Re: Zaplňování systémového disku
Napsal: 18 čer 2011 07:50
přidávám nový log z ComboFixu :
ComboFix 11-06-14.03 - mirek 18.06.2011 8:17.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.2047.1691 [GMT 2:00]
Spuštěný z: c:\documents and settings\mirek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mirek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\driver.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-16 15:51 . 2011-06-17 15:18 -------- d-----w- c:\program files\Unlocker
2011-06-15 07:30 . 2011-06-15 07:31 -------- d-----w- c:\program files\trend micro
2011-06-15 07:30 . 2011-06-15 07:31 -------- d-----w- C:\rsit
2011-06-14 14:55 . 2011-06-14 14:55 -------- d-----w- c:\documents and settings\mirek\Application Data\SpaceMonger
2011-06-14 14:55 . 2011-06-14 14:55 -------- d-----w- c:\program files\SpaceMonger
2011-06-08 15:12 . 2011-06-08 15:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-07 18:11 . 2011-06-08 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaAccount
2011-06-07 18:04 . 2011-06-07 18:05 -------- d-----w- c:\documents and settings\mirek\Local Settings\Application Data\Nokia
2011-06-07 17:56 . 2011-06-07 17:56 -------- d-----w- c:\program files\DIFX
2011-06-07 17:56 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-07 17:56 . 2011-06-07 17:56 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-07 17:55 . 2010-12-02 13:14 113152 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-06-07 17:55 . 2010-12-02 11:36 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-06-07 12:52 . 2011-06-08 17:46 -------- d-----w- c:\windows\system32\LogFiles
2011-06-07 12:52 . 2011-06-08 10:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-07 12:47 . 2011-06-07 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:38 . 2011-05-03 15:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\progra~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-02-17 693528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.6.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^mirek^Start Menu^Programs^Startup^up.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-03-04 03:02 1454080 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2007-01-17 15:01 496640 -c----w- c:\program files\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 -c--a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
2005-06-03 14:34 1089536 -c--a-w- c:\program files\MagicRotation\MagicPvt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 11:19 69632 ----a-w- d:\programy\Canon\Omni Page\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2004-12-28 08:35 2060288 ----a-w- c:\program files\RivaTuner v2.0 RC 15.3 New Year Edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20 77824 -c--a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 22:14 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\PROGRAMY\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2005 0:43 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2005 0:43 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 18:48 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2008 8:31 301528]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [30.5.2006 21:48 9728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 8:31 19544]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10.5.2011 21:52 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10.5.2011 21:52 8456]
S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\Drivers\irimager.sys --> c:\windows\system32\Drivers\irimager.sys [?]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\Core Center\NTGLM7X.sys --> c:\program files\MSI\Core Center\NTGLM7X.sys [?]
S3 RivaTunerEx;RivaTunerEx;c:\program files\RivaTuner v2.0 RC 15.3 New Year Edition\RivaTunerEx.sys [28.12.2004 10:35 2560]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
mSearch Bar = res://c:\windows\hbrch.dll/sp.html#90144
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.netopyr.net:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - d:\programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &NeoTrace It!
IE: E&xportovat do aplikace Microsoft Office Excel - d:\msoffi~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{541C8998-DF5F-4CFB-8075-C28060B32032}: NameServer = 62.129.50.20,85.135.32.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\mirek\Application Data\Mozilla\Firefox\Profiles\5t51kabe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 08:27
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2011-06-18 08:41:47
.
Před spuštěním: 3 089 629 184 bytes free
Po spuštění: 3 070 836 736
.
ComboFix 11-06-14.03 - mirek 18.06.2011 8:17.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.2047.1691 [GMT 2:00]
Spuštěný z: c:\documents and settings\mirek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mirek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\driver.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-16 15:51 . 2011-06-17 15:18 -------- d-----w- c:\program files\Unlocker
2011-06-15 07:30 . 2011-06-15 07:31 -------- d-----w- c:\program files\trend micro
2011-06-15 07:30 . 2011-06-15 07:31 -------- d-----w- C:\rsit
2011-06-14 14:55 . 2011-06-14 14:55 -------- d-----w- c:\documents and settings\mirek\Application Data\SpaceMonger
2011-06-14 14:55 . 2011-06-14 14:55 -------- d-----w- c:\program files\SpaceMonger
2011-06-08 15:12 . 2011-06-08 15:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-07 18:11 . 2011-06-08 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaAccount
2011-06-07 18:04 . 2011-06-07 18:05 -------- d-----w- c:\documents and settings\mirek\Local Settings\Application Data\Nokia
2011-06-07 17:56 . 2011-06-07 17:56 -------- d-----w- c:\program files\DIFX
2011-06-07 17:56 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-07 17:56 . 2011-06-07 17:56 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-07 17:55 . 2010-12-02 13:14 113152 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-06-07 17:55 . 2010-12-02 11:36 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-06-07 12:52 . 2011-06-08 17:46 -------- d-----w- c:\windows\system32\LogFiles
2011-06-07 12:52 . 2011-06-08 10:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-07 12:47 . 2011-06-07 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:38 . 2011-05-03 15:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\progra~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-02-17 693528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.6.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^mirek^Start Menu^Programs^Startup^up.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-03-04 03:02 1454080 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2007-01-17 15:01 496640 -c----w- c:\program files\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 -c--a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
2005-06-03 14:34 1089536 -c--a-w- c:\program files\MagicRotation\MagicPvt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 11:19 69632 ----a-w- d:\programy\Canon\Omni Page\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2004-12-28 08:35 2060288 ----a-w- c:\program files\RivaTuner v2.0 RC 15.3 New Year Edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20 77824 -c--a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 22:14 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\PROGRAMY\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2005 0:43 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2005 0:43 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 18:48 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2008 8:31 301528]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [30.5.2006 21:48 9728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 8:31 19544]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10.5.2011 21:52 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10.5.2011 21:52 8456]
S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\Drivers\irimager.sys --> c:\windows\system32\Drivers\irimager.sys [?]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\Core Center\NTGLM7X.sys --> c:\program files\MSI\Core Center\NTGLM7X.sys [?]
S3 RivaTunerEx;RivaTunerEx;c:\program files\RivaTuner v2.0 RC 15.3 New Year Edition\RivaTunerEx.sys [28.12.2004 10:35 2560]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
mSearch Bar = res://c:\windows\hbrch.dll/sp.html#90144
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.netopyr.net:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - d:\programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &NeoTrace It!
IE: E&xportovat do aplikace Microsoft Office Excel - d:\msoffi~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{541C8998-DF5F-4CFB-8075-C28060B32032}: NameServer = 62.129.50.20,85.135.32.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\mirek\Application Data\Mozilla\Firefox\Profiles\5t51kabe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 08:27
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2011-06-18 08:41:47
.
Před spuštěním: 3 089 629 184 bytes free
Po spuštění: 3 070 836 736
.
omlouvám se a posílám nový log
Díky moc za pomoc a trpělivost 
Mirek V.