VIRY.CZ

zdravím mám problém ,že když zapnu internet operu tak se mě výkon počítače zvíší z minima na 100% a internet a videa se hodně sekají.děje se to u všech prohlížečů.sítí to asi nebude,protože druhý počítač normálně jede.viri tam nejsou,používam Norton Intarnet Security.začalo to z ničeho nic asi před týdnem.díky za nějakou odpověd johny

Zdravim,

viri tam nejsou,používam Norton Intarnet Security.začalo to z ničeho nic asi před týdnem

to by poukazovalo prave na virovou infekci.Zadny security produkt neni neprustrelny...

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\J-O-H-N-Y\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 613,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 36,01 Gb Free Space | 61,46% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 52,97 Gb Free Space | 58,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNY
Current User Name: J-O-H-N-Y
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-796845957-2000478354-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15278:TCP" = 15278:TCP:*:Disabled:BitComet 15278 TCP
"15278:UDP" = 15278:UDP:*:Disabled:BitComet 15278 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"D:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe" = D:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = D:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\The Battle for Middle-earth1\game.dat" = D:\The Battle for Middle-earth1\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- File not found
"D:\World of Warcraft\Repair.exe" = D:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"D:\World of Warcraft\WoW-2.0.3-enGB-downloader.exe" = D:\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft THE BURNING CRUSARE\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = D:\World of Warcraft THE BURNING CRUSARE\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft THE BURNING CRUSARE\WoW-2.0.3-enGB-downloader.exe" = D:\World of Warcraft THE BURNING CRUSARE\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft THE BURNING CRUSARE\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe" = D:\World of Warcraft THE BURNING CRUSARE\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"D:\World of Warcraft\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe" = D:\World of Warcraft\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"D:\WOW\WoW-1.12.0-enGB-downloader.exe" = D:\WOW\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\WOW\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = D:\WOW\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Boiling Point - Cesta do pekel\XENUS.EXE" = D:\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS -- File not found
"D:\World of Warcraft\WoW-2.3.0-enGB-downloader.exe" = D:\World of Warcraft\WoW-2.3.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\Simon and Schuster\Real War Rogue States\rsclient.exe" = C:\Program Files\Simon and Schuster\Real War Rogue States\rsclient.exe:*:Enabled:RWX.EXE -- (Simon & Schuster)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Disabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Disabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6 -- File not found
"D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = ToCA Race Driver 3
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{10C1A383-5FB9-4868-859C-E64F6822E9C8}" = Sony Ericsson Mobile Phone Monitor
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D6FB37A-CBCA-11D6-8940-0002A5E32BEF}" = Prasátko a jeho velký piknik
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EF75089-392B-4771-B791-17316E27EBA6}" = Real War Rogue States
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2527736B-927C-4E5F-A861-6BA616568B80}_is1" = Sniper Elite
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}" = A4tech USB Mouse Quality Testing Program V5.0
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{54DB72EE-C98A-4A59-94EC-2DF95D8A42D8}_is1" = Wings Over Europe
"{5DB8BFC7-9595-49CC-BF0D-A17D3A83929A}" = OpenOffice.org 2.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C12270-A1F1-42A3-AA73-68A1A0CE0E52}_is1" = Mizerové II
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A47120AC-6D04-4005-818F-24B6C6338421}" = Brigade E5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9DF4B7-5BDE-42F5-94EF-53311B55566B}" = Project IGI2 - Covert Strike
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B431CA9E-4D14-4386-8BCC-2C13F46B8E70}" = Toy Story 2
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{D3D47124-86AD-4605-A571-6C75355D87DB}" = Conflict Vietnam
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ECF6CB25-95A7-403F-89C2-F72E44EFE0CB}" = PC Suite
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Benefit MONITORING MŠMT NP_is1" = Benefit
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Dofus 1.23.0" = Dofus 1.23.0
"EPSON Printer and Utilities" = Software tiskárny EPSON
"EPSON Scanner" = EPSON Scan
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"FlightGear_is1" = FlightGear v0.9.10
"Gothic II" = Gothic II
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Kill Deal_is1" = Kill Deal
"KnightShift" = KnightShift
"Kobra 11_is1" = Kobra 11 Nitro
"legacyqcam_10.51" = Labtec Legacy USB Camera Driver Package
"Locomotion CZ" = Locomotion CZ
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Micro DVD Player" = Micro DVD Player
"mmswitch" = Morgan Stream Switcher
"MotoGP_is1" = MotoGP
"MotoGP2_is1" = MotoGP2
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rayman 3_is1" = Rayman 3 1.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Space Rangers" = Vesmírní kovbojové
"Totalcmd" = Total Commander (Remove or Repair)
"Ventrilo" = Ventrilo
"VentriloMIX" = VentriloMIX
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WheelMouse" = Smart-X7 7.80
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

Udelejte kompletni scan pomoci AvpTool,

postupujte presne dle navodu, pri vyberu jaka akce nechte lecit,obsah logu vlozte sem.

Stahnete DDS a ulozte ho na plochu.

Zavrete vsechna spustena okna a spustte program, potvrdte licencni podminky a postupujte podle pokynu. Zacne scanovani.

Az skonci, tak by mel vytvorit 2 logy proto se vam 2krat otevre notepad. Jeden log bude mit nazev DDS.txt a druhy attach.txt.

Zkopirujte sem pouze ten DDS.txt.

V pripade nejasnosti navod zde

Stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.

DDS (Ver_10-03-17.01) - NTFSx86
Run by J-O-H-N-Y at 7:36:25,51 on ne 16.05.2010
Internet Explorer: 8.0.6001.18702
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.523 [GMT 2:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\J-O-H-N-Y\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.gametop.com/?utm_source=OstrichRunner&utm_medium=start
uSearch Page = hxxp://google.icq.com
uSearch Bar = hxxp://google.icq.com/search/search_frame.php
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Automated Content Enhancer: {1d74e9dd-8987-448b-b2cb-67fff2b8a932} - c:\program files\automated content enhancer\4.1.0.5050\ACEIEAddOn.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Web Search Operator: {eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} - c:\program files\web search operator\3.1.0.1800\wso.dll
BHO: {F97DA966-F09D-4cab-BF29-75A0026986EA} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
uRun: [EPSON Stylus DX4000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibee.exe /fu "c:\docume~1\j-o-h-~1\locals~1\temp\E_S59.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_04\bin\jusched.exe
mRun: [EPSON Stylus DX4000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibee.exe /fu "c:\windows\temp\E_SA6.tmp" /EF "HKLM"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [<NO NAME>]
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\j-o-h-~1\nabdka~1\programy\posput~1\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\j-o-h-~1\nabdka~1\programy\posput~1\setup_~1.lnk - c:\documents and settings\j-o-h-n-y\plocha\virus removal tool2\setup_9.0.0.722_15.05.2010_17-24\startup.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Search - ?p=ZJ
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166878404505
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {ABD1FD42-0011-486C-A9D8-08698785EC69} = 10.0.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 212.71.145.115 L2authd.lineage2.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j-o-h-~1\dataap~1\mozilla\firefox\profiles\n4u7d9kw.default\
FF - prefs.js: browser.search.selectedEngine - HottieStar Toolbar
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://ho ... inder.com/
FF - component: c:\documents and settings\all users\data aplikací\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\data aplikací\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\automated content enhancer\4.1.0.5050\ff\components\ACEFFAddOn.dll
FF - component: c:\program files\customized platform advancer\3.1.0.1520\ff\components\CPAFFAddOn.dll
FF - component: c:\program files\hottiestar toolbar\2.1.0.4120\fftoolbar\components\MVBCore.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - component: c:\program files\web search operator\3.1.0.1800\ff\components\WSOFFAddOn.dll
FF - plugin: c:\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\java\j2re1.4.2_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");

============= SERVICES / DRIVERS ===============

R0 41274422;41274422 Boot Guard Driver;c:\windows\system32\drivers\41274422.sys [2010-5-15 37392]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 41274421;41274421;c:\windows\system32\drivers\41274421.sys [2010-5-15 128016]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\data aplikací\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-8 329592]
R1 setup_9.0.0.722_15.05.2010_17-24drv;setup_9.0.0.722_15.05.2010_17-24drv;c:\windows\system32\drivers\4127442.sys [2010-5-15 315408]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-6 20968]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-3-10 222456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-2 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\data aplikací\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100515.019\NAVENG.SYS [2010-5-16 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\data aplikací\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100515.019\NAVEX15.SYS [2010-5-16 1347504]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2006-12-23 115968]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-5-9 13824]
S3 uti3mtk2;AVZ Kernel Driver;c:\windows\system32\drivers\uti3mtk2.sys [2010-5-15 7168]

=============== Created Last 30 ================

2010-05-15 17:33:37 7168 ----a-w- c:\windows\system32\drivers\uti3mtk2.sys
2010-05-15 15:44:43 37392 ----a-w- c:\windows\system32\drivers\41274422.sys
2010-05-15 15:44:43 315408 ----a-w- c:\windows\system32\drivers\4127442.sys
2010-05-15 15:44:43 128016 ----a-w- c:\windows\system32\drivers\41274421.sys
2010-05-15 15:36:08 315408 ----a-w- c:\windows\system32\drivers\2152973.sys
2010-05-14 16:01:14 0 d-----w- c:\windows\system32\drivers\NSS
2010-05-14 16:01:14 0 d-----w- c:\program files\Norton Security Scan
2010-05-12 04:00:41 0 d--h--w- c:\windows\$hf_mig$
2010-05-06 17:22:05 0 d-----r- c:\documents and settings\j-o-h-n-y\Nabídka Start
2010-05-06 16:23:29 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-05-02 19:33:41 7562568 ----a-w- c:\program files\Opera_964_int_Setup.exe
2010-05-02 08:27:55 13019280 ----a-w- C:\Opera_1053_int_Setup.exe
2010-04-27 10:33:54 0 d-----w- c:\program files\1C Company
2010-04-21 08:03:12 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 15:30:11 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-04-17 15:30:11 99328 ----a-w- c:\windows\system32\srusd.dll
2010-04-17 15:30:06 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-04-17 15:30:06 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-04-17 15:30:03 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-04-17 15:30:03 71680 ----a-w- c:\windows\system32\fnfilter.dll

==================== Find3M ====================

2010-05-09 07:51:19 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 07:51:19 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 04:27:12 2136885 ----a-w- c:\program files\kluci 034.jpg
2010-03-10 06:17:40 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 16:05:55 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-02-17 12:09:02 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09:02 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-07-24 16:46:05 455966 -c--a-w- c:\program files\cc_20080724_1845.reg

============= FINISH: 7:37:28,17 ===============

Autoscan: completed 57 minutes ago (events: 12, objects: 225252, time: 01:17:20)
16.5.2010 13:53:09 Task started
16.5.2010 14:00:49 Detected: not-a-virus:AdWare.Win32.PopMenu.y C:\Documents and Settings\All Users\Data aplikací\{732BD52C-2B24-4AF1-8509-89A619EC2006}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
16.5.2010 14:01:08 Deleted: not-a-virus:AdWare.Win32.PopMenu.y C:\Documents and Settings\All Users\Data aplikací\{732BD52C-2B24-4AF1-8509-89A619EC2006}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
16.5.2010 14:19:52 Detected: not-a-virus:AdWare.Win32.PopMenu.y C:\Program Files\DoubleD\JuicyAccess Toolbar\4.1.0.17730\stbapp.exe
16.5.2010 14:20:28 Deleted: not-a-virus:AdWare.Win32.PopMenu.y C:\Program Files\DoubleD\JuicyAccess Toolbar\4.1.0.17730\stbapp.exe
16.5.2010 14:30:43 Detected: not-a-virus:AdWare.Win32.Agent.piw C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
16.5.2010 14:31:00 Deleted: not-a-virus:AdWare.Win32.Agent.piw C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
16.5.2010 14:50:36 Detected: Backdoor.Win32.Agent.tol D:\Need for Speed Carbon\Need for speed CARBON-Save editor+PRO SAVER\sivinsprosaver.exe/ASPack
16.5.2010 14:50:36 Detected: Backdoor.Win32.Agent.tol D:\Need for Speed Carbon\Need for speed CARBON-Save editor+PRO SAVER\sivinsprosaver.exe.part/ASPack
16.5.2010 14:50:58 Deleted: Backdoor.Win32.Agent.tol D:\Need for Speed Carbon\Need for speed CARBON-Save editor+PRO SAVER\sivinsprosaver.exe
16.5.2010 14:50:59 Deleted: Backdoor.Win32.Agent.tol D:\Need for Speed Carbon\Need for speed CARBON-Save editor+PRO SAVER\sivinsprosaver.exe.part
16.5.2010 15:10:29 Task completed

Pouzivanim cracku pro software a hry zvysujete riziko zavleceni infekce do pc-Need for Speed Carbon...

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-16 16:58:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\J-O-H-~1\LOCALS~1\Temp\fxtdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Jeste druhy log z GMERu.

A pak ten ComboFix.

ComboFix 10-05-15.03 - J-O-H-N-Y 16.05.2010 17:11:54.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.442 [GMT 2:00]
Spuštěný z: c:\documents and settings\J-O-H-N-Y\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\auto.exe
c:\documents and settings\J-O-H-N-Y\Dokumenty\cc_20100515_170143.reg
c:\documents and settings\J-O-H-N-Y\Dokumenty\cc_20100515_170542.reg
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5050\ACECommon.dll
c:\program files\Automated Content Enhancer\4.1.0.5050\ACEIeaddon.dll
c:\program files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSub.dll
c:\program files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSubL.dll
c:\program files\Automated Content Enhancer\4.1.0.5050\acepx.exe
c:\program files\Automated Content Enhancer\4.1.0.5050\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5050\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5050\unins000.dat
c:\program files\Automated Content Enhancer\4.1.0.5050\unins000.exe
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\3.1.0.1520\CPACommon.dll
c:\program files\Customized Platform Advancer\3.1.0.1520\CPAHelper.exe
c:\program files\Customized Platform Advancer\3.1.0.1520\CPAIEAddOnSub.dll
c:\program files\Customized Platform Advancer\3.1.0.1520\CPAIEAddOnSubL.dll
c:\program files\Customized Platform Advancer\3.1.0.1520\Data\config.md
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\chrome.manifest
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\3.1.0.1520\FF\install.rdf
c:\program files\Customized Platform Advancer\3.1.0.1520\unins000.dat
c:\program files\Customized Platform Advancer\3.1.0.1520\unins000.exe
c:\program files\Internet Saving Optimizer
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\9.bin\MWSOESTB.DLL
c:\program files\SafeFighter Software
c:\program files\Web Search Operator
c:\program files\Web Search Operator\3.1.0.1800\Data\config.md
c:\program files\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll
c:\program files\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\3.1.0.1800\FF\chrome.manifest
c:\program files\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\3.1.0.1800\FF\install.rdf
c:\program files\Web Search Operator\3.1.0.1800\unins000.dat
c:\program files\Web Search Operator\3.1.0.1800\unins000.exe
c:\program files\Web Search Operator\3.1.0.1800\wsO.dll
c:\program files\Web Search Operator\3.1.0.1800\WSOCommon.dll
c:\program files\Web Search Operator\3.1.0.1800\wsopx.exe
c:\windows\10005zi9us7235.cpl
c:\windows\10914z9oj68f5.dll
c:\windows\11024n9t-a-vi5us44z.dll
c:\windows\112z3not-a-5irus29f9.dll
c:\windows\11438notza-virus9655.ocx
c:\windows\11530hackzoo5619.exe
c:\windows\116w5r9zaa.cpl
c:\windows\11962ha5kto9l27cz.ocx
c:\windows\122z9vir9s50d.dll
c:\windows\12585not9a-vzrus219.bin
c:\windows\12809zroj2959.dll
c:\windows\1319addwar51183z.cpl
c:\windows\13499nzt-a5virus549.ocx
c:\windows\13569vi5zs4c5.exe
c:\windows\136165ackzoo933d.dll
c:\windows\13z11s59mbot712.bin
c:\windows\13z289p5mbot46.exe
c:\windows\13z5wo9m352.dll
c:\windows\13zeth9e52787.ocx
c:\windows\14506n9t-a5virus2z2.dll
c:\windows\149espzr5e2877.dll
c:\windows\15389zacktool79f.ocx
c:\windows\15412viru53ez9.ocx
c:\windows\15529spambot5z5.ocx
c:\windows\15650zacktoo93b2.dll
c:\windows\158cspa9sz394.exe
c:\windows\15965viruz3a4.dll
c:\windows\15z9s5eal23359.cpl
c:\windows\16480tr9j5za.exe
c:\windows\1668zhief5809.bin
c:\windows\172679ot-a-zirus195.ocx
c:\windows\17459zor9d6.ocx
c:\windows\17556virus39cz.dll
c:\windows\18239pzmbot9a5.cpl
c:\windows\18350not-a9vi5usz72.cpl
c:\windows\18536trzj994.exe
c:\windows\185519pambot7z3.ocx
c:\windows\185z9ir1258.bin
c:\windows\18659sp5z14.ocx
c:\windows\1875addware30z49.ocx
c:\windows\18895h9cktooz154.dll
c:\windows\19453zir5s46.ocx
c:\windows\194759acktzol22b.dll
c:\windows\1948695rm6dz.cpl
c:\windows\1951virus35z.ocx
c:\windows\195385p96z6.cpl
c:\windows\19612no5-a-virus389z.bin
c:\windows\19858hzckt5ol3ec.ocx
c:\windows\1a59spywarz229.dll
c:\windows\1b7sparse5z39.cpl
c:\windows\1b91d59nloazer1296.cpl
c:\windows\1bfadown9zade51527.ocx
c:\windows\1e95zteal179.ocx
c:\windows\1faedownl5ad9z747.cpl
c:\windows\1z124sp5mbot95d.ocx
c:\windows\20065wormz39.exe
c:\windows\20156sp9mbzt457.dll
c:\windows\20517zorm9f2.exe
c:\windows\20900hz9ktoo515a.cpl
c:\windows\209z695y2d2.ocx
c:\windows\20e5baczdoor9655.exe
c:\windows\20z905p9mbot594.exe
c:\windows\20zcthi5f2970.exe
c:\windows\21652hack9zol35a.exe
c:\windows\22135zroj59b.ocx
c:\windows\2247595z2e7.dll
c:\windows\22594s5yzb9.cpl
c:\windows\231z9tro951b.dll
c:\windows\2399s5e9l28z5.exe
c:\windows\23dbthzea592543.dll
c:\windows\23fzvir19495.ocx
c:\windows\242939irzs758.cpl
c:\windows\24759spy4z8.cpl
c:\windows\24992tr5j460z.exe
c:\windows\24c89t5al3228z.exe
c:\windows\25493noz-a-virus672.cpl
c:\windows\25635spazbo9e9.cpl
c:\windows\257709pazbotb4.ocx
c:\windows\257z8sp965e.cpl
c:\windows\25899sp9zdb.dll
c:\windows\25931spambot7z29.ocx
c:\windows\259495zambot58.bin
c:\windows\25977wz5m1d1.ocx
c:\windows\259cbackdozr2449.dll
c:\windows\2616vi5zs2459.cpl
c:\windows\26285wo5m769z.dll
c:\windows\26355ziru95cd.bin
c:\windows\27139viruz504.bin
c:\windows\283449ot-a-virus375z.exe
c:\windows\28399hack5oolz55.bin
c:\windows\283z8t9o510e.bin
c:\windows\28549spy5z5.bin
c:\windows\2887659t-a-vzrus75f.exe
c:\windows\29032tr5j4z6.bin
c:\windows\29038spy55z5.dll
c:\windows\2903viz2395.bin
c:\windows\29051spambo5dz.dll
c:\windows\29398wozm514.ocx
c:\windows\29527t5oj50z.dll
c:\windows\29535tro974z.dll
c:\windows\295z9irus3bf.exe
c:\windows\29862t5oj7zb9.cpl
c:\windows\298cspazs521559.ocx
c:\windows\29918v5ruz21e.exe
c:\windows\2a2dspyw5re193z.exe
c:\windows\2a595aczdoor1386.dll
c:\windows\2b69zhr5at20819.exe
c:\windows\2b7zddwa5e3519.cpl
c:\windows\2e459ackdozr1313.dll
c:\windows\2z322troj759.cpl
c:\windows\2z535virus599.ocx
c:\windows\2z743no95a-virus3e8.dll
c:\windows\2z8st5al1289.exe
c:\windows\2z989virus2105.dll
c:\windows\30153worz139.ocx
c:\windows\30573sp95zot7a1.exe
c:\windows\3097sp5rsz451.cpl
c:\windows\31096s5ambotz90.ocx
c:\windows\32050haz9tool175.bin
c:\windows\323es9ar5e27z9.ocx
c:\windows\32439virusz599.dll
c:\windows\3259wormz56.bin
c:\windows\326z1not-a-vi9us3a5.dll
c:\windows\32d9thz5f291.dll
c:\windows\32e4ad5ware399z.exe
c:\windows\332759y7z8.exe
c:\windows\33fa9ir3195z.dll
c:\windows\341aspzware2859.exe
c:\windows\3527threzt5955.ocx
c:\windows\35513spzmbot159.ocx
c:\windows\35699troj990z.bin
c:\windows\35a5s9ezl2738.dll
c:\windows\35d7spzrse9694.ocx
c:\windows\35dcthi9fz888.exe
c:\windows\35e2t5reaz9658.cpl
c:\windows\3665hacztool739.ocx
c:\windows\36909acktzol454.dll
c:\windows\3691sp5r9e66z.dll
c:\windows\3849zteal5504.dll
c:\windows\38e9spyz9re551.exe
c:\windows\39258spzmbot495.ocx
c:\windows\392aback5oorz25.bin
c:\windows\395aspyw5re19z8.bin
c:\windows\39605hacktozl6c5.dll
c:\windows\39bcad5ware1z60.exe
c:\windows\39bf59eal15z.exe
c:\windows\3ba5st9al965z.ocx
c:\windows\3e50downl9aderz635.exe
c:\windows\3e5eaddwa9e1532z.ocx
c:\windows\3f1b9pywaz52472.bin
c:\windows\3fa9bazkdoor2059.bin
c:\windows\3fc9stezl5836.bin
c:\windows\3ff9spzrse3152.dll
c:\windows\3za6s5yware9152.exe
c:\windows\4119stz5l9829.bin
c:\windows\4120sparse5z949.exe
c:\windows\415s5y59z.bin
c:\windows\4167t9reat6587z.dll
c:\windows\4175hiz93226.cpl
c:\windows\4206hackz9ol2995.cpl
c:\windows\4249szy9ac5.exe
c:\windows\42csparse5069z.ocx
c:\windows\4308t9zj750.cpl
c:\windows\431e9zw5loader58.exe
c:\windows\436zspyw9r51619.ocx
c:\windows\449fdown5oader3z63.ocx
c:\windows\4685thre5t3z859.cpl
c:\windows\473z9ackdoo53110.exe
c:\windows\474fthreaz85539.cpl
c:\windows\475spz51f9.exe
c:\windows\47865a9kdozr2096.dll
c:\windows\479z9te5l216.dll
c:\windows\49f2t9iefz529.cpl
c:\windows\4a38virz559.cpl
c:\windows\4azbvir50279.cpl
c:\windows\4c5fz9ea53254.dll
c:\windows\4ccdaddwa9ez9215.ocx
c:\windows\4e25dow9loadzr2416.exe
c:\windows\4ea2ba5kdo9rz258.bin
c:\windows\4f85ad9warz824.bin
c:\windows\4ff5addzare9951.ocx
c:\windows\4fzbspyw9r51486.exe
c:\windows\5066th9eaz18095.bin
c:\windows\50z6tr5jc9.ocx
c:\windows\51489ir655z.exe
c:\windows\5193back9oor297z.ocx
c:\windows\5215orz2219.cpl
c:\windows\52459iez2209.exe
c:\windows\52695ownlozder3150.ocx
c:\windows\5304hack9zol55a.bin
c:\windows\539espyware525z.exe
c:\windows\53z1back9oor842.dll
c:\windows\5455zacktool29c.bin
c:\windows\545cthrezt18994.ocx
c:\windows\5482adzware982.cpl
c:\windows\54b0tz5ef29999.dll
c:\windows\5527s9y42z.dll
c:\windows\552fspa9se1096z.ocx
c:\windows\5535downlozde9527.cpl
c:\windows\554eth5efz399.cpl
c:\windows\55519hiez759.exe
c:\windows\558bspar9z1657.bin
c:\windows\5590thizf5668.cpl
c:\windows\55c6zir1986.exe
c:\windows\55dzs9eal5014.bin
c:\windows\5626z9orm170.ocx
c:\windows\56z5t9reat29452.cpl
c:\windows\57885pamb9t345z.ocx
c:\windows\5799downloade52352z.ocx
c:\windows\5823zownloa9er24885.exe
c:\windows\5835s9yzbf.cpl
c:\windows\5869spyzff.cpl
c:\windows\58zspar9e188.bin
c:\windows\590c95r2018z.bin
c:\windows\5929vi57z0.ocx
c:\windows\5930viz2154.ocx
c:\windows\59472virus39fz.cpl
c:\windows\59502vizus597.exe
c:\windows\596et5rzat13885.cpl
c:\windows\5990backdoorz948.exe
c:\windows\5995pambzt1e79.exe
c:\windows\59b4zddwar5607.cpl
c:\windows\59c0vir1556z.cpl
c:\windows\59e1spyware1234z.cpl
c:\windows\5a2cadzware9141.ocx
c:\windows\5a92zi51862.bin
c:\windows\5a9cdzw9loader289.ocx
c:\windows\5b79t9reat2z247.exe
c:\windows\5bdzdow9loader2610.dll
c:\windows\5c4aviz1529.bin
c:\windows\5c56thr9at167z3.ocx
c:\windows\5cfdo5nl9ader1z45.ocx
c:\windows\5d95a9dware570z.exe
c:\windows\5e81downlzader3977.dll
c:\windows\5ef1threat3023z9.cpl
c:\windows\5eth9efz15.dll
c:\windows\5f229zckdoo5713.bin
c:\windows\5f35stea92965z.ocx
c:\windows\5f5adown9oaderz161.ocx
c:\windows\5f5dspywarez5799.ocx
c:\windows\5f95vir51z7.ocx
c:\windows\5z576w9rm409.cpl
c:\windows\5z728v9rus497.dll
c:\windows\5z75irus193.dll
c:\windows\5z809acktool6f5.ocx
c:\windows\5z999orm117.cpl
c:\windows\5z99sp5rse956.ocx
c:\windows\6025sze5l499.exe
c:\windows\60z2not-a-v5rus9cd.ocx
c:\windows\6247spam59t5z2.ocx
c:\windows\6265zir697.bin
c:\windows\6273virus9z5.cpl
c:\windows\62baviz925.dll
c:\windows\6469zparse5114.cpl
c:\windows\64839pam5zt6f2.cpl
c:\windows\64cbdzw9loader1057.bin
c:\windows\6547noz-a-vir5s4049.ocx
c:\windows\655cz9ars52182.cpl
c:\windows\65bzt9ief745.cpl
c:\windows\6705orm7z9.bin
c:\windows\675zt9reat26910.cpl
c:\windows\67c4ba9kdozr11475.bin
c:\windows\685dspy9zre2941.bin
c:\windows\6956zpywa9e1927.cpl
c:\windows\6973addwzre26505.cpl
c:\windows\69e8s5zal2554.ocx
c:\windows\6a29spyware1z35.dll
c:\windows\6abdspzwa9e5453.bin
c:\windows\6b79thrzat4965.exe
c:\windows\6d97zddware7865.ocx
c:\windows\6e5ethi9z26595.exe
c:\windows\6f19downloader3558z.ocx
c:\windows\6za259reat8306.dll
c:\windows\7016thre5t95z85.ocx
c:\windows\7170sza95otb1.dll
c:\windows\72zbad95are2909.bin
c:\windows\7466t5rezt19589.bin
c:\windows\75089parse10z4.cpl
c:\windows\7517vir559z.ocx
c:\windows\7519virzs735.exe
c:\windows\751az5ars92130.ocx
c:\windows\752adz5a9e2466.exe
c:\windows\76185dzware9349.exe
c:\windows\76b4backd9or51z8.dll
c:\windows\770fz5ie9645.bin
c:\windows\77bfth9eat754z.ocx
c:\windows\77c5a9dwarz2539.ocx
c:\windows\7915downloade9z319.cpl
c:\windows\797cadzware31575.ocx
c:\windows\79czba9kd5or803.bin
c:\windows\79ethr5atz5873.bin
c:\windows\79z5tr9j250.cpl
c:\windows\7a54tzi9f2942.exe
c:\windows\7a96addzare2665.bin
c:\windows\7d2bviz5579.dll
c:\windows\7d5fspzwa9e5466.dll
c:\windows\7de59teal191z.cpl
c:\windows\7e80ad5wa9e146z.cpl
c:\windows\7f10downlo5zer3192.exe
c:\windows\7f3cdoznloa5er2799.dll
c:\windows\7f58thzef9577.bin
c:\windows\8629not5a-vz9us598.cpl
c:\windows\909thre5t2760z.bin
c:\windows\91605spzmb5t63b.cpl
c:\windows\919015pz6cc.ocx
c:\windows\9196addware1579z.dll
c:\windows\9413not-a-v95us6cz.ocx
c:\windows\9575addware2713z.cpl
c:\windows\958addwarez295.bin
c:\windows\95d1tzrea570.exe
c:\windows\9644zspy5735.ocx
c:\windows\9740zpy59.ocx
c:\windows\9759thief6z5.ocx
c:\windows\97635trzj7b5.exe
c:\windows\97955troj6z9.exe
c:\windows\9797vz5us85.cpl
c:\windows\98302s5amzot2ef.cpl
c:\windows\9a73spyware3056z.bin
c:\windows\9besz5ware870.dll
c:\windows\9c5vzr545.cpl
c:\windows\9csteal20z5.dll
c:\windows\9ef0sze5l23.dll
c:\windows\9ezaaddwa5e2617.bin
c:\windows\9z38vi5us656.dll
c:\windows\9z57no5-a-virus547.exe
c:\windows\b5t9rzat1351.cpl
c:\windows\bdezh9eat15593.bin
c:\windows\c9zb5ck9oor1405.ocx
c:\windows\cz1thr5at31964.ocx
c:\windows\d63adzware91925.dll
c:\windows\ee8v59z53.bin
c:\windows\ef9s5arsz317.ocx
c:\windows\f575zd9are2345.ocx
c:\windows\f90zackd5or859.exe
c:\windows\system32\10905vz9us155.cpl
c:\windows\system32\115835orm8z9.exe
c:\windows\system32\116z5worm1bf9.dll
c:\windows\system32\117z5spamb9t36a.dll
c:\windows\system32\1190bzckdoor325.exe
c:\windows\system32\1226zh9eat54340.dll
c:\windows\system32\1227zddware27559.dll
c:\windows\system32\12570hzckt5ol559.exe
c:\windows\system32\126745zrm99.dll
c:\windows\system32\127bspar9e505z.bin
c:\windows\system32\1285spz39c5.exe
c:\windows\system32\131z8ha5k9ool7ac.ocx
c:\windows\system32\13304wor915az.bin
c:\windows\system32\13395zpam9ot134.ocx
c:\windows\system32\1349thzeat25897.dll
c:\windows\system32\136spyza95805.bin
c:\windows\system32\13734hazktool935.bin
c:\windows\system32\13904hackz5ol69c9.ocx
c:\windows\system32\1441spa9se5z49.exe
c:\windows\system32\1449t5iefz983.exe
c:\windows\system32\14529spazbot7f9.bin
c:\windows\system32\14563wo9m2fz.bin
c:\windows\system32\145zthief2089.bin
c:\windows\system32\14961spyz5d5.bin
c:\windows\system32\150479ozm3e8.dll
c:\windows\system32\1526zsp9mbot5a1.ocx
c:\windows\system32\15315viru991z.bin
c:\windows\system32\155469zoj511.dll
c:\windows\system32\15629hiez1540.ocx
c:\windows\system32\15693tro529z.dll
c:\windows\system32\15903s5ambot6z2.ocx
c:\windows\system32\15951trojz159.ocx
c:\windows\system32\15999spazbot31a.cpl
c:\windows\system32\159caddwzre1932.ocx
c:\windows\system32\15aaddw9re21z55.exe
c:\windows\system32\163889pa5zot345.cpl
c:\windows\system32\16499sp548z.dll
c:\windows\system32\16b15hief13z79.cpl
c:\windows\system32\16z6wo5m955.ocx
c:\windows\system32\17339hack5zol3d7.ocx
c:\windows\system32\1755zhacktool12b9.dll
c:\windows\system32\17757t9ojzee.bin
c:\windows\system32\1777z9r20835.ocx
c:\windows\system32\1783dowzlo5de91977.exe
c:\windows\system32\17884wo95380z.exe
c:\windows\system32\1794zspy554.bin
c:\windows\system32\17957not-a-viruz2b8.cpl
c:\windows\system32\17ec95zeat28700.ocx
c:\windows\system32\180829py5cz.dll
c:\windows\system32\18344no9-a-viz5s758.dll
c:\windows\system32\18893vir5s98z.bin
c:\windows\system32\189az5ief3001.bin
c:\windows\system32\18z16viru53ad9.ocx
c:\windows\system32\19035t5ojz90.exe
c:\windows\system32\19282not-5-virusz9.exe
c:\windows\system32\195559py59ez.dll
c:\windows\system32\19663hac5tozl24d.exe
c:\windows\system32\197bth5ef15z0.cpl
c:\windows\system32\19927zirus6f5.cpl
c:\windows\system32\19z92not-a-vir5s272.exe
c:\windows\system32\19zavir52479.ocx
c:\windows\system32\1ad95ownloadzr691.exe
c:\windows\system32\1bszars52898.ocx
c:\windows\system32\1c39st5alz599.cpl
c:\windows\system32\1dd5szy9are289.ocx
c:\windows\system32\1e5bvir289z.exe
c:\windows\system32\1fc15zi9f1547.ocx
c:\windows\system32\1z8669py365.exe
c:\windows\system32\2000not-a-viru51b9z.cpl
c:\windows\system32\2033zp5269.cpl
c:\windows\system32\20595iruszf.dll
c:\windows\system32\205azh9eat5504.ocx
c:\windows\system32\206455irzs198.cpl
c:\windows\system32\20791s9ambotz95.dll
c:\windows\system32\209155pyzf3.ocx
c:\windows\system32\20956zroj5359.exe
c:\windows\system32\20980szy51.ocx
c:\windows\system32\209cszyware1175.cpl
c:\windows\system32\20b9th5zf1029.dll
c:\windows\system32\20z16spy9b85.cpl
c:\windows\system32\213319pambotz59.cpl
c:\windows\system32\21ba9ackdooz5165.ocx
c:\windows\system32\220565ot-a-viz9s122.exe
c:\windows\system32\229z0not-a9viru55fd.cpl
c:\windows\system32\22z94w5r9797.dll
c:\windows\system32\22z995acktool5b9.dll
c:\windows\system32\2351z9pambot61f.bin
c:\windows\system32\23660not-a-v5r9s4d2z.cpl
c:\windows\system32\23769no5-a-vzrus685.exe
c:\windows\system32\238s5y9aze114.cpl
c:\windows\system32\23945hacktozl1ac.ocx
c:\windows\system32\23962v59us7zb.cpl
c:\windows\system32\23z03w5rm5899.bin
c:\windows\system32\24305tr9z702.exe
c:\windows\system32\2485wo5mz9.exe
c:\windows\system32\24e5steal1039z.exe
c:\windows\system32\24z95sp5mbot3dd.exe
c:\windows\system32\25559no5-a-viruz51.dll
c:\windows\system32\2557backdoo998z.dll
c:\windows\system32\25945tzoj389.cpl
c:\windows\system32\25adz9dware227.bin
c:\windows\system32\25cbthre9z19577.bin
c:\windows\system32\25z98s9y55.bin
c:\windows\system32\25zback9oor5265.bin
c:\windows\system32\261c5h9efz53.exe
c:\windows\system32\2625z95t-a-virus42a.bin
c:\windows\system32\265789irusz07.bin
c:\windows\system32\2659ztroj52.cpl
c:\windows\system32\265eazdw5re16679.exe
c:\windows\system32\26802sp5mzot60a9.exe
c:\windows\system32\26977hacz9ool195.bin
c:\windows\system32\26z76hac9tool77c5.dll
c:\windows\system32\27189not-a-vir5s94z.dll
c:\windows\system32\27365spyz39.ocx
c:\windows\system32\27519worm29z.bin
c:\windows\system32\27903hzcktool5265.cpl
c:\windows\system32\27998spamzot4b95.cpl
c:\windows\system32\28205spaz5ot984.bin
c:\windows\system32\28459hac5zool5ed.cpl
c:\windows\system32\28619zorm551.cpl
c:\windows\system32\28894spy56z.exe
c:\windows\system32\28cdaddwa591z11.exe
c:\windows\system32\28z7w5rm6a19.exe
c:\windows\system32\29030sp9m5ot7zd.dll
c:\windows\system32\29103spa5bot797z.ocx
c:\windows\system32\2912sparze5176.dll
c:\windows\system32\29333wo5mzd8.bin
c:\windows\system32\2945zspy35b.dll
c:\windows\system32\295975pamzot2d9.cpl
c:\windows\system32\296005ormz2.exe
c:\windows\system32\299zdownloa9er405.dll
c:\windows\system32\2a9zv5r395.dll
c:\windows\system32\2b9tzreat8558.exe
c:\windows\system32\2bfbaz95oor1567.ocx
c:\windows\system32\2e02downl5aze91608.ocx
c:\windows\system32\2e2est9zl15945.bin
c:\windows\system32\2ec89zdware5678.ocx
c:\windows\system32\2ez0thief5559.exe
c:\windows\system32\2z455spambot9fd5.bin
c:\windows\system32\2z993spy15f.exe
c:\windows\system32\30035zpyac9.ocx
c:\windows\system32\305689irus606z.exe
c:\windows\system32\3091z5ambot507.dll
c:\windows\system32\30e5spywzr93162.cpl
c:\windows\system32\30z05spambot789.exe
c:\windows\system32\31065ha9ktzol225.ocx
c:\windows\system32\31504sz9mbot779.bin
c:\windows\system32\31527tro95z2.ocx
c:\windows\system32\319135ackt9olze8.cpl
c:\windows\system32\31959troj5z5.dll
c:\windows\system32\31z70wo95600.dll
c:\windows\system32\32567zac9toolc0.dll
c:\windows\system32\3265spywa9e612z.exe
c:\windows\system32\32z42worm5295.bin
c:\windows\system32\33a5zi91245.ocx
c:\windows\system32\34195hreatz0607.cpl
c:\windows\system32\3463downlza9er24225.bin
c:\windows\system32\3515th9ez95.dll
c:\windows\system32\3537dow9lozder5056.cpl
c:\windows\system32\3546spyw9re1054z.dll
c:\windows\system32\354edow5l9zder880.bin
c:\windows\system32\354eth9eatz6191.dll
c:\windows\system32\358spyware293z.dll
c:\windows\system32\37f4bac5zoor10869.bin
c:\windows\system32\38c5spzrse2979.bin
c:\windows\system32\38z59hief2036.bin
c:\windows\system32\3900sparsez514.ocx
c:\windows\system32\394avir54z6.cpl
c:\windows\system32\3964zsp5mbot693.bin
c:\windows\system32\398downloadez2745.dll
c:\windows\system32\3a2cback5oor43z9.bin
c:\windows\system32\3b0zspy95re3256.bin
c:\windows\system32\3bb3za95door3190.dll
c:\windows\system32\3bz0vir95505.exe
c:\windows\system32\3f8f5parse792z.cpl
c:\windows\system32\41afz59199.bin
c:\windows\system32\42fzdownloade95904.dll
c:\windows\system32\4413st5zl3049.dll
c:\windows\system32\4569spyzare2399.bin
c:\windows\system32\459csparse2z96.cpl
c:\windows\system32\45b6vir9z65.cpl
c:\windows\system32\45e5sparsez94.cpl
c:\windows\system32\4697spy5ez.ocx
c:\windows\system32\473spz5se19169.dll
c:\windows\system32\475bbackdoz91415.cpl
c:\windows\system32\47a2t9r5at10z26.cpl
c:\windows\system32\47z3thr9a5996.dll
c:\windows\system32\4b58addwz9e1632.bin
c:\windows\system32\4b5bad9wzre963.exe
c:\windows\system32\4d1bsteal6z95.dll
c:\windows\system32\4d35vzr9223.bin
c:\windows\system32\4edz5ddware16919.cpl
c:\windows\system32\4f795ir2960z.bin
c:\windows\system32\4f94vir158z.bin
c:\windows\system32\4ff9add59ze2387.cpl
c:\windows\system32\4z09thr5at3058.exe
c:\windows\system32\4z5fbackdo9r1273.bin
c:\windows\system32\4z9fvi52244.ocx
c:\windows\system32\4zd9th5ef1134.cpl
c:\windows\system32\50192zacktool5fd9.dll
c:\windows\system32\5039hacktozl20d5.exe
c:\windows\system32\509e9pywzre1608.ocx
c:\windows\system32\5124szarse23595.ocx
c:\windows\system32\5168t9rezt4974.bin
c:\windows\system32\51737not-z-virus795.cpl
c:\windows\system32\5197z5ckdo9r1026.exe
c:\windows\system32\51d5zpy9are1608.bin
c:\windows\system32\51z6thr5at90564.exe
c:\windows\system32\5241ztea9855.cpl
c:\windows\system32\52428spamzot5f9.dll
c:\windows\system32\529athiefz092.ocx
c:\windows\system32\52z29trojb9.ocx
c:\windows\system32\53110hackzool9ec.bin
c:\windows\system32\53z5thie91594.bin
c:\windows\system32\54b85ackdooz1998.bin
c:\windows\system32\550z7virus692.bin
c:\windows\system32\5519spywzre2309.bin
c:\windows\system32\5538thz9f1925.dll
c:\windows\system32\55475roz12c9.exe
c:\windows\system32\5556vzrus298.dll
c:\windows\system32\558abackdoor90z6.ocx
c:\windows\system32\55974wormz72.exe
c:\windows\system32\5597spar5z3274.ocx
c:\windows\system32\55e1z9ief20965.dll
c:\windows\system32\55z3spy6389.exe
c:\windows\system32\562znot-a-v9rus6b5.bin
c:\windows\system32\56885pamb9tz5e.bin
c:\windows\system32\569cbzckdoo92777.bin
c:\windows\system32\56b9downlo9derz557.ocx
c:\windows\system32\5723ad9war5727z.exe
c:\windows\system32\57525o9mz.bin
c:\windows\system32\5839trzj497.ocx
c:\windows\system32\58683wozm3419.bin
c:\windows\system32\5889addwa5z1812.ocx
c:\windows\system32\5905trojz5f9.ocx
c:\windows\system32\5911down5oadez3160.ocx
c:\windows\system32\59369irz5217.exe
c:\windows\system32\5955trzj50e.cpl
c:\windows\system32\59f0vir284z9.ocx
c:\windows\system32\59z7thi9f719.cpl
c:\windows\system32\5a9fbackdoor1410z.dll
c:\windows\system32\5b9zthrea58773.exe
c:\windows\system32\5bcfsteal93z4.dll
c:\windows\system32\5dzfthr5at99410.exe
c:\windows\system32\5eeedownzoader4059.cpl
c:\windows\system32\5ef3spy5arz8089.ocx
c:\windows\system32\5fbds9eaz19765.bin
c:\windows\system32\5fcdzhre9t32256.exe
c:\windows\system32\5z357spa9bot4a7.ocx
c:\windows\system32\5z898s9ambot4ec.bin
c:\windows\system32\614ebackdoo9z025.bin
c:\windows\system32\61z5virus595.cpl
c:\windows\system32\62545ozm1549.cpl
c:\windows\system32\6352backzoor5392.cpl
c:\windows\system32\63afsp59are206z.bin
c:\windows\system32\6541t5reatz9244.exe
c:\windows\system32\659doz5loader1693.exe
c:\windows\system32\659zhreat249675.exe
c:\windows\system32\659zthreat4765.exe
c:\windows\system32\662eba9kdoor3z5.exe
c:\windows\system32\6777vi59s3z5.exe
c:\windows\system32\6920down9oazer1504.cpl
c:\windows\system32\692fthie5349z.exe
c:\windows\system32\6949addwaze559.exe
c:\windows\system32\69zfbackdo5r1117.cpl
c:\windows\system32\6a4zsteal1095.exe
c:\windows\system32\6b95th5eatz4558.dll
c:\windows\system32\6c4dzackdoor5090.ocx
c:\windows\system32\6d92sze5l1305.exe
c:\windows\system32\6e09thzeat13245.exe
c:\windows\system32\6fz1d5wnl9ader2546.bin
c:\windows\system32\6z3fvir30529.bin
c:\windows\system32\6z4dbac5do9r931.ocx
c:\windows\system32\6zd5down9oader1325.bin
c:\windows\system32\6ze3ba5kdo9r1170.ocx
c:\windows\system32\7059nzt-a-vir9s7df.cpl
c:\windows\system32\71295ac9tool1c1z.bin
c:\windows\system32\723dt5rzat19845.bin
c:\windows\system32\7334sz9605.ocx
c:\windows\system32\738dbaczd5or1896.cpl
c:\windows\system32\7516hazkto9l254.bin
c:\windows\system32\75f2z9arse1358.cpl
c:\windows\system32\75zc5ir9715.bin
c:\windows\system32\7655virz945.bin
c:\windows\system32\76699o5z4ce.bin
c:\windows\system32\7795roz560.cpl
c:\windows\system32\783spzw9re2756.bin
c:\windows\system32\791zvir5479.bin
c:\windows\system32\7988s9y5zre455.dll
c:\windows\system32\79fabackd5orz0.dll
c:\windows\system32\7a82stzal5869.cpl
c:\windows\system32\7b71downlozd5r9921.bin
c:\windows\system32\7bf1back59oz1960.exe
c:\windows\system32\7c78dzwnlo9de51993.bin
c:\windows\system32\7d955hrezt2542.dll
c:\windows\system32\7dz5v9r1906.dll
c:\windows\system32\7ees95zare1612.ocx
c:\windows\system32\7z2f5pyware15239.ocx
c:\windows\system32\7z6bbackd5or3975.exe
c:\windows\system32\7zc9thr5at9189.bin
c:\windows\system32\7zcbaddwa5e2099.exe
c:\windows\system32\7zddsp9rse2580.bin
c:\windows\system32\8090spaz5ot496.dll
c:\windows\system32\81859pyaz.bin
c:\windows\system32\8456wo9z183.exe
c:\windows\system32\8463n95za-virus2c8.exe
c:\windows\system32\88z9ddware1599.ocx
c:\windows\system32\89975rzj4f9.bin
c:\windows\system32\8z65worm9c.dll
c:\windows\system32\901005py13z.dll
c:\windows\system32\9030vizus579.ocx
c:\windows\system32\90fds5azse1557.bin
c:\windows\system32\91255pambot242z.dll
c:\windows\system32\91499hacktoolz65.cpl
c:\windows\system32\915ztroj642.dll
c:\windows\system32\9287not-azvirus5959.bin
c:\windows\system32\92asteal3z5.cpl
c:\windows\system32\94f4spazse5450.bin
c:\windows\system32\95055trzj315.bin
c:\windows\system32\95107sp5mbot4z7.cpl
c:\windows\system32\9518sparse24z3.bin
c:\windows\system32\952wz9m104.exe
c:\windows\system32\9559hreat16205z.dll
c:\windows\system32\955avir263z.bin
c:\windows\system32\95a9thief1081z.bin
c:\windows\system32\95e6vir82z.bin
c:\windows\system32\95f2virz527.bin
c:\windows\system32\95z6spy399.ocx
c:\windows\system32\95z9spa9bot56c.ocx
c:\windows\system32\965ezparse5411.cpl
c:\windows\system32\9680h5ckzool7d69.cpl
c:\windows\system32\96dfth5ef240z.cpl
c:\windows\system32\98380troj5zc5.cpl
c:\windows\system32\9872vizus456.cpl
c:\windows\system32\9895hackt5oz99a.exe
c:\windows\system32\98z55not-a-virus34.bin
c:\windows\system32\9a3ethizf2561.dll
c:\windows\system32\9b38backd5or20z.bin
c:\windows\system32\9czasp5ware2221.exe
c:\windows\system32\9d35backzoor2750.cpl
c:\windows\system32\9eb95ir1188z.bin
c:\windows\system32\9eedspar5z1258.ocx
c:\windows\system32\9f18spy5arez52.exe
c:\windows\system32\9z0155acktool78c.exe
c:\windows\system32\9z0855roj94.bin
c:\windows\system32\9z0backdoor8135.ocx
c:\windows\system32\9z92not-a-virus559.cpl
c:\windows\system32\a95download9z2504.bin
c:\windows\system32\ac7th5ez913673.exe
c:\windows\system32\ad8downloade9z54.dll
c:\windows\system32\c5es59al24z1.ocx
c:\windows\system32\c75zd9ware4915.bin
c:\windows\system32\d9ddownlo5zer1119.cpl
c:\windows\system32\d9dsp9zse27555.bin
c:\windows\system32\d9zstea51104.ocx
c:\windows\system32\e59downloaderz827.exe
c:\windows\system32\f159hreat1718z.dll
c:\windows\system32\f20thre9t15598z.cpl
c:\windows\system32\z0536h9cktool7c8.ocx
c:\windows\system32\z05eth9ef232.cpl
c:\windows\system32\z152t59j534.cpl
c:\windows\system32\z17dthr9at24995.exe
c:\windows\system32\z186threat9854.exe
c:\windows\system32\z195ackdoor348.ocx
c:\windows\system32\z30t95ef446.bin
c:\windows\system32\z3471spy9b5.cpl
c:\windows\system32\z449backdoor15355.bin
c:\windows\system32\z53dthi9f658.exe
c:\windows\system32\z5545hacktool589.cpl
c:\windows\system32\z556vir20579.exe
c:\windows\system32\z6509wo5m424.bin
c:\windows\system32\z83esteal9567.dll
c:\windows\system32\z84059ief2580.cpl
c:\windows\system32\z9173w5rm19b.dll
c:\windows\system32\z93vir3504.dll
c:\windows\system32\za949ackdo5r45.bin
c:\windows\system32\zad8spy9ar51113.ocx
c:\windows\system32\zce1downloader9593.dll
c:\windows\system32\zd4csp9rs55.cpl
c:\windows\system32\zdc59hreat30889.exe
c:\windows\system32\zea5threat29973.exe
c:\windows\system32\zef5vir1729.ocx
c:\windows\z3787spa5b9t3fe.dll
c:\windows\z45099orm7c7.dll
c:\windows\z4829troj58c.bin
c:\windows\z522not-a-viru5d69.ocx
c:\windows\z551s9yware428.cpl
c:\windows\z555w9rm701.bin
c:\windows\z698thie52951.exe
c:\windows\z6a5s9arse1588.cpl
c:\windows\z745worm942.dll
c:\windows\z7c59d5ware2453.dll
c:\windows\z9382ha5ktoolde.cpl
c:\windows\z9554v9r5s5c5.cpl
c:\windows\z95dvir481.bin
c:\windows\z9970spambot4a5.dll
c:\windows\zc245teal2879.cpl
c:\windows\zce2s5ea914.dll
c:\windows\zd8b5teal16749.cpl
c:\windows\zf59backdoor558.bin

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 11:48 . 2010-05-16 11:48 -------- d-----w- c:\windows\LastGood
2010-05-16 11:48 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\89861832.sys
2010-05-16 11:48 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\8986183.sys
2010-05-16 11:48 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\89861831.sys
2010-05-16 05:35 . 2010-05-16 05:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-05-15 17:33 . 2010-05-16 08:02 7168 ----a-w- c:\windows\system32\drivers\uti3mtk2.sys
2010-05-15 15:36 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\2152973.sys
2010-05-14 16:01 . 2010-05-14 16:01 -------- d-----w- c:\windows\system32\drivers\NSS
2010-05-14 16:01 . 2010-05-14 16:01 -------- d-----w- c:\program files\Norton Security Scan
2010-05-12 04:00 . 2010-05-12 04:00 -------- d--h--w- c:\windows\$hf_mig$
2010-05-06 17:22 . 2010-05-06 17:22 -------- d-----r- c:\documents and settings\J-O-H-N-Y\Nabídka Start
2010-05-06 16:23 . 2010-03-30 21:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-05-02 19:33 . 2010-05-02 19:35 7562568 ----a-w- c:\program files\Opera_964_int_Setup.exe
2010-05-02 08:27 . 2010-05-02 08:32 13019280 ----a-w- C:\Opera_1053_int_Setup.exe
2010-04-27 10:33 . 2010-04-27 10:33 -------- d-----w- c:\program files\1C Company
2010-04-21 08:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 15:30 . 2001-10-24 10:25 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-04-17 15:30 . 2001-10-24 10:25 99328 ----a-w- c:\windows\system32\srusd.dll
2010-04-17 15:30 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-04-17 15:30 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-04-17 15:30 . 2001-10-24 10:24 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-04-17 15:30 . 2001-10-24 10:24 71680 ----a-w- c:\windows\system32\fnfilter.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 07:51 . 2006-03-02 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 07:51 . 2006-03-02 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 19:12 . 2009-12-20 15:43 -------- d-----w- c:\program files\Activision
2010-05-06 17:51 . 2007-02-09 14:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-06 17:05 . 2009-11-15 05:22 -------- d-----w- c:\program files\HottieStar Toolbar
2010-05-06 04:27 . 2010-05-06 04:27 2136885 ----a-w- c:\program files\kluci 034.jpg
2010-05-02 20:03 . 2009-05-25 19:31 -------- d-----w- c:\program files\Opera
2010-04-11 15:30 . 2009-09-01 14:27 -------- d-----w- c:\program files\DivX
2010-04-02 09:04 . 2006-12-23 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 09:04 . 2010-04-02 09:04 -------- d-----w- c:\program files\Rockstar Games
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 16:05 . 2010-02-22 16:05 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-02-17 12:09 . 2006-03-02 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-07-24 16:46 . 2008-07-24 16:45 455966 -c--a-w- c:\program files\cc_20080724_1845.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\T-o-m-a-s\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-6-28 393216]

c:\documents and settings\J-O-H-N-Y\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_16.05.2010_13-27.lnk - c:\documents and settings\J-O-H-N-Y\Plocha\Virus Removal Tool\setup_9.0.0.722_16.05.2010_13-27\startup.exe [2010-5-16 72208]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-2-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-22 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^J-O-H-N-Y^Nabídka Start^Programy^Po spuštění^VirtuaGirl HD.LNK]
path=c:\documents and settings\J-O-H-N-Y\Nabídka Start\Programy\Po spuštění\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Simon and Schuster\\Real War Rogue States\\rsclient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15278:TCP"= 15278:TCP:*:Disabled:BitComet 15278 TCP
"15278:UDP"= 15278:UDP:*:Disabled:BitComet 15278 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)

R0 89861832;89861832 Boot Guard Driver;c:\windows\system32\drivers\89861832.sys [16.5.2010 13:48 37392]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [3.2.2010 19:13 310320]
R1 89861831;89861831;c:\windows\system32\drivers\89861831.sys [16.5.2010 13:48 128016]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [3.2.2010 19:13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [3.2.2010 19:12 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [8.5.2010 6:02 329592]
R1 setup_9.0.0.722_16.05.2010_13-27drv;setup_9.0.0.722_16.05.2010_13-27drv;c:\windows\system32\drivers\8986183.sys [16.5.2010 13:48 315408]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6.5.2010 18:23 20968]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 13:49 222456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [3.2.2010 19:13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.5.2010 7:54 102448]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [23.12.2006 21:39 115968]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 uti3mtk2;AVZ Kernel Driver;c:\windows\system32\drivers\uti3mtk2.sys [15.5.2010 19:33 7168]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - 89861831
*NewlyCreated* - 89861832
*NewlyCreated* - SETUP_9.0.0.722_16.05.2010_13-27DRV
*Deregistered* - fxtdypog
.
Obsah adresáře 'Naplánované úlohy'

2010-05-14 c:\windows\Tasks\Norton Security Scan for J-O-H-N-Y.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 16:01]

2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{3EBC8E45-B673-409E-B6A8-39CD28DB869A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-05-16 c:\windows\Tasks\User_Feed_Synchronization-{D16A776A-452B-4C18-A5F6-B3F8C0AF5170}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=OstrichRunner&utm_medium=start
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {ABD1FD42-0011-486C-A9D8-08698785EC69} = 10.0.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\J-O-H-N-Y\Data aplikací\Mozilla\Firefox\Profiles\n4u7d9kw.default\
FF - prefs.js: browser.search.selectedEngine - HottieStar Toolbar
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://ho ... inder.com/
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\9.bin\MWSBAR.DLL
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 17:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-2000478354-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-05-16 17:27:26
ComboFix-quarantined-files.txt 2010-05-16 15:27

Před spuštěním: Volných bajtů: 38 088 949 760
Po spuštění: Volných bajtů: 38 787 604 480

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AB00C697B4D30B3266DA39FFA29B0EE4

To byla sbirka

pokud jste tak jeste neucinil(a), presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou funkcni konfiguraci

zdravím ,žádné okno nenaskakuje ,akorát se znovu spustí Combofix.celý proces.

Jak okno?

Proste ulozte text,co jsem sem napsal zelene jako textovy soubor s nazvem CFScript.txt a pretahnete jej nad ikonu ComboFixu.

Az probehne sken,pak z nej vlozte log.

ComboFix 10-05-15.03 - J-O-H-N-Y 21.05.2010 6:15.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.593 [GMT 2:00]
Spuštěný z: c:\documents and settings\J-O-H-N-Y\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J-O-H-N-Y\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Vytvořen nový Bod Obnovení

file zipped: c:\windows\system32\drivers\2152973.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\2152973.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_89861831
-------\Legacy_89861832


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-16 05:35 . 2010-05-16 05:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-05-15 17:33 . 2010-05-16 08:02 7168 ----a-w- c:\windows\system32\drivers\uti3mtk2.sys
2010-05-14 16:01 . 2010-05-14 16:01 -------- d-----w- c:\windows\system32\drivers\NSS
2010-05-14 16:01 . 2010-05-14 16:01 -------- d-----w- c:\program files\Norton Security Scan
2010-05-12 04:00 . 2010-05-12 04:00 -------- d--h--w- c:\windows\$hf_mig$
2010-05-06 17:22 . 2010-05-06 17:22 -------- d-----r- c:\documents and settings\J-O-H-N-Y\Nabídka Start
2010-05-06 16:23 . 2010-03-30 21:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-05-02 19:33 . 2010-05-02 19:35 7562568 ----a-w- c:\program files\Opera_964_int_Setup.exe
2010-05-02 08:27 . 2010-05-02 08:32 13019280 ----a-w- C:\Opera_1053_int_Setup.exe
2010-04-27 10:33 . 2010-04-27 10:33 -------- d-----w- c:\program files\1C Company
2010-04-21 08:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 07:51 . 2006-03-02 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 07:51 . 2006-03-02 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 19:12 . 2009-12-20 15:43 -------- d-----w- c:\program files\Activision
2010-05-06 17:51 . 2007-02-09 14:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-06 17:05 . 2009-11-15 05:22 -------- d-----w- c:\program files\HottieStar Toolbar
2010-05-06 04:27 . 2010-05-06 04:27 2136885 ----a-w- c:\program files\kluci 034.jpg
2010-05-02 20:03 . 2009-05-25 19:31 -------- d-----w- c:\program files\Opera
2010-04-11 15:30 . 2009-09-01 14:27 -------- d-----w- c:\program files\DivX
2010-04-02 09:04 . 2006-12-23 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 09:04 . 2010-04-02 09:04 -------- d-----w- c:\program files\Rockstar Games
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 16:05 . 2010-02-22 16:05 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-07-24 16:46 . 2008-07-24 16:45 455966 -c--a-w- c:\program files\cc_20080724_1845.reg
.

((((((((((((((((((((((((((((( SnapShot@2010-05-16_15.23.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-21 03:01 . 2010-05-21 03:01 16384 c:\windows\Temp\Perflib_Perfdata_84.dat
+ 2010-05-21 04:22 . 2010-05-21 04:22 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\T-o-m-a-s\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-6-28 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-2-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-22 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^J-O-H-N-Y^Nabídka Start^Programy^Po spuštění^VirtuaGirl HD.LNK]
path=c:\documents and settings\J-O-H-N-Y\Nabídka Start\Programy\Po spuštění\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Simon and Schuster\\Real War Rogue States\\rsclient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15278:TCP"= 15278:TCP:*:Disabled:BitComet 15278 TCP
"15278:UDP"= 15278:UDP:*:Disabled:BitComet 15278 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [3.2.2010 19:13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [3.2.2010 19:13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [3.2.2010 19:12 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [18.5.2010 5:08 329592]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6.5.2010 18:23 20968]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 13:49 222456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [3.2.2010 19:13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.5.2010 7:54 102448]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [23.12.2006 21:39 115968]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 uti3mtk2;AVZ Kernel Driver;c:\windows\system32\drivers\uti3mtk2.sys [15.5.2010 19:33 7168]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-16 c:\windows\Tasks\Norton Security Scan for J-O-H-N-Y.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 16:01]

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{3EBC8E45-B673-409E-B6A8-39CD28DB869A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{D16A776A-452B-4C18-A5F6-B3F8C0AF5170}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=OstrichRunner&utm_medium=start
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {ABD1FD42-0011-486C-A9D8-08698785EC69} = 10.0.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\J-O-H-N-Y\Data aplikací\Mozilla\Firefox\Profiles\n4u7d9kw.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 06:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-2000478354-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2868)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\E_S00RP1.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-21 06:27:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-21 04:27
ComboFix2.txt 2010-05-16 15:27

Před spuštěním: Volných bajtů: 38 799 216 640
Po spuštění: Volných bajtů: 38 671 532 032

- - End Of File - - 8F30C61B420EC26D12B35E810FDEBCA8

otestujte na VIRUSTOTALu

c:\windows\system32\drivers\uti3mtk2.sys

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Toto mate v pc predpokladam umyslne - c:\documents and settings\J-O-H-N-Y\Nabídka Start\Programy\Po spuštění\VirtuaGirl HD.LNK

Jak se chova pc ted?