problem se security tool

[galimatyas]

tomuhle taky moc nerozumim:

Pak ukázal - odoznac (klik na ctverecek):
Oddíly
IAT / EAT
- Neoznacuj:
Zobrazit všechny jedontky jine nez je systémový disk (typický C: \)

- nechapu z toho vubec, co ma byt oznaceno a co ne

[galimatyas]

jo, tak jsem to mel intuitivne dobre

[galimatyas]

jeste to bezi...

[galimatyas]

a muzu to pripadne mezitim vypnout?

[galimatyas]

uz to dojelo, jsi tu jeste..?

[galimatyas]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 22:18:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Klaudie\LOCALS~1\Temp\kxrdqpog.sys


---- System - GMER 1.0.15 ----

SSDT spsf.sys ZwCreateKey [0xF75F10E0]
SSDT spsf.sys ZwEnumerateKey [0xF760ECA2]
SSDT spsf.sys ZwEnumerateValueKey [0xF760F030]
SSDT spsf.sys ZwOpenKey [0xF75F10C0]
SSDT spsf.sys ZwQueryKey [0xF760F108]
SSDT spsf.sys ZwQueryValueKey [0xF760EF88]
SSDT spsf.sys ZwSetValueKey [0xF760F19A]

INT 0x83 ? 84F8CBF8
INT 0xB4 ? 84E3DF00
INT 0xB4 ? 84E3DF00
INT 0xB4 ? 84E3DF00
INT 0xB4 ? 84E3DF00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F8A1F8
Device \FileSystem\Fastfat \FatCdrom 842171F8
Device \Driver\sptd \Device\2555771746 spsf.sys
Device \Driver\sptd \Device\2555771746 spsf.sys
Device \Driver\usbohci \Device\USBPDO-0 84E4F1F8
Device \Driver\usbohci \Device\USBPDO-1 84E4F1F8
Device \Driver\usbehci \Device\USBPDO-2 84DFA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 84F8D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 84F8D1F8
Device \Driver\Cdrom \Device\CdRom0 84C69500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F754DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F754DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F754DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F754DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F754DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 849611F8
Device \Driver\PCI_PNP1746 \Device\0000004b spsf.sys
Device \Driver\PCI_PNP1746 \Device\0000004b spsf.sys
Device \Driver\NetBT \Device\NetbiosSmb 849611F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3C772FCC-4252-4376-A966-589A92CFBFB4} 849611F8
Device \Driver\usbohci \Device\USBFDO-0 84E4F1F8
Device \Driver\usbohci \Device\USBFDO-1 84E4F1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 849421F8
Device \Driver\usbehci \Device\USBFDO-2 84DFA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 849421F8
Device \Driver\Ftdisk \Device\FtControl 84F8D1F8
Device \Driver\axxt2ajr \Device\Scsi\axxt2ajr1 84D6D500
Device \Driver\axxt2ajr \Device\Scsi\axxt2ajr1Port4Path0Target0Lun0 84D6D500
Device \FileSystem\Fastfat \Fat 842171F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 84B5C500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x28 0x32 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF8 0x37 0x01 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xE5 0xC6 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x28 0x32 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF8 0x37 0x01 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xE5 0xC6 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x28 0x32 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF8 0x37 0x01 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xE5 0xC6 0x57 ...

---- EOF - GMER 1.0.15 ----

[galimatyas]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Klaudie at 2010-02-13 08:37:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (10%) free of 20 GB
Total RAM: 446 MB (9% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-30 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 344064]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-30 149280]
"HP Software Update"=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-29 486856]
"ISUSPM"=C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"Google Update"=C:\Documents and Settings\Klaudie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-18 133104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-12 20:40:34 ----A---- C:\ComboFix.txt
2010-02-12 20:09:53 ----A---- C:\WINDOWS\zip.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\SWREG.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\sed.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\PEV.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\MBR.exe
2010-02-12 20:09:53 ----A---- C:\WINDOWS\grep.exe
2010-02-12 20:09:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-12 20:09:52 ----A---- C:\WINDOWS\SWSC.exe
2010-02-12 20:09:36 ----D---- C:\WINDOWS\ERDNT
2010-02-12 20:03:54 ----D---- C:\Qoobox
2010-02-12 19:40:15 ----D---- C:\Program Files\trend micro
2010-02-12 19:40:05 ----D---- C:\rsit
2010-02-12 19:34:32 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-10 10:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 10:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 10:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 10:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 10:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 10:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 10:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 10:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 10:28:39 ----D---- C:\Documents and Settings\Klaudie\Data aplikací\HpUpdate
2010-02-10 10:28:36 ----D---- C:\WINDOWS\Hewlett-Packard
2010-01-22 22:06:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-01-22 22:05:32 ----D---- C:\Documents and Settings\Klaudie\Data aplikací\HP
2010-01-22 22:02:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-22 22:01:26 ----D---- C:\Program Files\Common Files\HP
2010-01-22 22:00:56 ----D---- C:\Program Files\Hewlett-Packard
2010-01-22 22:00:25 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-01-22 21:58:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2010-01-22 21:57:58 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-01-22 21:57:52 ----A---- C:\WINDOWS\system32\hpz3l4v2.dll
2010-01-22 21:56:38 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-01-22 21:56:38 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2010-01-22 21:56:38 ----RA---- C:\WINDOWS\system32\hpotiop4.dll
2010-01-22 21:56:38 ----RA---- C:\WINDOWS\system32\difxapi.dll
2010-01-22 21:56:37 ----RA---- C:\WINDOWS\system32\hpowiax4.dll
2010-01-22 21:51:09 ----D---- C:\Program Files\HP
2010-01-22 21:50:30 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-02-13 08:37:14 ----D---- C:\Program Files
2010-02-13 08:36:53 ----D---- C:\WINDOWS\Temp
2010-02-13 08:36:43 ----D---- C:\WINDOWS\system32\ias
2010-02-13 08:36:29 ----A---- C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
2010-02-13 08:36:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 08:35:51 ----D---- C:\WINDOWS\system32
2010-02-12 23:35:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 23:35:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-02-12 23:23:13 ----SD---- C:\WINDOWS\Tasks
2010-02-12 23:17:58 ----D---- C:\WINDOWS\Prefetch
2010-02-12 20:40:40 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 20:33:27 ----D---- C:\WINDOWS
2010-02-12 20:33:27 ----A---- C:\WINDOWS\system.ini
2010-02-12 20:29:12 ----D---- C:\WINDOWS\system32\config
2010-02-12 20:27:22 ----D---- C:\Program Files\ICQ6.5
2010-02-12 20:25:40 ----D---- C:\WINDOWS\AppPatch
2010-02-12 20:25:33 ----D---- C:\Program Files\Common Files
2010-02-12 18:16:14 ----SHD---- C:\WINDOWS\Installer
2010-02-12 17:30:22 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-10 10:39:47 ----HD---- C:\WINDOWS\inf
2010-02-10 10:39:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 10:38:51 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 10:38:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-04 11:24:13 ----D---- C:\Program Files\Mozilla Firefox
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-22 22:10:10 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:07:51 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2010-01-22 22:04:47 ----A---- C:\WINDOWS\win.ini
2010-01-22 22:03:31 ----D---- C:\WINDOWS\WinSxS
2010-01-22 22:01:12 ----D---- C:\WINDOWS\twain_32
2010-01-22 21:52:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2007-04-09 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2007-04-09 352000]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-29 936960]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-11-29 225792]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-28 101120]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-29 669696]
S3 aeh189jz;aeh189jz; C:\WINDOWS\system32\drivers\aeh189jz.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 LTower;LEGO USB Tower Driver; C:\WINDOWS\System32\Drivers\LTower.sys [2001-04-25 36981]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-30 153376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca3a3067b7956a;Služba Google Update (gupdate1ca3a3067b7956a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[galimatyas]

DDS (Ver_09-12-01.01) - NTFSx86
Run by Klaudie at 18:35:51,31 on so 13.02.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.446.112 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Klaudie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Klaudie\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.centrum.cz/skinit/icq/
uURLSearchHooks: H - No File
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
EB: Starware347: {e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} - c:\program files\starware347\bin\Starware347.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ISUSPM] "c:\documents and settings\all users\data aplikací\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\klaudie\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {3C772FCC-4252-4376-A966-589A92CFBFB4} = 194.228.2.1,212.83.68.130
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\klaudie\dataap~1\mozilla\firefox\profiles\lpgnnmdg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\klaudie\data aplikací\mozilla\firefox\profiles\lpgnnmdg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\klaudie\local settings\data aplikacă­\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-11-29 225792]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S2 gupdate1ca3a3067b7956a;Služba Google Update (gupdate1ca3a3067b7956a);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2008-1-20 36981]

=============== Created Last 30 ================

2010-02-12 19:09:53 98816 ----a-w- c:\windows\sed.exe
2010-02-12 19:09:53 77312 ----a-w- c:\windows\MBR.exe
2010-02-12 19:09:53 261632 ----a-w- c:\windows\PEV.exe
2010-02-12 19:09:53 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 18:40:15 0 d-----w- c:\program files\trend micro
2010-02-10 09:28:39 0 d-----w- c:\docume~1\klaudie\dataap~1\HpUpdate
2010-02-10 09:28:36 0 d-----w- c:\windows\Hewlett-Packard
2010-01-22 21:06:20 0 d-----w- c:\docume~1\alluse~1\dataap~1\WEBREG
2010-01-22 21:01:26 0 d-----w- c:\program files\common files\HP
2010-01-22 21:00:25 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-22 20:58:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-22 20:58:39 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-22 20:57:58 258048 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-22 20:57:52 117760 ----a-w- c:\windows\system32\hpz3l4v2.dll
2010-01-22 20:57:18 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-22 20:56:38 892928 ----a-r- c:\windows\system32\hpotiop4.dll
2010-01-22 20:56:38 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-22 20:56:38 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-22 20:56:38 294912 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-22 20:56:37 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2010-01-22 20:56:36 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-22 20:56:36 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-22 20:51:09 0 d-----w- c:\program files\HP
2010-01-22 20:51:00 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-22 20:51:00 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-22 20:44:09 811 ------w- c:\windows\hpomdl13.dat
2010-01-22 20:44:09 145538 ----a-w- c:\windows\hpoins13.dat

==================== Find3M ====================

2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:26:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-21 19:08:42 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 22:45:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-17 07:42:35 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 13:39:23 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 13:39:23 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11:07 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11:07 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:14:10 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14:09 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09:43 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09:43 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09:42 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09:42 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09:42 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 18:36:45,59 ===============

[galimatyas]

diky moc...

...a co se tyce tech toolbaru - google toolbar by mel byt v pohode nebo ne...?

[galimatyas]

podarilo se mi ten ComboFix znova spustit misto toho odinstalovani - je to problem..? budeme muset neco opakovat?

[galimatyas]

bezi mi ten combofix - muzu to sestrelit, nebo musim cekat az to dobehne..?

[galimatyas]

Omluva, prehlidl sjem otestuj na http://www.virustotal.com soubor c:\program files\starware347\bin\Starware347.dll

Ja neverim zadnemu TB krom adobe a java

Urco spust MBAM, vysledky sem

Za malo...

hlasi mi to, ze ten soubor neexistuje..?!?

[galimatyas]

ComboFix 10-02-11.04 - Klaudie 13.02.2010 20:57:13.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.446.99 [GMT 1:00]
Spuštěný z: c:\documents and settings\Klaudie\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 18:40 . 2010-02-12 18:40 -------- d-----w- c:\program files\trend micro
2010-02-12 18:40 . 2010-02-12 18:40 -------- d-----w- C:\rsit
2010-02-10 09:28 . 2010-02-10 09:28 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-22 21:01 . 2010-01-22 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-01-22 21:00 . 2010-01-22 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-22 21:00 . 2010-01-22 21:00 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-22 20:58 . 2006-12-06 06:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-22 20:58 . 2006-12-06 06:02 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-22 20:57 . 2006-12-15 16:36 258048 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-22 20:57 . 2006-12-29 08:57 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll
2010-01-22 20:57 . 2006-12-29 08:57 117760 ----a-w- c:\windows\system32\hpz3l4v2.dll
2010-01-22 20:57 . 2006-12-06 06:02 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-22 20:56 . 2006-12-06 06:02 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-22 20:56 . 2006-12-06 06:02 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-22 20:56 . 2006-12-06 05:50 294912 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-22 20:56 . 2006-12-06 05:50 892928 ----a-r- c:\windows\system32\hpotiop4.dll
2010-01-22 20:56 . 2006-12-06 05:50 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2010-01-22 20:56 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-22 20:56 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-22 20:51 . 2010-02-10 09:28 -------- d-----w- c:\program files\HP
2010-01-22 20:51 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-22 20:51 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-22 20:44 . 2010-01-22 21:06 145538 ----a-w- c:\windows\hpoins13.dat
2010-01-22 20:44 . 2007-01-22 16:05 811 ------w- c:\windows\hpomdl13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 19:27 . 2009-08-25 13:24 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 16:30 . 2008-02-15 17:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-14 10:12 . 2009-10-04 21:33 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 09:56 . 2010-01-13 09:56 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-13 09:55 . 2010-01-13 09:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-13 09:55 . 2009-10-04 18:15 -------- d-----w- c:\program files\Nokia
2010-01-13 09:51 . 2010-01-13 09:51 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:26 . 2009-12-30 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-30 12:26 . 2007-12-22 11:49 -------- d-----w- c:\program files\Java
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 22:45 . 2009-12-18 22:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-17 07:42 . 2007-04-09 17:03 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 19:05 . 2009-12-16 19:05 -------- d-----w- c:\program files\MSECache
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 13:39 . 2006-03-02 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 13:39 . 2006-03-02 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"ISUSPM"="c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Google Update"="c:\documents and settings\Klaudie\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-09-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"53:UDP"= 53:UDP:Promo

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [29.11.2005 22:50 225792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.1.2008 19:46 715248]
S2 gupdate1ca3a3067b7956a;Služba Google Update (gupdate1ca3a3067b7956a);c:\program files\Google\Update\GoogleUpdate.exe [20.9.2009 21:24 133104]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [20.1.2008 19:47 36981]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:24]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:24]

2010-02-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3C772FCC-4252-4376-A966-589A92CFBFB4} = 194.228.2.1,212.83.68.130
FF - ProfilePath - c:\documents and settings\Klaudie\Data aplikací\Mozilla\Firefox\Profiles\lpgnnmdg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Klaudie\Data aplikací\Mozilla\Firefox\Profiles\lpgnnmdg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 21:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-13 21:07:22
ComboFix-quarantined-files.txt 2010-02-13 20:07
ComboFix2.txt 2010-02-13 19:12
ComboFix3.txt 2010-02-12 19:40

Před spuštěním: 2 058 924 032
Po spuštění: 2 046 672 896

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DFADDE1C3F018E3E916DD8322F13CD6E

[galimatyas]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3734
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.2.2010 22:31:51
mbam-log-2010-02-13 (22-31-32).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118428
Uplynulý čas: 9 minute(s), 29 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 11
Infikované soubory: 38

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\Starware347 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\JokesSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_4 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_5 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_6 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_7 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Pranks (Adware.Starware) -> No action taken.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\Starware347\Tem22B.tmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\672_button_1b_def.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\672_button_1b_over.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\674_button_1b_def.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\674_button_1b_over.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\FindIt.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\FindItHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\findithotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\finditxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\logo.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\logoxp.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\Marketing_Button_40.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\Marketing_Button_50.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\Marketing_Button_60.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\buttons\Marketing_Button_70.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\error.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\Related.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\contexts\Travel.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Starware347\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\JokesSearch\JokesSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\JokesSearch\JokesSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_4\Marketing_Button_4Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_4\Marketing_Button_4Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_5\Marketing_Button_5Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_5\Marketing_Button_5Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_6\Marketing_Button_6Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_6\Marketing_Button_6Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_7\Marketing_Button_7Options.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Marketing_Button_7\Marketing_Button_7Options.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Klaudie\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

[galimatyas]

Nic nebezpecneho nevidim. Jen nektere zbytecnosti napr toolbary

Stahni si na plochu http://sweb.cz/Marinus/T-Cleaner.exe

Stahni si na plochu http://oldtimer.geekstogo.com/TFC.exe i http://oldtimer.geekstogo.com/OTC.exe pouzi.

Chybi Firewall
casto kladene otazky: http://www.viry.cz/forum/viewtopic.php?t=20980
prehled: http://www.viry.cz/forum/viewtopic.php?t=6523

CF uz jsem odinstaloval a spustil ty vyse uvedene, takze to DDS asi budu muset znovu hodit na plochu a pak znova vyse uvedene spustit, je to tak..?