VIRY.CZ

Tohle znáte?
C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
Random Wallpaper Changer.lnk - C:\changepaper\changepaper.exe



Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

To

C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
Random Wallpaper Changer.lnk - C:\changepaper\changepaper.exe

je nějaký měnič tapet? Nevím, že by na PC byl. Asi práce syna. Proč se ptáte

Jinak jsem vše dle návodu dokončil .....

Protože ho neznám. tak se ptám, jestli ho tam máte a víte o tom.

Taky nznám. A ani nefunguje. Asi je tam jen ikona.....?

Myslíte, že už je PC uzdraven?

Tak ten řádek v HJt taky fixněte.
Já bych řekla, že uzdravený je, ale záleží na jeho chování

Diky moc
to byl fakt koncert. Teď odjíždím na pár dní, pak se ještě ozvu.
Díky....

Tak pak dejte vědět, jestli už je fakt vše v pořádku.
Není zač. Hezkou neděli

Prosím o radu jak se zbavit my security shield

bramborag píše:Prosím o radu jak se zbavit my security shield

Hezké dopoledne
Vítejte na foru .
Prosím, založte si vlastní topic.
Běžte do nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti) a udělejte log ze Rsitu, viz můj podpis.
Pokud by log nešel udělat, napište to do topicu .

Dobrý den, mám vše v pohodě??

ComboFix 10-12-07.06 - PC 08.12.2010 22:52:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1439 [GMT 1:00]
Spuštěný z: c:\documents and settings\PC\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Icq\ICQ6.5\ICQLRun.exe
c:\windows\system32\kr_done1
c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
I:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 21:43 . 2010-12-08 21:22 390144 ----a-w- c:\windows\system32\CF31829.exe
2010-12-08 21:26 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BE0BC81F-8642-44FA-BCB6-7837A3AA53F4}\mpengine.dll
2010-12-05 22:17 . 2010-12-05 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-04 12:26 . 2010-12-04 12:26 -------- d-----w- c:\program files\Hasbro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2009-10-02 14:05 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-09-30 22:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-10 22:53 . 2010-10-10 22:53 249856 ----a-w- c:\windows\lcmmfu.cpl
2010-10-10 22:53 . 2010-10-10 22:53 16384 ----a-w- c:\windows\runservice.exe
2010-10-10 22:53 . 2010-10-10 22:53 48640 ----a-w- c:\windows\mmfs.dll
2010-10-01 21:04 . 2004-07-17 09:36 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-09-18 10:23 . 2004-08-17 13:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-17 13:49 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 14:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 14:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2010-08-30 08:34 94720 --sh--r- c:\windows\system32\TR2468scrobj3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 14:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-10-10 14:51 3906656 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-03-01 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-01 136176]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-03-12 139264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-30 1167808]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-07-13 421376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-10-29 608760]
"Anti-keylogger"="c:\program files\Anti-keylogger\Anti-keylogger.exe" [2009-04-21 395776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CryptSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PLOCHA\\HRY\\Aoe II\\empires2.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PLOCHA\\HRY\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12012:TCP"= 12012:TCP:BitComet 12012 TCP
"12012:UDP"= 12012:UDP:BitComet 12012 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2008 13:31 691696]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [21.4.2009 19:49 360960]
R2 akl_svc;Anti-keylogger Service;c:\program files\Anti-keylogger\akl_svc.exe [21.4.2009 19:56 59904]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [5.9.2010 17:06 67584]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 13:41 10064]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [10.10.2010 23:53 16384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [14.6.2010 15:02 1051976]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [5.12.2008 23:18 174834]
S3 scrambler;scrambler;c:\windows\system32\drivers\scrambler.sys [14.2.2005 10:17 206336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-661B1E4526C6-PC.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-06 23:41]

2010-12-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{A1487C6F-A328-4B43-93EF-7299544DCDE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {1192C33F-FFB3-4660-AE58-09B1E22291DF} = 212.71.131.166,212.71.131.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\NetSoftware\gemgecko\components\gemgecko.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: LastPass: support@lastpass.com - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\support@lastpass.com
FF - Extension: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Google Enhancer - True Knowledge: {7738069b-91db-41a0-91d2-7b06ca79d2e1} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{7738069b-91db-41a0-91d2-7b06ca79d2e1}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Extension: Seznam lištiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Extension: Fasterfox (EladKarako Mod): {eeeeeeee-aaaa-0000-aaaa-000000000000} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: VýzkumNetMonitor: gemgecko@gemius.com - c:\program files\NetSoftware\gemgecko

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
ActiveSetup-{6E8A3CA7-9539-7B4A-DD70-6F50B964A374} - c:\windows\system32:Service.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 22:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1715567821-630328440-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,7f,e6,66,c3,08,5e,ce,a2,62,04,a7,7d,99,86,12,1d,10,da,ac,ab,20,7d,
12,1a,77,1f,67,3e,e8,d1,5f,96,da,5d,25,65,f5,31,b2,b4,52,9d,80,34,96,3b,d3,\
"??"=hex:0e,99,c0,e6,d2,61,6b,1c,cd,e0,e6,03,51,e8,4c,9b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,3a,77,a0,c6,f3,8c,f2,ae,2e,ea,bc,14,1c,92,a4,c2,43,3d,0b,78,bd,76,70,3e,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-08 22:59:56
ComboFix-quarantined-files.txt 2010-12-08 21:59

Před spuštěním: Volných bajtů: 32 533 798 912
Po spuštění: Volných bajtů: 32 741 433 344

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,4,5,6,7,8,9
- - End Of File - - 8BB0B6618C8EFD9F8DB74EFACD7B6850

Hezké ráno

Pro příště si prosím založte vlastní topic, takto by to bylo nepřehledné

Otestujte na www.virustotal.com
c:\windows\system32\drivers\scrambler.sys
c:\windows\system32\TR2468scrobj3.dll


doporučuji odinstalovat program Trojan Remover.

Máte nainstalovaný nějaký keylloger?
Co máte za problém s počítačem?
Jinak combofix nedoporučujeme používat bez dozoru rádce, může Vám poškodit systém.