VIRY.CZ

Logfile of HijackThis v1.99.1
Scan saved at 21:57:53, on 16.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jirka\Plocha\Nová složka\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-01-16.02 - jirka 16.01.2010 23:15:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.895.541 [GMT 1:00]
Spuštěný z: c:\documents and settings\jirka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\windows\system32\skype
c:\windows\system32\skype\klog.dat
c:\windows\system32\skype\winhost.exe
c:\windows\system32\winlogon.bak

Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{F4E14BC4-D79F-4456-92B6-A8B7FD2729A5}\RP13\A0000459.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 20:25 . 2010-01-16 20:25 -------- d-----w- c:\program files\Seznam
2010-01-16 20:17 . 2010-01-16 20:17 -------- d-----w- c:\windows\nview
2010-01-16 20:03 . 2010-01-16 20:03 -------- d-----w- c:\program files\Ask.com
2010-01-16 20:02 . 2010-01-16 20:03 -------- d-----w- c:\program files\The KMPlayer
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\UC.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\RAR.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\PKZIP.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\LHA.PIF
2010-01-16 19:37 . 2005-02-02 05:51 545 ----a-w- c:\windows\ARJ.PIF
2010-01-16 19:37 . 2010-01-16 20:13 -------- d-----w- C:\totalcmd
2010-01-16 19:33 . 2010-01-16 19:33 -------- d-----w- c:\program files\Skype
2010-01-16 19:33 . 2010-01-16 19:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-16 19:30 . 2010-01-16 19:33 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-16 19:30 . 2010-01-16 19:30 -------- d-----w- c:\program files\Nero
2010-01-16 19:18 . 2010-01-16 19:21 -------- d-----w- c:\program files\Winamp
2010-01-16 18:16 . 2010-01-16 18:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-16 17:44 . 2010-01-16 17:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 17:25 . 2010-01-16 17:25 -------- d-----w- c:\documents and settings\jirka\kbpki
2010-01-16 17:25 . 2010-01-16 17:25 -------- d-----w- c:\windows\Sun
2010-01-16 17:21 . 2010-01-16 17:44 -------- d-----w- c:\program files\Java
2010-01-16 17:21 . 2010-01-16 17:21 -------- d-----w- c:\program files\Common Files\Java
2010-01-15 19:47 . 2010-01-15 19:47 -------- d-----w- C:\temp
2010-01-15 19:31 . 2010-01-15 19:31 -------- d-----w- c:\windows\system32\Lang
2010-01-15 19:27 . 2007-05-14 09:38 356352 ----a-w- c:\windows\system32\NVUDISP.EXE
2010-01-15 19:17 . 2010-01-15 19:17 -------- d-----w- c:\program files\Atheros
2010-01-15 19:16 . 2010-01-15 19:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-15 19:14 . 2010-01-15 19:14 -------- d-----w- c:\program files\Wireless Console 2
2010-01-15 19:05 . 2007-10-26 01:20 549184 ----a-w- c:\windows\system32\drivers\ar5211.sys
2010-01-15 19:05 . 2007-10-26 01:20 549184 ----a-w- c:\windows\system32\ar5211.sys
2010-01-15 19:05 . 2010-01-16 20:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 18:52 . 2007-08-16 12:19 6844256 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-01-15 18:52 . 2007-08-16 12:19 6844256 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-15 18:52 . 2007-08-16 12:19 5832832 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-01-15 18:52 . 2007-08-16 12:19 5832832 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-15 17:19 . 2007-01-03 11:20 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-01-15 17:19 . 2007-05-01 07:11 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-01-15 17:18 . 2007-05-04 17:41 927616 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2010-01-15 17:18 . 2007-05-04 17:41 261632 ----a-w- c:\windows\system32\drivers\nvsnpu.sys
2010-01-15 17:18 . 2007-05-04 17:41 19968 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2010-01-15 17:18 . 2007-05-04 17:41 110592 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-01-15 17:18 . 2007-05-04 17:41 46720 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2010-01-15 17:18 . 2007-05-04 17:40 196096 ----a-w- c:\windows\system32\fdco1ins.dll
2010-01-15 17:18 . 2007-05-04 17:39 9216 ----a-w- c:\windows\system32\bdco1ins.dll
2010-01-15 17:18 . 2007-05-04 17:39 9216 ----a-w- c:\windows\system32\bdco1.dll
2010-01-15 17:18 . 2007-05-01 07:11 37888 ----a-w- c:\windows\system32\nvconrm.dll
2010-01-15 16:25 . 2010-01-15 16:25 315392 ----a-w- c:\windows\HideWin.exe
2010-01-15 16:24 . 2007-05-14 19:18 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-15 16:14 . 2001-11-09 14:18 1081 ----a-w- c:\windows\system32\no_wpa.bat
2010-01-15 16:14 . 2001-08-31 03:53 310 ----a-w- c:\windows\system32\NOWPA.reg
2010-01-15 16:11 . 2010-01-15 16:11 -------- d-----w- c:\windows\NOWPA
2010-01-15 15:39 . 2009-06-03 18:16 2615 ----a-w- c:\windows\system32\installer.bat
2010-01-15 15:39 . 2009-06-03 18:16 323072 ----a-w- c:\windows\WgaTray.exe
2010-01-15 15:39 . 2009-06-03 18:16 190464 ----a-w- c:\windows\WgaLogon.dll
2010-01-15 15:39 . 2009-06-03 18:16 2615 ----a-w- c:\windows\installer.bat
2010-01-15 15:39 . 2009-06-03 18:16 1481728 ----a-w- c:\windows\LegitCheckControl.dll
2010-01-15 14:55 . 2010-01-09 02:58 134593 ----a-w- c:\windows\system32\windows-xp.exe
2010-01-15 14:32 . 2010-01-15 14:32 0 ----a-w- c:\windows\nsreg.dat
2010-01-15 14:31 . 2010-01-15 14:26 408719 ----a-w- c:\windows\Windows_XP_Legalizator.exe
2010-01-15 14:26 . 2010-01-15 14:26 408719 ----a-w- c:\windows\system32\Windows_XP_Legalizator.exe
2010-01-15 12:49 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-15 12:49 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-15 12:49 . 2010-01-15 12:49 -------- d-----w- c:\program files\Microsoft Works
2010-01-15 12:49 . 2010-01-15 12:49 -------- d-----w- c:\program files\MSBuild
2010-01-15 12:45 . 2010-01-15 12:48 -------- d-----w- c:\windows\SHELLNEW
2010-01-15 12:44 . 2010-01-15 12:44 -------- d-----r- C:\MSOCache
2010-01-15 12:26 . 2010-01-15 12:26 -------- d-----w- c:\program files\ESET
2010-01-15 12:18 . 2010-01-15 12:18 -------- d-----w- c:\program files\Lame
2010-01-15 12:17 . 2010-01-15 12:17 -------- d-----w- c:\program files\7-Zip
2010-01-15 12:17 . 2010-01-15 12:17 -------- d-----w- c:\program files\MPC HomeCinema
2010-01-15 12:16 . 2010-01-15 12:16 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-01-15 12:04 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-01-15 12:04 . 2008-04-14 07:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-15 12:03 . 2008-04-14 08:52 75264 ----a-w- c:\windows\system32\usbui.dll
2010-01-15 12:03 . 2008-04-14 00:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-01-15 12:03 . 2008-04-14 00:06 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-01-15 12:03 . 2008-04-14 00:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-01-15 12:01 . 2010-01-16 20:25 -------- d-----w- c:\documents and settings\All Users\Plocha

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 19:49 . 2008-04-14 12:00 46214 ----a-w- c:\windows\system32\perfc005.dat
2010-01-15 19:49 . 2008-04-14 12:00 309954 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 11:48 . 2010-01-15 11:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 11:42 . 2010-01-15 11:42 -------- d-----w- c:\program files\Motorola
2010-01-15 11:23 . 2010-01-15 11:11 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-15 11:23 . 2010-01-15 11:11 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-15 11:22 . 2010-01-15 11:11 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-15 11:12 . 2010-01-15 11:12 -------- d-----w- c:\program files\microsoft frontpage
2010-01-15 11:09 . 2010-01-15 11:09 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-16 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"nwiz"="nwiz.exe" [2007-08-16 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [15.1.2010 12:40 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [15.1.2010 12:40 1245056]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\sa2dnwyf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 23:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-16 23:21:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-16 22:21

Před spuštěním: Volných bajtů: 109 218 078 720
Po spuštění: Volných bajtů: 110 310 330 368

- - End Of File - - 7C70DE28A8580FCFB1A552E4500A9F98

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. Cf se spustí a vykoná příkazy ze skriptu.