Prosím o kontrolu logu

[tom678]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Stáňa at 2010-07-24 21:31:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (20%) free of 50 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:31:54, on 24.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WinFast\WFDTV\DVBTAP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stáňa\Local Settings\Temporary Internet Files\Content.IE5\XKDPKQTQ\RSIT[1].exe
C:\Program Files\trend micro\Stáňa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.icq.com/icq2go/flicq.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Stáňa\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Stáňa\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-746137067-1659004503-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-746137067-1659004503-682003330-1007\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca598260530bda) (gupdate1ca598260530bda) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14852 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Stáňa\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-12 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{07B18EA9-A523-4961-B6BB-170DE4475CCA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"GrooveMonitor"=C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-05-08 1800464]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-06-29 1990704]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe
VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-06-09 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-12-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\Stáňa\Plocha\kinomania-bittorrent.exe"="C:\Documents and Settings\Stáňa\Plocha\kinomania-bittorrent.exe:*:Disabled:Kinomania-Bittorrent Torrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Documents and Settings\Stáňa\Plocha\My Mobile\MyMobiler\MyMobiler.exe"="C:\Documents and Settings\Stáňa\Plocha\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:Remote Mobile Module"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\CrossLoop\CrossLoopConnect.exe"="C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\z2 Remote2PC\R2PCServ.exe"="C:\Program Files\z2 Remote2PC\R2PCServ.exe:*:Enabled:z2 Remote2PC Server"
"C:\Program Files\z2 Remote2PC\R2PCCln.exe"="C:\Program Files\z2 Remote2PC\R2PCCln.exe:*:Enabled:z2 Remote2PC Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic - Homecinema"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-24 13:26:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

======List of files/folders modified in the last 1 months======

2010-07-24 21:31:54 ----D---- C:\WINDOWS\Temp
2010-07-24 21:31:51 ----D---- C:\Program Files\trend micro
2010-07-24 21:31:08 ----D---- C:\WINDOWS\Prefetch
2010-07-24 21:29:50 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-24 20:02:26 ----D---- C:\Program Files\FlashGet
2010-07-24 20:01:48 ----D---- C:\Documents and Settings\Stáňa\Data aplikací\ICQ
2010-07-24 20:00:32 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 20:00:13 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-24 19:58:21 ----SD---- C:\WINDOWS\Tasks
2010-07-24 19:58:11 ----A---- C:\WINDOWS\win.ini
2010-07-24 19:56:50 ----D---- C:\WINDOWS
2010-07-24 19:56:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-24 16:09:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-24 13:52:42 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2010-07-24 13:44:45 ----D---- C:\WINDOWS\system32
2010-07-24 13:39:31 ----D---- C:\Program Files\Alwil Software
2010-07-24 13:27:58 ----SHD---- C:\WINDOWS\Installer
2010-07-24 13:27:57 ----HD---- C:\Config.Msi
2010-07-24 13:27:57 ----D---- C:\WINDOWS\WinSxS
2010-07-24 12:38:26 ----D---- C:\Program Files\LogMeIn
2010-06-28 22:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-25 19:29:31 ----D---- C:\Program Files\Opera
2010-06-25 18:59:00 ----D---- C:\Program Files\Star Downloader
2010-06-25 18:57:51 ----D---- C:\Download

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-05-08 87104]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-06-24 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-12-27 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-05-08 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-05-08 25160]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WFLR6654;WinFast DTV1800 H (Video); C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S3 ay551gbq;ay551gbq; C:\WINDOWS\system32\drivers\ay551gbq.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-12-27 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-12-27 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-05-08 723632]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-09-22 69632]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-06-09 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 gupdate1ca598260530bda;Služba Google Update (gupdate1ca598260530bda); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Hezký podvečer
Něco tam vidím


spusťte přejmenované HJT C:\Program Files\trend micro\Stáňa.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.icq.com/icq2go/flicq.html
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.



Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[tom678]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4376

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1.8.2010 13:32:10
mbam-log-2010-08-01 (13-32-10).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 236882
Uplynulý čas: 57 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
LOG Z MBAM


Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
D:\download\PopularScreensaversSetup2.3.50.49.ZRfox000.exe (Adware.MyWebSearch) -> No action taken.

[motji]

Tyto dva soubory otestujte na www.virustotal.com
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\riched20.dll
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[tom678]

PRVNI SOUBOR:C:\Program Files\Windows Live\Messenger\msimg32.dll

Soubor msimg32.dll přijatý 2010.08.03 18:35:00 (UTC)
Současný stav: Dokončeno
Výsledek: 12/42 (28.57%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 AdTool/Win32.MyWebSearch.gen
Authentium 5.2.0.5 2010.08.03 W32/Adware.ABWR
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5631 2010.08.03 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.03 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 W32/Adware.ABWR
F-Secure 9.0.15370.0 2010.08.03 Adware:W32/FunWeb.B
Fortinet 4.1.143.0 2010.08.02 Adware/MyWebSearch
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 MWS
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 Win32/Toolbar.MyWebSearch
Norman 6.05.11 2010.08.03 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 Low Risk Adware
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6679 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 Adware.MyWebSearch/FunWebProducts
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.330 2010.08.03 Aplicacion/MyWebSearch.cv
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 Adware.MyWebSearch.28672
VirusBuster 5.0.27.0 2010.08.03 Adware.Agent.IOLL
Rozšiřující informace
File size: 28672 bytes
MD5 : 1375586480385cfdd91a0f27b2e28f3e
SHA1 : 511defd57d3b3d083697039b7cab9d1fff1f3c72
SHA256: 36f6ecf4ceee2a36cdba179cddad42e8dbaae8d8346c87e66222324ea2f1708a
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1260
timedatestamp.....: 0x481F3128 (Mon May 5 18:09:12 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11A0 0x2000 4.02 27b2399656dbd4995de7c12e68a97297
.rdata 0x3000 0x409 0x1000 1.72 9fbd3a37929ee8f4d3df722831bcdd23
.data 0x4000 0x3EE 0x1000 1.31 d5d7b3525616aa8009e61dc9bbe18ad9
.rsrc 0x5000 0x3B0 0x1000 0.98 54ff2dc8f33c483c8001be36ee7ccf40
.reloc 0x6000 0x27A 0x1000 1.20 e2b9ad57d39a28398b2ff690aed03f47

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 27b2e28f3e
ssdeep: 192:IlEyEE7ghocm4eaY5MHXBZam9tUV0nHU01E2ycoe:4Io6eL5MLam9tUkU+zyJe
sigcheck: publisher....: FunWebProducts.com
copyright....: Copyright (c) 2006, 2007, 2008
product......: Smiley Central
description..: Smiley Central MSN and IE GDI Ext DLL
original name: f3IMStub.dll
internal name: f3IMStub
file version.: 1, 0, 0, 6
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 00A2B1A00F
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 27b2e28f3e
RDS : NSRL Reference Data Set




DRUHY SOUBOR:C:\Program Files\Windows Live\Messenger\riched20.dll
Soubor riched20.dll přijatý 2010.08.03 18:39:40 (UTC)
Současný stav: Dokončeno
Výsledek: 13/42 (30.95%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.03.00 2010.08.03 Win-Adware/MyWebSearch.24576.C
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 AdTool/Win32.MyWebSearch.gen
Authentium 5.2.0.5 2010.08.03 W32/Adware.ABWS
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5631 2010.08.03 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.03 Adware.Win32.MyWebSearch!A2
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 W32/Adware.ABWS
F-Secure 9.0.15370.0 2010.08.03 Adware:W32/FunWeb.B
Fortinet 4.1.143.0 2010.08.02 Adware/MyWebSearch
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 Win32/Toolbar.MyWebSearch
Norman 6.05.11 2010.08.03 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 Low Risk Adware
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6679 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 Adware.MyWebSearch/FunWebProducts
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.330 2010.08.03 Aplicacion/MyWebSearch.cj
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 Adware.MyWebSearch.245760.E
VirusBuster 5.0.27.0 2010.08.03 Adware.Agent.JPLC
Rozšiřující informace
File size: 24576 bytes
MD5 : c4ff418909d55a7744b04774a83135c9
SHA1 : 2489008ef2e8fb7a3bdf6014d4488d01629c7034
SHA256: 76adc93b3153ccd4ab6f692d78013cb75842f741168a6de5adee56c23748b7a3
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x46058EAF (Sat Mar 24 21:48:47 2007)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3FB 0x1000 2.06 ba1812dd7e6a315ab7af13d1cc5a3603
.rdata 0x2000 0x39D 0x1000 1.60 84ff216845fbbc763a2ef07097c8f81f
.data 0x3000 0x1A5 0x1000 0.45 450b79c78efa9a1d16507e0335d1a017
.rsrc 0x4000 0x3A8 0x1000 0.97 0f21b1113854b30539d83564a6e9a729
.reloc 0x5000 0x12C 0x1000 0.26 5b06f85996c05ce55fa7c583e0ef1168

( 2 imports )

> advapi32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> kernel32.dll: LoadLibraryExA, lstrcatA, GetSystemDirectoryA, FreeLibrary, GetProcAddress, lstrlenA, HeapFree, GetProcessHeap, DeleteCriticalSection, GetModuleFileNameA, InitializeCriticalSection

( 1 exports )

> CreateTextServices, IID_IRichEditOle, IID_IRichEditOleCallback, IID_ITextHost, IID_ITextHost2, IID_ITextServices, REExtendedRegisterClass, RichEdit10ANSIWndProc, RichEditANSIWndProc
TrID : File type identification
42.3% (.EXE) Win32 Executable Generic (8527/13/3)
37.6% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
9.9% (.EXE) Generic Win/DOS Executable (2002/3)
9.9% (.EXE) DOS Executable Generic (2000/1)
0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 74a83135c9
ssdeep: 48:SEygP1vvEC1PYzWZwU3FoNzfRcIwxU5d3uywxQSD1It40VqXDY27:TElzWtqNzfRcIwxU50ywxQyO40sXcM
sigcheck: publisher....: FunWebProducts.com
copyright....: Copyright (c) 2003,2004,2005
product......: Smiley Central
description..: Smiley Central MSN Rich Edit DLL
original name: f3REStub.dll
internal name: f3REStub
file version.: 1, 0, 0, 9
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 009C286D4E
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 74a83135c9
RDS : NSRL Reference Data Set

[motji]

Co našel mbam, smažte.
Jak to vypadá s počítačem?

[tom678]

tyhle soubory jsem manualne smazal:

C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
D:\download\PopularScreensaversSetup2.3.50.49.ZRfox000.exe (Adware.MyWebSearch) -> No action taken.

akorat si nejsem jist, zda jsem to nemel mazat pomoci mbam zatim

[motji]

Klidně i ručně

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[tom678]

ComboFix 10-08-04.05 - Stáňa 05.08.2010 17:50:06.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1531 [GMT 2:00]
Spuštěný z: c:\documents and settings\Stáňa\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\windows\system32\Cache
c:\windows\system32\Dvbpws.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-05 do 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-05 15:40 . 2010-08-05 12:48 -------- d-----w- C:\32788R22FWJFW
2010-08-01 10:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 10:16 . 2010-08-01 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 10:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 09:55 . 2010-08-01 09:55 -------- d-----w- c:\program files\CCleaner
2010-07-24 11:27 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 15:41 . 2008-08-23 18:00 -------- d-----w- c:\program files\FlashGet
2010-08-05 09:35 . 2009-03-15 12:49 -------- d-----w- c:\program files\LogMeIn
2010-08-01 09:30 . 2010-05-08 20:48 -------- d-----w- c:\program files\trend micro
2010-07-24 11:39 . 2008-03-03 19:48 -------- d-----w- c:\program files\Alwil Software
2010-06-28 20:57 . 2008-03-03 19:48 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-03-03 19:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-21 12:20 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-03-03 19:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-03-03 19:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-03-03 19:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-21 12:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-03-03 19:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 17:29 . 2008-05-20 12:50 -------- d-----w- c:\program files\Opera
2010-06-25 16:59 . 2008-05-23 14:43 -------- d-----w- c:\program files\Star Downloader
2010-06-16 17:01 . 2009-07-22 08:16 -------- d-----w- c:\program files\ICQ6.5
2010-06-09 19:25 . 2009-03-15 12:49 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 19:25 . 2009-03-15 12:49 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 19:25 . 2009-03-15 12:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-08 20:20 . 2009-10-11 11:36 171552 ----a-w- c:\windows\system32\guard32.dll
2010-05-08 20:20 . 2009-10-11 11:36 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-05-08 20:20 . 2009-10-11 11:36 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-05-08 20:20 . 2009-10-11 11:36 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-05 16:34 . 2009-10-15 17:03 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-05-08 1800464]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-3-3 495616]
VisualTaskTips.lnk - c:\program files\VisualTaskTips\VisualTaskTips.exe [2007-9-5 36352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2008-6-15 548864]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 19:25 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"14862:TCP"= 14862:TCP:BitComet 14862 TCP
"14862:UDP"= 14862:UDP:BitComet 14862 UDP

R0 Inspect;COMODO Internet Security Firewall Driver;c:\windows\system32\drivers\inspect.sys [11.10.2009 13:36 87104]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2008 14:20 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11.10.2009 13:36 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.10.2009 13:36 25160]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [5.6.2009 21:32 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [5.6.2009 21:32 51072]
R1 NetworkX;NetworkX;c:\windows\system32\Ckldrv.sys [4.2.2009 6:09 31846]
R1 SCDEmu;SCDEmu;c:\windows\system32\drivers\scdemu.sys [7.7.2008 9:40 56108]
R1 StarOpen;StarOpen;c:\windows\system32\drivers\StarOpen.sys [19.12.2008 21:30 5632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 12:07 61424]
R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [8.5.2010 22:06 113152]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2008 14:20 17744]
R2 Capture Device Service;Capture Device Service;c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe [6.3.2007 10:35 198168]
R2 IISADMIN;Správa služby IIS;c:\windows\system32\inetsrv\inetinfo.exe [3.3.2008 20:54 15872]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [28.3.2010 21:48 153376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 19:46 12856]
R2 LMIMaint;LogMeIn Maintenance Service;c:\program files\LogMeIn\x86\ramaint.exe [16.10.2008 21:35 116104]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [15.3.2009 14:49 47640]
R2 LogMeIn;LogMeIn;c:\program files\LogMeIn\x86\LogMeIn.exe [24.7.2008 19:46 63040]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);c:\windows\system32\inetsrv\inetinfo.exe [3.3.2008 20:54 15872]
R2 UleadBurningHelper;Ulead Burning Helper;c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [3.3.2007 13:48 67056]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 lmimirr;lmimirr;c:\windows\system32\drivers\lmimirr.sys [24.7.2008 19:45 10144]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;c:\windows\system32\drivers\Rtnicxp.sys [3.3.2008 21:26 85120]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [8.5.2009 15:34 405632]
S2 gupdate1ca598260530bda;Služba Google Update (gupdate1ca598260530bda);c:\program files\Google\Update\GoogleUpdate.exe [26.4.2009 11:55 133104]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [15.10.2009 19:28 26736]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [13.8.2008 20:25 654848]
S3 GMSIPCI;GMSIPCI;\??\f:\install\GMSIPCI.SYS --> f:\install\GMSIPCI.SYS [?]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;c:\program files\Microsoft Office 2007\Office12\GrooveAuditService.exe [27.10.2006 1:47 65824]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\drivers\ndisip.sys [21.4.2008 14:17 10880]
S3 NMIndexingService;NMIndexingService;c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe [27.6.2007 20:04 279848]
S3 odserv;Microsoft Office Diagnostics Service;c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [26.10.2006 20:49 441136]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\drivers\slip.sys [21.4.2008 14:17 11136]
S3 usb_rndisx;Adaptér USB RNDIS;c:\windows\system32\drivers\usb8023x.sys [28.3.2008 21:48 12800]
S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [6.11.2006 19:04 28672]
S3 WpdUsb;WpdUsb;c:\windows\system32\drivers\wpdusb.sys [27.12.2007 12:42 38528]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2008 23:41 717296]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 09:55]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 09:55]

2010-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Stáňa\Data aplikací\Mozilla\Firefox\Profiles\o05hhc4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstar.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2064)
c:\program files\RocketDock\RocketDock.dll
c:\program files\FlashGet\fgmgr.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office 2007\Office12\1029\GrooveIntlResource.dll
c:\windows\system32\lameACM.acm
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2010-08-05 18:03:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-05 16:03

Před spuštěním: Volných bajtů: 15 159 918 592
Po spuštění: Volných bajtů: 15 043 297 280

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B2791B12BB0BB7250112E3431058A40A

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

DDS::
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\documents and settings\Stáňa\Data aplikací\Mozilla\Firefox\Profiles\o05hhc4p.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[tom678]

ComboFix 10-08-04.05 - Stáňa 05.08.2010 19:04:12.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1544 [GMT 2:00]
Spuštěný z: c:\documents and settings\Stáňa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Stáňa\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-05 do 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-01 10:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 10:16 . 2010-08-01 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 10:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 09:55 . 2010-08-01 09:55 -------- d-----w- c:\program files\CCleaner
2010-07-24 11:27 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 16:58 . 2008-08-23 18:00 -------- d-----w- c:\program files\FlashGet
2010-08-05 09:35 . 2009-03-15 12:49 -------- d-----w- c:\program files\LogMeIn
2010-08-01 09:30 . 2010-05-08 20:48 -------- d-----w- c:\program files\trend micro
2010-07-24 11:39 . 2008-03-03 19:48 -------- d-----w- c:\program files\Alwil Software
2010-06-28 20:57 . 2008-03-03 19:48 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-03-03 19:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-21 12:20 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-03-03 19:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-03-03 19:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-03-03 19:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-21 12:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-03-03 19:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 17:29 . 2008-05-20 12:50 -------- d-----w- c:\program files\Opera
2010-06-25 16:59 . 2008-05-23 14:43 -------- d-----w- c:\program files\Star Downloader
2010-06-16 17:01 . 2009-07-22 08:16 -------- d-----w- c:\program files\ICQ6.5
2010-06-09 19:25 . 2009-03-15 12:49 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 19:25 . 2009-03-15 12:49 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 19:25 . 2009-03-15 12:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-08 20:20 . 2009-10-11 11:36 171552 ----a-w- c:\windows\system32\guard32.dll
2010-05-08 20:20 . 2009-10-11 11:36 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-05-08 20:20 . 2009-10-11 11:36 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-05-08 20:20 . 2009-10-11 11:36 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-05 16:34 . 2009-10-15 17:03 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_15.58.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-05 17:00 . 2010-08-05 17:00 16384 c:\windows\Temp\Perflib_Perfdata_904.dat
+ 2008-03-03 18:55 . 2010-08-05 17:02 224486 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-03-03 18:55 . 2010-08-05 15:59 224486 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-05-08 1800464]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-3-3 495616]
VisualTaskTips.lnk - c:\program files\VisualTaskTips\VisualTaskTips.exe [2007-9-5 36352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2008-6-15 548864]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 19:25 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"14862:TCP"= 14862:TCP:BitComet 14862 TCP
"14862:UDP"= 14862:UDP:BitComet 14862 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2008 14:20 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11.10.2009 13:36 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.10.2009 13:36 25160]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [5.6.2009 21:32 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [5.6.2009 21:32 51072]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 12:07 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2008 14:20 17744]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 19:46 12856]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [8.5.2009 15:34 405632]
S2 gupdate1ca598260530bda;Služba Google Update (gupdate1ca598260530bda);c:\program files\Google\Update\GoogleUpdate.exe [26.4.2009 11:55 133104]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [15.10.2009 19:28 26736]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2008 23:41 717296]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 09:55]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 09:55]

2010-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Stáňa\Data aplikací\Mozilla\Firefox\Profiles\o05hhc4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstar.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 19:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-08-05 19:13:41
ComboFix-quarantined-files.txt 2010-08-05 17:13
ComboFix2.txt 2010-08-05 16:03

Před spuštěním: Volných bajtů: 15 085 805 568
Po spuštění: Volných bajtů: 15 067 484 160

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 100CA849DC9196B837157A6B59BCD577

[motji]

Jak to vypadá s počítačem?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[tom678]

PC na prvni pohled v dobrem stavu, snad po delsim pouzivani budu chytrejsi, tady je log z mbam :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4376

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5.8.2010 21:41:44
mbam-log-2010-08-05 (21-41-44).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 236495
Uplynulý čas: 1 hodina(y), 6 minuta(y), 36 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{3D9AC0F1-0758-4099-B5F2-16772791E647}\RP429\A0083002.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{3D9AC0F1-0758-4099-B5F2-16772791E647}\RP429\A0083003.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{3D9AC0F1-0758-4099-B5F2-16772791E647}\RP429\A0083004.dll (Adware.MyWebSearch) -> No action taken.
D:\System Volume Information\_restore{3D9AC0F1-0758-4099-B5F2-16772791E647}\RP429\A0083005.exe (Adware.MyWebSearch) -> No action taken.

[motji]

V mbamu můžete vše smazat.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?