VIRY.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:11, on 16.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\supserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\user\Application Data\Microsoft\System\Services\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\user\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: everyflv - {284b9e4d-6373-af8f-4dff-3ffee4ea7af7} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

Fixněte v HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: everyflv - {284b9e4d-6373-af8f-4dff-3ffee4ea7af7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)

Restartujte PC a dejte nový log, tento nebyl kompletní. Jedná se vesměs o zbytečnosti.

Rudy píše:Fixněte v HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: everyflv - {284b9e4d-6373-af8f-4dff-3ffee4ea7af7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)

Restartujte PC a dejte nový log, tento nebyl kompletní. Jedná se vesměs o zbytečnosti.

A teraz pomaly ešte raz - priznám sa som laik, ale ak to napíšete jednoduchými slovami pochopím - takže čo znamená fixnete v hija.... Postup - zreštartovať, ešte raz preskenovať cez hija a ešte raz poslať log, alebo som ešte niečo z postupu preskočila?...

Ták a zamyslela som sa nad obsahom toho čo píšete a skúsila som - možno je toto ten nový log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:43, on 16.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\user\Application Data\Microsoft\System\Services\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\supserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\user\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchingforwebsite.info/search.php?q=%s&a=v14-a
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\Lenka 8\Application Data\Microsoft\System\Services\svchost.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\user\Application Data\Microsoft\System\Services\svchost.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\b32yhgt7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles/b32yhgt7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\user\LOCALS~1\Temp\hpdj.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson PC Companion download service - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\supserv.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 11868 bytes

Budem čakať na odpoved.
Alena

Ještě tam něco zbylo, co nejde fixnout. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Zdravíčko,
vykonané a tu je log testu:
ComboFix 11-06-16.02 - user 17.06.2011 19:57:45.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.751.224 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Lenka 8\Application Data\data.dat
c:\documents and settings\Lenka 8\Application Data\Microsoft\System\Services\svchost.exe
c:\documents and settings\Lenka 8\Application Data\PriceGong
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lenka 8\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lenka 8\Application Data\svchost.exe
c:\documents and settings\Lenka 8\WINDOWS
c:\documents and settings\pali 5\Application Data\data.dat
c:\documents and settings\pali 5\Application Data\Microsoft\System\Services\svchost.exe
c:\documents and settings\pali 5\Application Data\PriceGong
c:\documents and settings\pali 5\Application Data\PriceGong\Data\1.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\a.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\b.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\c.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\d.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\e.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\f.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\g.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\h.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\i.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\J.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\k.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\l.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\m.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\n.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\o.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\p.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\q.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\r.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\s.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\t.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\u.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\v.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\w.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\x.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\y.xml
c:\documents and settings\pali 5\Application Data\PriceGong\Data\z.xml
c:\documents and settings\pali 5\Application Data\svchost.exe
c:\documents and settings\pali 5\WINDOWS
c:\documents and settings\user\Application Data\data.dat
c:\documents and settings\user\Application Data\inst.exe
c:\documents and settings\user\Application Data\Microsoft\System\Services\svchost.exe
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.xml
c:\documents and settings\user\Application Data\PriceGong\Data\a.xml
c:\documents and settings\user\Application Data\PriceGong\Data\b.xml
c:\documents and settings\user\Application Data\PriceGong\Data\c.xml
c:\documents and settings\user\Application Data\PriceGong\Data\d.xml
c:\documents and settings\user\Application Data\PriceGong\Data\e.xml
c:\documents and settings\user\Application Data\PriceGong\Data\f.xml
c:\documents and settings\user\Application Data\PriceGong\Data\g.xml
c:\documents and settings\user\Application Data\PriceGong\Data\h.xml
c:\documents and settings\user\Application Data\PriceGong\Data\i.xml
c:\documents and settings\user\Application Data\PriceGong\Data\J.xml
c:\documents and settings\user\Application Data\PriceGong\Data\k.xml
c:\documents and settings\user\Application Data\PriceGong\Data\l.xml
c:\documents and settings\user\Application Data\PriceGong\Data\m.xml
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.xml
c:\documents and settings\user\Application Data\PriceGong\Data\o.xml
c:\documents and settings\user\Application Data\PriceGong\Data\p.xml
c:\documents and settings\user\Application Data\PriceGong\Data\q.xml
c:\documents and settings\user\Application Data\PriceGong\Data\r.xml
c:\documents and settings\user\Application Data\PriceGong\Data\s.xml
c:\documents and settings\user\Application Data\PriceGong\Data\t.xml
c:\documents and settings\user\Application Data\PriceGong\Data\u.xml
c:\documents and settings\user\Application Data\PriceGong\Data\v.xml
c:\documents and settings\user\Application Data\PriceGong\Data\w.xml
c:\documents and settings\user\Application Data\PriceGong\Data\x.xml
c:\documents and settings\user\Application Data\PriceGong\Data\y.xml
c:\documents and settings\user\Application Data\PriceGong\Data\z.xml
c:\documents and settings\user\Application Data\ShoppingReport
c:\documents and settings\user\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\user\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\user\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\user\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\user\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\user\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\user\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\user\Application Data\svchost.exe
c:\documents and settings\user\Recent\Thumbs.db
c:\documents and settings\user\WINDOWS
c:\program files\FunWebProducts
c:\program files\IEToolbar
c:\program files\IEToolbar\4 Search w Google search\4search.crc
c:\program files\IEToolbar\4 Search w Google search\4search.dll
c:\program files\IEToolbar\4 Search w google search\about.html
c:\program files\IEToolbar\4 Search w Google search\autosearch_plugin.dll
c:\program files\IEToolbar\4 Search w Google search\basis.xml
c:\program files\IEToolbar\4 Search w Google search\demo_logo.bmp
c:\program files\IEToolbar\4 Search w Google search\error.html
c:\program files\IEToolbar\4 Search w Google search\icons.bmp
c:\program files\IEToolbar\4 Search w google search\info.bmp
c:\program files\IEToolbar\4 Search w Google search\info.txt
c:\program files\IEToolbar\4 Search w google search\info2.bmp
c:\program files\IEToolbar\4 Search w Google search\logo.bmp
c:\program files\IEToolbar\4 Search w Google search\logo2.bmp
c:\program files\IEToolbar\4 Search w Google search\search.bmp
c:\program files\IEToolbar\4 Search w google search\search2.bmp
c:\program files\IEToolbar\4 Search w google search\tbHElper.dll
c:\program files\IEToolbar\4 Search w Google search\uninstall.exe
c:\program files\IEToolbar\4 Search w google search\version.txt
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\SoftwareRevenue.org
c:\program files\SoftwareRevenue.org\4search.exe
c:\program files\SoftwareRevenue.org\as.bmp
c:\program files\SoftwareRevenue.org\EnglishHarbourIcon.ico
c:\program files\SoftwareRevenue.org\gle.bmp
c:\program files\SoftwareRevenue.org\partypoker.ico
c:\windows\IsUn0405.exe
c:\windows\ST6UNST.000
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
c:\windows\system32\win32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 12:28 . 2011-06-17 13:26 -------- d-----w- c:\program files\Metin2
2011-06-16 16:15 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 16:23 . 2011-06-12 16:23 -------- d-----w- c:\program files\ESET
2011-06-12 16:23 . 2011-06-12 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-06-12 15:20 . 2011-06-16 18:11 -------- d-----w- c:\documents and settings\user\Application Data\go
2011-06-12 15:20 . 2011-06-16 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-06-10 16:11 . 2011-06-12 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-06-10 16:10 . 2011-06-10 16:10 -------- d-----w- c:\program files\Common Files\Skype
2011-06-10 12:42 . 2011-06-12 18:39 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-06-09 17:24 . 2011-06-09 17:24 -------- d-----w- c:\documents and settings\user\Application Data\Sony
2011-06-09 17:16 . 2011-06-09 17:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-08 16:05 . 2011-06-08 16:33 -------- d-----w- c:\documents and settings\pali 5\Application Data\Audacity
2011-06-08 16:05 . 2011-06-08 16:05 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-01 17:53 . 2011-06-01 17:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-19 14:17 . 2011-05-19 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:17 -------- d-----w- c:\documents and settings\pali 5\Local Settings\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:17 -------- d-----w- c:\documents and settings\pali 5\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:18 -------- d-----w- c:\documents and settings\pali 5\Local Settings\Application Data\MediaGet2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 21:45 . 2011-05-18 17:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 21:47 . 2011-05-11 21:47 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-06 18:52 . 2011-05-06 18:52 1409 ----a-w- c:\windows\QTFont.for
2011-05-02 15:31 . 2006-09-27 17:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 19:15 . 2011-03-22 18:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2007-01-10 18:59 . 2007-01-10 18:58 6820544 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2006-12-05 14:43 . 2006-12-05 14:43 16058336 ----a-w- c:\program files\5100_enu_win2k_xp.exe
2006-11-24 18:47 . 2006-11-24 18:47 16779392 ----a-w- c:\program files\java.exe
2006-11-14 18:55 . 2006-11-14 18:54 2316800 ----a-w- c:\program files\implugin.exe
2006-11-06 17:59 . 2006-11-06 17:59 905216 ----a-w- c:\program files\Irfanview 398.exe
2005-12-21 16:44 . 2006-12-27 11:43 110760088 ----a-w- c:\program files\Nero-7.0.1.2_csy.exe
2010-09-12 17:39 . 2007-05-16 16:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 143360]
"VTTimer"="VTTimer.exe" [2004-10-01 53248]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-12 30192]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\pali 5\\Desktop\\pali\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [15.9.2008 16:50 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [15.9.2008 16:50 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2008 15:58 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [16.3.2007 21:44 51072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.11.2008 13:28 222968]
R2 Sony Ericsson PC Companion download service;Sony Ericsson PC Companion download service;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\SupServ.exe [23.3.2010 13:59 93392]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 23:16 135664]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [4.8.2004 14:00 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3.11.2006 21:35 30192]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 23:16 135664]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [6.5.2007 20:51 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [22.6.2007 18:50 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [22.6.2007 18:49 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [22.6.2007 18:50 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [22.6.2007 18:50 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [22.6.2007 18:50 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [22.6.2007 18:50 90800]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [9.6.2011 19:19 152064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 21:16]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 21:16]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\b32yhgt7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {c04b4d56-1dd0-6fd8-aba4-c24da9b51341} - c:\program files\Mozilla Firefox\extensions\{c04b4d56-1dd0-6fd8-aba4-c24da9b51341}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-GTA San Andreas SK - c:\program files\Rockstar Games\GTA San Andreas\Uninstall GTA_SA_SK.exe
AddRemove-NoteWorthy Composer 2 - c:\program files\Noteworthy Software\NoteWorthy Composer 2\Uninstall.exe
AddRemove-NoteWorthy Composer 2 Viewer - c:\program files\Noteworthy Software\NoteWorthy Composer 2 Viewer\Uninstall.exe
AddRemove-NoteWorthy Player - c:\progra~1\NOTEWO~2\UNINSTAL.EXE
AddRemove-V-Rally2 Expert Edition - c:\program files\Infogrames\V-Rally2 Expert Edition\Uninst.isu
AddRemove-VentriloMIX - c:\program files\VentriloMIX\Uninstal.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\ConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\ConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\VTtrayp.exe
c:\windows\system32\VTTimer.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-17 20:21:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-17 18:20
.
Pre-Run: 9 938 292 736 bytes free
Post-Run: 20 adresárov, 21 318 660 096 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3B7D21CE366BDC7444D9F09912A9C9C5

Ďakujem...je to už v poriadku?
Alena

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Majstre, pokyny vykonané:

ComboFix 11-06-17.04 - user 17.06.2011 22:17:59.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.751.349 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 12:28 . 2011-06-17 13:26 -------- d-----w- c:\program files\Metin2
2011-06-16 16:15 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 16:23 . 2011-06-12 16:23 -------- d-----w- c:\program files\ESET
2011-06-12 16:23 . 2011-06-12 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-06-12 15:20 . 2011-06-16 18:11 -------- d-----w- c:\documents and settings\user\Application Data\go
2011-06-12 15:20 . 2011-06-16 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-06-10 16:11 . 2011-06-12 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-06-10 16:10 . 2011-06-10 16:10 -------- d-----w- c:\program files\Common Files\Skype
2011-06-10 12:42 . 2011-06-12 18:39 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-06-09 17:24 . 2011-06-09 17:24 -------- d-----w- c:\documents and settings\user\Application Data\Sony
2011-06-09 17:16 . 2011-06-09 17:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-08 16:05 . 2011-06-08 16:33 -------- d-----w- c:\documents and settings\pali 5\Application Data\Audacity
2011-06-08 16:05 . 2011-06-08 16:05 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-06-01 17:53 . 2011-06-01 17:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-19 14:17 . 2011-05-19 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:17 -------- d-----w- c:\documents and settings\pali 5\Local Settings\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:17 -------- d-----w- c:\documents and settings\pali 5\Application Data\Media Get LLC
2011-05-19 14:17 . 2011-05-19 14:18 -------- d-----w- c:\documents and settings\pali 5\Local Settings\Application Data\MediaGet2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 21:45 . 2011-05-18 17:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 21:47 . 2011-05-11 21:47 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-06 18:52 . 2011-05-06 18:52 1409 ----a-w- c:\windows\QTFont.for
2011-05-02 15:31 . 2006-09-27 17:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 19:15 . 2011-03-22 18:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2007-01-10 18:59 . 2007-01-10 18:58 6820544 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2006-12-05 14:43 . 2006-12-05 14:43 16058336 ----a-w- c:\program files\5100_enu_win2k_xp.exe
2006-11-24 18:47 . 2006-11-24 18:47 16779392 ----a-w- c:\program files\java.exe
2006-11-14 18:55 . 2006-11-14 18:54 2316800 ----a-w- c:\program files\implugin.exe
2006-11-06 17:59 . 2006-11-06 17:59 905216 ----a-w- c:\program files\Irfanview 398.exe
2005-12-21 16:44 . 2006-12-27 11:43 110760088 ----a-w- c:\program files\Nero-7.0.1.2_csy.exe
2010-09-12 17:39 . 2007-05-16 16:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 143360]
"VTTimer"="VTTimer.exe" [2004-10-01 53248]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-12 30192]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\pali 5\\Desktop\\pali\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [15.9.2008 16:50 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [15.9.2008 16:50 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2008 15:58 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [16.3.2007 21:44 51072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.11.2008 13:28 222968]
R2 Sony Ericsson PC Companion download service;Sony Ericsson PC Companion download service;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\SupServ.exe [23.3.2010 13:59 93392]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 23:16 135664]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [4.8.2004 14:00 14336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3.11.2006 21:35 30192]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.3.2010 23:16 135664]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [6.5.2007 20:51 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [22.6.2007 18:50 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [22.6.2007 18:49 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [22.6.2007 18:50 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [22.6.2007 18:50 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [22.6.2007 18:50 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [22.6.2007 18:50 90800]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [9.6.2011 19:19 152064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 21:16]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 21:16]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\b32yhgt7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {c04b4d56-1dd0-6fd8-aba4-c24da9b51341} - c:\program files\Mozilla Firefox\extensions\{c04b4d56-1dd0-6fd8-aba4-c24da9b51341}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-17 22:31:30
ComboFix-quarantined-files.txt 2011-06-17 20:31
ComboFix2.txt 2011-06-17 18:21
.
Pre-Run: 21 763 620 864 bytes free
Post-Run: 20 adresárov, 21 745 627 136 voľných bajtov
.
- - End Of File - - EDA2CFC111AA425475CD6AA176EEC8F9

Ďalšie rady do života? Prevencia? Na čo dať pozor? Je to teraz O.K? Ďakujem ešte raz.
Alena

Log již vypadá čistý.

Prevcence: Udržujte stále aktuální antivir. Na internetu nechoďte do "temných zákoutí" a neklikejte na vše, co se vám nabízí. Nemáte zač!