser.search.defaultenginename: Fast browser search
browser.search.defaulturl: http://www.fastbrowsersearch.com/result ... EF&v=19&q=
keyword.url: http://www.fastbrowsersearch.com/result ... 1A03A6}&q=

změním to na výchozí, ale po kliknutí na nový panel se pořád otevírá fast browser search a po vypnutí a zapnutí prohlížeče je to tam nastavený znova, nechápu kde se to tam pořád bere, to jsem si všimnul že v logu z combofixu už to není.


LOG z defogger:
defogger_disable by jpshortstuff (25.01.10.1)
Log created at 22:40 on 11/05/2010 (Kristýna)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKLM:DAEMON Tools -> Removed

Checking for services/drivers...
Unable to read dtscsi.sys
Unable to read sptd.sys
Unable to read sptd0173.sys
SPTD -> Disabled (Service running -> reboot required)


log z mrb (to co jste tam napsal červeně se mi do konzole nepodařilo dát, konzole jen po spuštění problikne a hned to vyflusne log):
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


-=E.O.F=-

[cernohous13]

http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu (jen ulož ale nespouštěj)
klik na hlavním panelu tlačítko "Start" -> "Spustit..." - do příkazového řádku zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj[/quote]
-------------------------------------------------------------------------

vyhledávací řádek FF

po rozbalení roletky -> "Správce vyhledávacích modulů..."


označit a "Odebrat"

[mira.m.]

jo odebírat ho z vyhledávacího modulu jsem zkoušel ale po vypmnutí a zapnutí FF je tam zpátky (ikdyž odeberu i ostatní vyhledávací moduly tak se tam pak zase objeví všechny)

log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[cernohous13]

log MBR je OK - nebude to virový problém, spíš nastavení

s tím FF musím dát ráno konzultaci - nevím to ho tam vrací

nebo bys musel opsat všechna hesla a FF přeinstalovat

dej mi sem aktuální RSIT a ráno na to koukneme

[mira.m.]

no mám takovej pocit že odinstalování a znova nainstalování už jsem zkoušel a bez výsledku, asi je někde uložený nějaký nastavení který se v tom případě teda neodinstaluje. Už jsem to myslím měl na jednom počítači a po přeinstalování windows a nainstalování FF už to bylo v pohodě. Sice mě to nehorázně vytáčí, když místo domovské stránky mi tam po kliknutí na nový panel naskakuje ten fast browser search, ale reinstalovat kvůli tomu Widle nehodlám

log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Kristýna at 2010-05-12 00:11:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 953 MB (2%) free of 50 GB
Total RAM: 958 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:11:46, on 12.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kristýna\Plocha\RSIT.exe
C:\Program Files\trend micro\Kristýna.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8ED87DA-0F7E-44DA-902B-2525870DCFAB}: NameServer = 213.211.45.3,212.96.160.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Control Web IPC (CwIPCSvc) - Moravian Instruments® - C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7536 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-04-11 176128]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-04-24 273200]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\VTTimer.exe"="C:\WINDOWS\system32\VTTimer.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\VTTrayp.exe"="C:\WINDOWS\system32\VTTrayp.exe:*:Enabled:ENABLE"
"C:\WINDOWS\SOUNDMAN.EXE"="C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ENABLE"
"C:\Program Files\Winamp\winampa.exe"="C:\Program Files\Winamp\winampa.exe:*:Enabled:ENABLE"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
"C:\Program Files\Sony\SonicStage\SSAAD.exe"="C:\Program Files\Sony\SonicStage\SSAAD.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\KB905474\wgasetup.exe"="C:\WINDOWS\system32\KB905474\wgasetup.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Moravian Instruments\Control Web 5 CZE\cw5.exe"="C:\Program Files\Moravian Instruments\Control Web 5 CZE\cw5.exe:*:Enabled:Control Web 5"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Kristýna\Dokumenty\ICQ\194969369\ReceivedFiles\324823895 Dobrmi\Microsoft Games\Age of Empires II\Empires2.exe"="C:\Documents and Settings\Kristýna\Dokumenty\ICQ\194969369\ReceivedFiles\324823895 Dobrmi\Microsoft Games\Age of Empires II\Empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Kristýna\Dokumenty\ICQ\194969369\ReceivedFiles\324823895 Dobrmi\Microsoft Games\Age of Empires II\age2_x1.exe"="C:\Documents and Settings\Kristýna\Dokumenty\ICQ\194969369\ReceivedFiles\324823895 Dobrmi\Microsoft Games\Age of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-05-12 00:11:34 ----D---- C:\rsit
2010-05-11 17:20:27 ----SHD---- C:\RECYCLER
2010-05-11 17:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-05-11 17:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-11 17:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-11 17:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-11 17:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-05-11 17:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-05-11 17:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-11 17:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-11 17:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-11 17:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-11 17:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-11 17:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-11 17:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-11 17:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-11 17:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-11 17:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-11 17:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-11 17:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-11 17:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-05-11 17:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-11 17:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-11 17:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-11 17:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-05-11 17:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-11 17:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-11 17:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-11 17:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-11 17:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-11 17:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-11 17:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-05-11 17:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-11 17:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-11 17:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-11 17:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-05-11 17:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-11 17:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-11 17:08:17 ----D---- C:\WINDOWS\ServicePackFiles
2010-05-11 17:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-05-11 17:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-11 17:07:59 ----D---- C:\WINDOWS\ie8updates
2010-05-11 17:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-05-11 17:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-05-11 17:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-11 17:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-11 17:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-11 17:07:03 ----A---- C:\WINDOWS\imsins.BAK
2010-05-11 17:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-11 14:42:45 ----A---- C:\ComboFix.txt
2010-05-11 13:03:22 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\zip.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\SWSC.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\SWREG.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\sed.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\MBR.exe
2010-05-11 12:44:44 ----A---- C:\WINDOWS\grep.exe
2010-05-11 12:37:30 ----D---- C:\Qoobox
2010-05-11 12:22:04 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-04 16:03:49 ----D---- C:\Program Files\OpenTTD
2010-04-26 13:45:06 ----D---- C:\Program Files\Axis Communications
2010-04-26 13:45:04 ----D---- C:\Program Files\Makov kodek
2010-04-17 14:58:39 ----A---- C:\mbam-error.txt

======List of files/folders modified in the last 1 months======

2010-05-12 00:11:46 ----D---- C:\Program Files\Trend Micro
2010-05-12 00:11:44 ----D---- C:\Documents and Settings\Kristýna\Data aplikací\uTorrent
2010-05-12 00:11:37 ----D---- C:\WINDOWS\Prefetch
2010-05-11 22:44:59 ----D---- C:\WINDOWS\Temp
2010-05-11 22:44:41 ----D---- C:\WINDOWS\system32\ias
2010-05-11 22:41:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-11 17:19:54 ----D---- C:\WINDOWS\Debug
2010-05-11 17:19:21 ----D---- C:\WINDOWS
2010-05-11 17:16:53 ----D---- C:\WINDOWS\system32
2010-05-11 17:16:53 ----D---- C:\WINDOWS\AppPatch
2010-05-11 17:16:53 ----D---- C:\Config.Msi
2010-05-11 17:16:52 ----D---- C:\WINDOWS\system32\Setup
2010-05-11 17:16:52 ----D---- C:\WINDOWS\system32\drivers
2010-05-11 17:15:26 ----HD---- C:\WINDOWS\inf
2010-05-11 17:15:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 17:15:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-11 17:14:30 ----D---- C:\WINDOWS\WinSxS
2010-05-11 17:12:31 ----D---- C:\Program Files\Movie Maker
2010-05-11 17:12:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-11 17:11:02 ----D---- C:\Program Files\Outlook Express
2010-05-11 17:10:15 ----SHD---- C:\WINDOWS\Installer
2010-05-11 17:09:08 ----D---- C:\Program Files\Internet Explorer
2010-05-11 17:05:51 ----D---- C:\Documents and Settings\Kristýna\Data aplikací\ICQ
2010-05-11 14:48:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-11 14:38:21 ----A---- C:\WINDOWS\system.ini
2010-05-11 14:36:24 ----D---- C:\WINDOWS\system32\config
2010-05-11 14:36:10 ----D---- C:\WINDOWS\ERDNT
2010-05-11 14:35:51 ----SD---- C:\WINDOWS\Tasks
2010-05-11 14:34:48 ----D---- C:\Program Files\Common Files
2010-05-11 13:00:17 ----D---- C:\WINDOWS\Help
2010-05-11 12:50:47 ----RD---- C:\Program Files
2010-05-09 15:30:41 ----A---- C:\WINDOWS\winamp.ini
2010-04-27 22:33:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-26 15:58:12 ----A---- C:\WINDOWS\PEV.exe
2010-04-26 12:29:11 ----A---- C:\WINDOWS\win.ini
2010-04-20 22:06:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-17 17:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-04-17 16:56:14 ----D---- C:\Program Files\DAEMON Tools

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-05-08 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-29 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-29 25512]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mbr;mbr; \??\C:\DOCUME~1\KRISTN~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070913.004\symidsco.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-03-09 642560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CwIPCSvc;Control Web IPC; C:\Program Files\Moravian Instruments\Shared\cwsvc.exe [2008-02-11 69632]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-12 153376]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]

-----------------EOF-----------------

[cernohous13]

Jakýsi návod jsem našel tady http://help.fastbrowsersearch.com/

[mira.m.]

jo to jsem zapomněl dodat, to se omlouvám. Ty stránky už jsme dávno procházel a doplněk odinstaloval. Co se týká odinstalování programu pomocí přidat odebrat programy ve Windows, tak po kliknití na odinstalovat jen něco probliklo a vůbec nic se nedělo, tak jsem to zkusil několiktrá a bez výsledku. Proto jsem začal mít obavy aby to nebylo něco škodlivýho a obrátil se na vás. Combofix to smazal, ale v prohlížeči je to nastavené pořád stejně a i po ručních změnách se po restartu FF vše vrací na původní hodnoty.

[cernohous13]

Chlape, ty mi dáváš.

Zkus se zeptat tady: http://forum.mozilla.cz/

Dej mi pak odkaz jak jsi pochodil