Re: Zavirovaný ntb, zamrzá, nabíhá pomalu
Napsal: 25 led 2010 22:07
tak tady je výpis z druhého skenu. Předpokládám, že mám oba zkusit znovu v nouzáku.
ComboFix 10-01-19.03 - Petr 25.01.2010 21:39:33.16.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1919.1297 [GMT 1:00]
Spuštěný z: c:\anti-rooty\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
file zipped: d:\windows\system32\41011.sys
file zipped: d:\windows\system32\drivers\yxfkfarcdpjo.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\41011.sys
d:\windows\system32\Drivers\yporaormwtcq.sys
d:\windows\system32\Drivers\yxfkfarcdpjo.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_41011
-------\Service_41011
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-24 13:05 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 13:05 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-24 13:05 . 2010-01-24 13:05 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-24 12:50 . 2010-01-24 12:51 -------- d-----w- D:\!KillBox
2010-01-24 02:20 . 2010-01-24 03:04 6176 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2010-01-24 02:20 . 2010-01-24 03:02 92192 --sha-w- d:\windows\system32\drivers\fidbox.dat
2010-01-24 01:53 . 2010-01-25 08:42 -------- d-----w- d:\program files\trend micro
2010-01-24 01:53 . 2010-01-25 08:44 -------- d-----w- D:\rsit
2010-01-23 21:23 . 2010-01-24 00:03 -------- d-----w- d:\documents and settings\Administrator
2010-01-23 10:16 . 2010-01-25 17:11 -------- d-----w- d:\documents and settings\Petr\Pavark
2010-01-22 22:51 . 2010-01-22 22:51 -------- d-----w- d:\program files\Common Files\ParallelGraphics
2010-01-22 22:46 . 2010-01-22 22:46 -------- d-----w- d:\program files\PlotSoft
2010-01-22 22:44 . 2010-01-24 03:42 -------- d-----w- d:\program files\HTTP Debugger Pro
2010-01-21 08:18 . 2007-01-18 12:00 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys
2010-01-20 22:22 . 2010-01-21 01:24 -------- d-----w- d:\program files\Microsoft WSE
2010-01-20 21:55 . 2002-12-17 15:23 33340 ------w- d:\windows\system32\dbmsqlgc.dll
2010-01-20 21:55 . 2002-10-20 13:05 24576 ------w- d:\windows\system32\dbmsgnet.dll
2010-01-20 21:53 . 2010-01-20 21:53 -------- d-----w- d:\program files\Microsoft SQL Server
2010-01-20 21:08 . 2010-01-20 21:08 -------- d-----w- d:\program files\MSXML 4.0
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- d:\program files\Nero
2010-01-11 20:27 . 2002-08-23 12:37 880694 ----a-w- d:\windows\system32\xaradocg.dll
2010-01-11 20:27 . 2002-06-28 08:24 23552 ----a-w- d:\windows\system32\xfontman.dll
2010-01-11 20:27 . 2002-06-28 08:24 139264 ----a-w- d:\windows\system32\BMPImporter.dll
2010-01-11 20:27 . 2002-08-22 15:56 126976 ----a-w- d:\windows\system32\templman.dll
2010-01-11 20:27 . 2002-06-28 08:24 253952 ----a-w- d:\windows\system32\templop.dll
2010-01-04 12:25 . 2010-01-20 20:40 -------- d-----w- d:\program files\Common Files\Ahead
2010-01-03 14:38 . 2010-01-03 14:39 -------- d-----w- d:\program files\Musicnotes
2010-01-03 01:26 . 2010-01-03 01:40 -------- d-----w- d:\program files\Advanced PDF to IMAGE converter
2009-12-28 21:27 . 2009-12-28 21:27 -------- d-----w- d:\program files\Software602
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 16:35 . 2009-09-07 20:43 -------- d-----w- d:\program files\Mozilla Thunderbird
2010-01-24 20:15 . 2006-03-02 12:00 484248 ----a-w- d:\windows\system32\perfh005.dat
2010-01-24 20:15 . 2006-03-02 12:00 105776 ----a-w- d:\windows\system32\perfc005.dat
2010-01-24 02:46 . 2010-01-24 02:20 2624 --sha-w- d:\windows\system32\drivers\fidbox.idx
2010-01-24 02:46 . 2010-01-24 02:20 2312 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2010-01-21 21:44 . 2009-09-13 08:04 -------- d-----w- d:\program files\Autodesk
2010-01-21 21:33 . 2009-09-11 20:11 -------- d-----w- d:\program files\Common Files\Autodesk Shared
2010-01-05 01:30 . 2009-09-11 21:52 -------- d-----w- d:\program files\Defraggler
2009-12-28 02:02 . 2009-09-18 14:17 0 ----a-w- d:\documents and settings\Petr\DATA.DAT
2009-12-27 01:03 . 2009-09-12 22:17 -------- d-----w- d:\program files\Google
2009-12-18 21:25 . 2009-10-28 21:07 -------- d-----w- d:\program files\Western Digital
2009-12-18 09:34 . 2009-12-18 09:34 -------- d-----w- d:\program files\Guitar Pro 5
2009-12-16 02:16 . 2009-12-16 02:16 0 ---ha-w- d:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-16 02:16 . 2009-12-16 02:16 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-16 02:10 . 2009-12-16 02:10 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-16 02:10 . 2009-12-16 02:10 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-16 02:10 . 2009-12-16 02:04 -------- d-----w- d:\program files\Nokia
2009-12-16 02:07 . 2009-12-16 02:06 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-10 12:03 . 2009-09-16 23:16 -------- d-----w- d:\program files\DIFX
2009-12-10 12:03 . 2009-12-10 12:02 -------- d-----w- d:\program files\Software laserové myši Labtec
2009-12-10 12:02 . 2009-09-07 19:40 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-10 12:01 . 2009-12-10 12:01 -------- d-----w- d:\program files\Labtec
2009-12-05 22:47 . 2009-12-05 22:47 -------- d-----w- d:\program files\VisualLightBox
2009-12-05 22:41 . 2009-12-05 22:41 -------- d-----w- d:\program files\Microsoft
2009-12-03 18:55 . 2009-12-03 18:55 -------- d-----w- d:\program files\Any DWF to DWG Converter
2009-11-29 08:57 . 2009-11-29 08:56 -------- d-----w- d:\program files\SunnyDesign
2009-11-29 08:55 . 2009-11-29 08:55 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-11-26 09:00 . 2009-11-12 14:06 171552 ----a-w- d:\windows\system32\guard32.dll
2009-11-26 09:00 . 2009-11-12 13:33 133064 ----a-w- d:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2009-11-23 01:40 1280480 ----a-w- d:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-23 01:41 93424 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-23 01:41 48560 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-23 01:41 23120 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-23 01:41 27408 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-23 01:41 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-18 09:00 . 2009-11-12 13:33 87104 ----a-w- d:\windows\system32\drivers\inspect.sys
2009-11-18 09:00 . 2009-11-12 13:33 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2009-11-12 18:04 . 2009-11-12 13:37 339872 ----a-w- d:\windows\system32\drivers\sfi.dat
2009-11-12 12:10 . 2009-09-07 20:33 278613 ----a-w- d:\windows\system32\acs.exe
2009-10-29 05:26 . 2006-03-02 12:00 668160 ------w- d:\windows\system32\wininet.dll
2009-09-26 21:38 . 2009-09-26 21:38 0 ----a-w- d:\program files\Common Files\dht342126
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="d:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SMSERIAL"="d:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="d:\program files\Atheros\ACU.exe" [2006-07-04 336001]
"ASUS Live Update"="d:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"StatusClient"="d:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="d:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WD Drive Manager"="d:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-05-27 450560]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-07-25 1043968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Nastavenˇ myçi Labtec.lnk - d:\program files\Software laserov‚ myçi Labtec\MulMouse.exe [2009-12-10 352256]
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
0 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"SQLAgent$INVENTORCONTENT"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\Petr\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [22.9.2009 23:26 721904]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [23.11.2009 2:41 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [12.11.2009 14:33 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [12.11.2009 14:33 25160]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;d:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 20:03 660768]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [23.11.2009 2:41 20560]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;d:\windows\system32\StkCSrv.exe [12.9.2009 14:19 24576]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;d:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [27.5.2009 11:38 102400]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5.11.2009 8:44 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 8:58 20480]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;d:\windows\system32\drivers\StkCMini.sys [12.9.2009 14:19 1260672]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [28.10.2009 22:07 11520]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [13.9.2009 13:47 133104]
S3 EC168BDA;TVGo DVB-T02PRO;d:\windows\system32\drivers\EC168BDA.sys [29.10.2009 11:01 67968]
S3 ivusb;Initio Driver for USB Default Controller;d:\windows\system32\DRIVERS\ivusb.sys --> d:\windows\system32\DRIVERS\ivusb.sys [?]
S3 TVICHW32;TVICHW32;d:\windows\system32\drivers\TVICHW32.SYS [20.9.2009 22:43 23600]
S4 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S4 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;d:\flexlm\lmgrd.exe --> d:\flexlm\lmgrd.exe [?]
S4 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-17 d:\windows\Tasks\Defraggler Volume C Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-17 d:\windows\Tasks\Defraggler Volume D Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-09 d:\windows\Tasks\Defraggler Volume G Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-25 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 12:47]
2010-01-25 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 12:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\program files\HTTP Debugger Pro\mfnsp32.dll
FF - ProfilePath - d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\
FF - prefs.js: browser.startup.homepage - http:/atlas.centrum.cz/
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{8d0e0d0f-9635-4811-ab46-1143a114e762}\components\FFExternalAlert.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{8d0e0d0f-9635-4811-ab46-1143a114e762}\components\RadioWMPCore.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: d:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\program files\Musicnotes\npmusicn.dll
FF - plugin: d:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 21:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnh.sys >>UNKNOWN [0x8B556938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba621b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(872)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(928)
d:\program files\HTTP Debugger Pro\mfnsp32.dll
d:\program files\http debugger pro\mfnhks32.dll
- - - - - - - > 'explorer.exe'(1432)
d:\windows\system32\msi.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\HTTP Debugger Pro\mfnsp32.dll
d:\program files\http debugger pro\mfnhks32.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\windows\ATK0100\ATKOSD.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\rundll32.exe
d:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 22:02:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 21:02
ComboFix2.txt 2010-01-25 20:22
ComboFix3.txt 2010-01-25 19:53
ComboFix4.txt 2010-01-25 18:36
ComboFix5.txt 2010-01-25 20:35
ComboFix6.txt 2010-01-25 19:54
ComboFix7.txt 2010-01-25 20:23
Před spuštěním: Volných bajtů: 48 572 260 352
Po spuštění: Volných bajtů: 48 505 303 040
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - DD244B8717B4AD405553246C90F11AD6
ComboFix 10-01-19.03 - Petr 25.01.2010 21:39:33.16.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1919.1297 [GMT 1:00]
Spuštěný z: c:\anti-rooty\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100125-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
file zipped: d:\windows\system32\41011.sys
file zipped: d:\windows\system32\drivers\yxfkfarcdpjo.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\41011.sys
d:\windows\system32\Drivers\yporaormwtcq.sys
d:\windows\system32\Drivers\yxfkfarcdpjo.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_41011
-------\Service_41011
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-24 13:05 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 13:05 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-24 13:05 . 2010-01-24 13:05 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-24 12:50 . 2010-01-24 12:51 -------- d-----w- D:\!KillBox
2010-01-24 02:20 . 2010-01-24 03:04 6176 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2010-01-24 02:20 . 2010-01-24 03:02 92192 --sha-w- d:\windows\system32\drivers\fidbox.dat
2010-01-24 01:53 . 2010-01-25 08:42 -------- d-----w- d:\program files\trend micro
2010-01-24 01:53 . 2010-01-25 08:44 -------- d-----w- D:\rsit
2010-01-23 21:23 . 2010-01-24 00:03 -------- d-----w- d:\documents and settings\Administrator
2010-01-23 10:16 . 2010-01-25 17:11 -------- d-----w- d:\documents and settings\Petr\Pavark
2010-01-22 22:51 . 2010-01-22 22:51 -------- d-----w- d:\program files\Common Files\ParallelGraphics
2010-01-22 22:46 . 2010-01-22 22:46 -------- d-----w- d:\program files\PlotSoft
2010-01-22 22:44 . 2010-01-24 03:42 -------- d-----w- d:\program files\HTTP Debugger Pro
2010-01-21 08:18 . 2007-01-18 12:00 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys
2010-01-20 22:22 . 2010-01-21 01:24 -------- d-----w- d:\program files\Microsoft WSE
2010-01-20 21:55 . 2002-12-17 15:23 33340 ------w- d:\windows\system32\dbmsqlgc.dll
2010-01-20 21:55 . 2002-10-20 13:05 24576 ------w- d:\windows\system32\dbmsgnet.dll
2010-01-20 21:53 . 2010-01-20 21:53 -------- d-----w- d:\program files\Microsoft SQL Server
2010-01-20 21:08 . 2010-01-20 21:08 -------- d-----w- d:\program files\MSXML 4.0
2010-01-20 20:38 . 2010-01-20 20:38 -------- d-----w- d:\program files\Nero
2010-01-11 20:27 . 2002-08-23 12:37 880694 ----a-w- d:\windows\system32\xaradocg.dll
2010-01-11 20:27 . 2002-06-28 08:24 23552 ----a-w- d:\windows\system32\xfontman.dll
2010-01-11 20:27 . 2002-06-28 08:24 139264 ----a-w- d:\windows\system32\BMPImporter.dll
2010-01-11 20:27 . 2002-08-22 15:56 126976 ----a-w- d:\windows\system32\templman.dll
2010-01-11 20:27 . 2002-06-28 08:24 253952 ----a-w- d:\windows\system32\templop.dll
2010-01-04 12:25 . 2010-01-20 20:40 -------- d-----w- d:\program files\Common Files\Ahead
2010-01-03 14:38 . 2010-01-03 14:39 -------- d-----w- d:\program files\Musicnotes
2010-01-03 01:26 . 2010-01-03 01:40 -------- d-----w- d:\program files\Advanced PDF to IMAGE converter
2009-12-28 21:27 . 2009-12-28 21:27 -------- d-----w- d:\program files\Software602
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 16:35 . 2009-09-07 20:43 -------- d-----w- d:\program files\Mozilla Thunderbird
2010-01-24 20:15 . 2006-03-02 12:00 484248 ----a-w- d:\windows\system32\perfh005.dat
2010-01-24 20:15 . 2006-03-02 12:00 105776 ----a-w- d:\windows\system32\perfc005.dat
2010-01-24 02:46 . 2010-01-24 02:20 2624 --sha-w- d:\windows\system32\drivers\fidbox.idx
2010-01-24 02:46 . 2010-01-24 02:20 2312 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2010-01-21 21:44 . 2009-09-13 08:04 -------- d-----w- d:\program files\Autodesk
2010-01-21 21:33 . 2009-09-11 20:11 -------- d-----w- d:\program files\Common Files\Autodesk Shared
2010-01-05 01:30 . 2009-09-11 21:52 -------- d-----w- d:\program files\Defraggler
2009-12-28 02:02 . 2009-09-18 14:17 0 ----a-w- d:\documents and settings\Petr\DATA.DAT
2009-12-27 01:03 . 2009-09-12 22:17 -------- d-----w- d:\program files\Google
2009-12-18 21:25 . 2009-10-28 21:07 -------- d-----w- d:\program files\Western Digital
2009-12-18 09:34 . 2009-12-18 09:34 -------- d-----w- d:\program files\Guitar Pro 5
2009-12-16 02:16 . 2009-12-16 02:16 0 ---ha-w- d:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-16 02:16 . 2009-12-16 02:16 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-16 02:10 . 2009-12-16 02:10 -------- d-----w- d:\program files\Common Files\PCSuite
2009-12-16 02:10 . 2009-12-16 02:10 -------- d-----w- d:\program files\Common Files\Nokia
2009-12-16 02:10 . 2009-12-16 02:04 -------- d-----w- d:\program files\Nokia
2009-12-16 02:07 . 2009-12-16 02:06 -------- d-----w- d:\program files\PC Connectivity Solution
2009-12-10 12:03 . 2009-09-16 23:16 -------- d-----w- d:\program files\DIFX
2009-12-10 12:03 . 2009-12-10 12:02 -------- d-----w- d:\program files\Software laserové myši Labtec
2009-12-10 12:02 . 2009-09-07 19:40 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-10 12:01 . 2009-12-10 12:01 -------- d-----w- d:\program files\Labtec
2009-12-05 22:47 . 2009-12-05 22:47 -------- d-----w- d:\program files\VisualLightBox
2009-12-05 22:41 . 2009-12-05 22:41 -------- d-----w- d:\program files\Microsoft
2009-12-03 18:55 . 2009-12-03 18:55 -------- d-----w- d:\program files\Any DWF to DWG Converter
2009-11-29 08:57 . 2009-11-29 08:56 -------- d-----w- d:\program files\SunnyDesign
2009-11-29 08:55 . 2009-11-29 08:55 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-11-26 09:00 . 2009-11-12 14:06 171552 ----a-w- d:\windows\system32\guard32.dll
2009-11-26 09:00 . 2009-11-12 13:33 133064 ----a-w- d:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2009-11-23 01:40 1280480 ----a-w- d:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-23 01:41 93424 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-23 01:41 48560 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-23 01:41 23120 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-23 01:41 27408 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-23 01:41 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-18 09:00 . 2009-11-12 13:33 87104 ----a-w- d:\windows\system32\drivers\inspect.sys
2009-11-18 09:00 . 2009-11-12 13:33 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2009-11-12 18:04 . 2009-11-12 13:37 339872 ----a-w- d:\windows\system32\drivers\sfi.dat
2009-11-12 12:10 . 2009-09-07 20:33 278613 ----a-w- d:\windows\system32\acs.exe
2009-10-29 05:26 . 2006-03-02 12:00 668160 ------w- d:\windows\system32\wininet.dll
2009-09-26 21:38 . 2009-09-26 21:38 0 ----a-w- d:\program files\Common Files\dht342126
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="d:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SMSERIAL"="d:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ACU"="d:\program files\Atheros\ACU.exe" [2006-07-04 336001]
"ASUS Live Update"="d:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"StatusClient"="d:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="d:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WD Drive Manager"="d:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-05-27 450560]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-07-25 1043968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Nastavenˇ myçi Labtec.lnk - d:\program files\Software laserov‚ myçi Labtec\MulMouse.exe [2009-12-10 352256]
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
0 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"SQLAgent$INVENTORCONTENT"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\Petr\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [22.9.2009 23:26 721904]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [23.11.2009 2:41 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [12.11.2009 14:33 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [12.11.2009 14:33 25160]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;d:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 20:03 660768]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [23.11.2009 2:41 20560]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;d:\windows\system32\StkCSrv.exe [12.9.2009 14:19 24576]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;d:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [27.5.2009 11:38 102400]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5.11.2009 8:44 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 8:58 20480]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;d:\windows\system32\drivers\StkCMini.sys [12.9.2009 14:19 1260672]
R3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [28.10.2009 22:07 11520]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [13.9.2009 13:47 133104]
S3 EC168BDA;TVGo DVB-T02PRO;d:\windows\system32\drivers\EC168BDA.sys [29.10.2009 11:01 67968]
S3 ivusb;Initio Driver for USB Default Controller;d:\windows\system32\DRIVERS\ivusb.sys --> d:\windows\system32\DRIVERS\ivusb.sys [?]
S3 TVICHW32;TVICHW32;d:\windows\system32\drivers\TVICHW32.SYS [20.9.2009 22:43 23600]
S4 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S4 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;d:\flexlm\lmgrd.exe --> d:\flexlm\lmgrd.exe [?]
S4 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> d:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-17 d:\windows\Tasks\Defraggler Volume C Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-17 d:\windows\Tasks\Defraggler Volume D Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-09 d:\windows\Tasks\Defraggler Volume G Task.job
- d:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-01-25 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 12:47]
2010-01-25 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 12:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = ;*.local;<local>
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\program files\HTTP Debugger Pro\mfnsp32.dll
FF - ProfilePath - d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\
FF - prefs.js: browser.startup.homepage - http:/atlas.centrum.cz/
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{8d0e0d0f-9635-4811-ab46-1143a114e762}\components\FFExternalAlert.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{8d0e0d0f-9635-4811-ab46-1143a114e762}\components\RadioWMPCore.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
FF - component: d:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\rzshkbnd.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: d:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\program files\Musicnotes\npmusicn.dll
FF - plugin: d:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 21:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnh.sys >>UNKNOWN [0x8B556938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba621b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(872)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(928)
d:\program files\HTTP Debugger Pro\mfnsp32.dll
d:\program files\http debugger pro\mfnhks32.dll
- - - - - - - > 'explorer.exe'(1432)
d:\windows\system32\msi.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\HTTP Debugger Pro\mfnsp32.dll
d:\program files\http debugger pro\mfnhks32.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\windows\ATK0100\ATKOSD.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\rundll32.exe
d:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
d:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 22:02:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 21:02
ComboFix2.txt 2010-01-25 20:22
ComboFix3.txt 2010-01-25 19:53
ComboFix4.txt 2010-01-25 18:36
ComboFix5.txt 2010-01-25 20:35
ComboFix6.txt 2010-01-25 19:54
ComboFix7.txt 2010-01-25 20:23
Před spuštěním: Volných bajtů: 48 572 260 352
Po spuštění: Volných bajtů: 48 505 303 040
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - DD244B8717B4AD405553246C90F11AD6
.... každopádně Vám všem moc děkuju.... asi bych skončil v blázinci nebo jako nezaměstnaný.... 
.... teda, krucifix, omezený počet znaků, nikde není napsáno jaké přípony... tak jak sem mám vrazit výpis? ..... v podstatě všechno je v něm O.K. ..... mockrát děkuji za pomoc!!!!!