VIRY.CZ

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\syspck32.exe

Driver::
ohvgntx

FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
c:\windows\ServicePackFiles\i386\schedsvc.dll | c:\windows\System32\schedsvc.dll

Uložte na plochu jako CFscript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Log sem, nebo je to vse?

Ano, log bych rád viděl.

Zatim se to tvari, ze se to spravilo. Jinac tady je ten log



ComboFix 10-04-12.06 - Administrator 13.04.2010 16:00:31.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.699 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFscript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


file zipped: c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\syspck32.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\syspck32.exe

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\regsvc.dll --> c:\windows\System32\regsvc.dll
c:\windows\ServicePackFiles\i386\schedsvc.dll --> c:\windows\System32\schedsvc.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OHVGNTX
-------\Service_ohvgntx


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 14:00 . 2008-04-14 03:21 59904 ----a-w- c:\windows\system32\regsvc.dll
2010-04-13 14:00 . 2008-04-14 03:21 192512 ----a-w- c:\windows\system32\schedsvc.dll
2010-04-10 08:32 . 2010-04-10 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-10 08:16 . 2005-08-25 17:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-04-09 06:35 . 2010-04-09 06:36 -------- d-----w- c:\program files\trend micro
2010-04-09 06:35 . 2010-04-09 06:36 -------- d-----w- C:\rsit
2010-04-09 05:53 . 2010-04-09 05:53 -------- d-----w- C:\!KillBox
2010-04-07 07:56 . 2010-04-07 07:56 -------- d-----w- c:\windows\MaxSea
2010-04-07 07:37 . 2010-04-11 17:34 -------- d-----w- c:\program files\SentEmul
2010-04-07 07:37 . 2003-03-24 16:06 11812 ----a-w- c:\windows\system32\drivers\SentEmul.sys
2010-04-07 07:32 . 2002-07-26 14:07 20000 ------w- c:\windows\system32\drivers\cmapusb.sys
2010-04-07 07:32 . 2002-07-26 10:59 16088 ------w- c:\windows\system32\drivers\cmapldr.sys
2010-04-07 07:32 . 2002-07-29 08:44 18013 ------w- c:\windows\system32\drivers\cmap_pc2.sys
2010-04-07 07:32 . 2010-04-07 07:32 -------- d-----w- c:\program files\C-Map
2010-04-07 07:31 . 2002-04-16 19:29 192512 ----a-w- c:\windows\system32\CMGBase.dll
2010-04-07 07:31 . 2000-06-29 08:45 52224 ----a-w- c:\windows\system32\Crypserv.exe
2010-04-07 07:31 . 2000-02-03 19:53 24608 ----a-w- c:\windows\system32\Ckldrv.sys
2010-04-07 07:31 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2010-04-07 07:31 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2010-04-07 07:31 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2010-04-07 07:31 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-04-07 07:31 . 2005-05-31 03:30 26120 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2010-04-07 07:31 . 2010-04-07 07:31 -------- d-----w- c:\windows\system32\RNBOSENT
2010-04-07 07:31 . 2005-05-31 03:30 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2010-04-07 07:31 . 2005-05-31 03:30 76288 ------w- c:\windows\system32\drivers\SENTINEL.SYS
2010-04-07 07:31 . 2005-05-31 03:30 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2010-04-07 07:30 . 2010-04-07 07:30 -------- d-----w- c:\windows\Drivers
2010-04-07 07:30 . 2010-04-07 07:30 -------- d-----w- c:\program files\I&M
2010-04-06 22:56 . 2010-04-13 14:04 804864 ----a-w- c:\windows\system32\drivers\ohvgntx.sys
2010-03-31 06:23 . 2010-03-31 06:23 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-31 05:13 . 2006-11-13 11:00 113456 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-03-31 05:13 . 2006-11-13 11:01 142128 ----a-w- c:\windows\system32\vmnat.exe
2010-03-31 05:13 . 2006-11-13 11:01 22576 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-03-31 05:13 . 2006-11-13 11:01 391984 ----a-w- c:\windows\system32\vnetlib.dll
2010-03-31 05:03 . 2010-03-31 05:03 -------- d-----w- c:\program files\Common Files\VMware
2010-03-31 05:03 . 2010-03-31 05:03 -------- d-----w- c:\program files\VMware
2010-03-30 18:57 . 2010-03-30 18:57 -------- d-----w- c:\program files\miranda-pack-105
2010-03-30 18:31 . 2010-04-10 19:54 -------- d-----w- c:\program files\ESET
2010-03-28 09:30 . 2010-03-28 09:30 -------- d-----w- C:\Folklor_movie
2010-03-28 09:20 . 2010-03-28 09:21 -------- d-----w- c:\program files\Miranda IM
2010-03-26 06:12 . 2010-04-01 07:46 -------- d-----w- c:\program files\Vidalia Bundle
2010-03-20 10:18 . 2010-03-20 10:18 -------- d-----w- c:\program files\DVD Shrink
2010-03-20 10:15 . 2010-03-20 10:15 -------- d-----w- c:\program files\ultraiso
2010-03-15 19:56 . 2010-03-16 06:51 -------- d-----w- c:\program files\HxD
2010-03-15 14:34 . 2010-03-15 14:34 -------- d-----w- c:\program files\PSAS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 03:21 . 2009-12-22 10:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-09 16:19 . 2009-12-22 07:25 -------- d-----w- c:\program files\wincmd
2010-03-31 05:14 . 2001-10-25 14:00 47604 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 05:14 . 2001-10-25 14:00 312912 ----a-w- c:\windows\system32\perfh005.dat
2010-03-30 18:04 . 2009-12-22 09:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 18:04 . 2009-12-22 09:15 -------- d-----w- c:\program files\Java
2010-03-22 19:21 . 2005-07-29 15:13 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-13 14:06 . 2010-03-13 14:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01005.Wdf
2010-03-11 12:36 . 2004-08-17 13:49 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 02:28 . 2010-01-01 16:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 14:03 . 2010-02-02 14:04 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
.

------- Sigcheck -------

[-] 2010-03-22 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\DllCache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-04-09_15.58.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-13 14:08 . 2010-04-13 14:08 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2010-04-13 14:08 . 2010-04-13 14:08 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
+ 2010-04-13 13:59 . 2010-04-13 13:59 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2010-04-10 19:57 . 2010-04-10 19:57 10134 c:\windows\Installer\{08B38E56-09A1-4155-906C-FA5A6495C34B}\callmsi.exe
+ 2010-04-10 19:57 . 2010-04-10 19:57 958976 c:\windows\Installer\184c22d.msi
+ 2010-04-10 19:57 . 2010-04-10 19:57 101480 c:\windows\Installer\{08B38E56-09A1-4155-906C-FA5A6495C34B}\egui.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2001-03-07 327680]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 15:48 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^syspck32.exe]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\syspck32.exe
backup=c:\windows\pss\syspck32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-03-31 06:22 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
2006-03-02 10:54 290816 ----a-w- c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 14:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-21 10:52 40960 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\download\\Miranda IM\\miranda32.exe"=
"e:\\1\\1\\miranda32.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Appz\\miranda-pack-105\\miranda32.exe"=
"c:\\Program Files\\I&M\\MaxSea\\MaxSea.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64893:TCP"= 64893:TCP:utorrent

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27.12.2009 17:37 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27.12.2009 17:37 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [22.12.2009 0:38 6784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2.2.2010 16:04 27632]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [22.12.2009 0:38 16000]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [13.3.2010 16:05 25728]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.1.2010 15:12 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.1.2010 15:12 8320]
S3 sentemul;sentemul;c:\windows\system32\drivers\SentEmul.sys [7.4.2010 9:37 11812]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\kg9qeykp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://morfeo.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101795&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\kg9qeykp.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

---- NASTAVENÍ FIREFOXU ----
# Tento soubor slouží pro nastavení různých předvoleb

//Předvolby jsou z tohoto souboru pouze načítány při startu prohlížeče a nehrozí tedy jejich přepis

//narozdíl od souboru prefs.js, který je generovaný při ukončení prohlížeče a zachycuje stav předvoleb.


// Použití postranní lišty Stahování namísto jednotlivých oken
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 16:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8649DF00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf78c7f28
\Driver\ACPI -> ACPI.sys @ 0xf77f4cb8
\Driver\atapi -> 0x8649df00
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf752bbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7538a21
SendHandler -> NDIS.sys @ 0xf751687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\LgNotify.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\acer\eManager\anbmServ.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RegSrvc.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\1XConfig.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 16:12:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 14:12
ComboFix2.txt 2010-04-11 20:43
ComboFix3.txt 2010-04-09 16:01

Před spuštěním: Volných bajtů: 11 779 088 384
Po spuštění: Volných bajtů: 11 771 641 856

- - End Of File - - F80EF34FA31EB02488982292ED3EDF6A

CF vše smazal a opravil. Ještě poprosím o kontrolu MBR: http://www2.gmer.net/mbr/mbr.exe . Po akci dejte log z MBR.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

I MBR je v pořádku. Mělo by to být vše.

Pak tedy dekuji a jsem Vam zauzlovan

Rádo se stalo!