VIRY.CZ

Dobrý den mám problém s přístupem na pevné i jiné diksky přiládám log z combofix

ComboFix 10-04-06.05 - jirka 07.04.2010 20:21:50.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1422 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 18:03 . 2010-04-07 18:03 -------- d-s---w- c:\documents and settings\jirka\UserData
2010-04-07 17:46 . 2010-04-07 17:58 -------- d-----w- c:\windows\LastGood
2010-04-06 20:34 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-06 20:34 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-06 15:33 . 2010-04-06 15:33 -------- d-----w- c:\program files\Ask.com
2010-04-06 15:31 . 2010-04-06 15:33 -------- d-----w- c:\program files\The KMPlayer
2010-04-06 01:20 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-06 01:20 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-04-06 01:20 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-06 01:20 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-04-06 01:19 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-06 01:19 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-05 17:22 . 2010-04-05 17:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----w- c:\program files\Common Files\Skype
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----r- c:\program files\Skype
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Eye 312
2010-04-05 17:20 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-04-05 17:20 . 2007-06-14 16:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-05 17:20 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2010-04-05 17:20 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Pac7302
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\windows\PixArt
2010-04-05 13:25 . 2010-04-06 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\Norton Security Scan
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\NortonInstaller
2010-04-04 17:39 . 2010-04-04 17:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\AutoCAD 2010
2010-04-04 17:28 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-04-04 17:28 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-04-04 17:28 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-04-04 17:27 . 2010-04-04 17:27 -------- d-----w- c:\windows\Logs
2010-04-04 17:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-04 17:25 . 2010-04-04 17:26 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-04 17:19 . 2010-04-04 17:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-04 17:18 . 2010-04-04 17:18 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 17:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-04 17:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-04 16:59 . 2010-04-04 16:59 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 13:40 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-04-04 12:39 . 2010-04-07 17:44 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-03 23:10 . 2010-04-03 23:10 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 23:10 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 23:10 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-03 23:05 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 22:59 . 2010-04-03 22:59 -------- d-----w- c:\program files\MSXML 4.0
2010-04-03 19:40 . 2010-04-03 19:40 -------- d-----w- c:\program files\LG Electronics
2010-04-03 11:59 . 2010-04-03 12:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:53 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:53 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:37 . 2010-04-05 12:51 -------- d--h--w- c:\windows\$hf_mig$
2010-04-03 10:46 . 2010-04-03 10:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 10:10 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-04-03 09:33 . 2010-04-03 09:33 -------- d-----w- c:\program files\Flagship Studios
2010-04-03 09:29 . 2010-04-03 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 09:27 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-03 09:27 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-03 09:26 . 2010-04-03 09:26 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 09:25 . 2010-04-04 17:19 -------- d-----w- c:\program files\MSBuild
2010-04-03 09:17 . 2010-04-03 09:23 -------- d-----w- c:\windows\SHELLNEW
2010-04-03 09:13 . 2010-04-03 09:13 -------- d-----r- C:\MSOCache
2010-04-02 17:44 . 2010-04-02 17:44 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-04-02 17:34 . 2010-04-02 17:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 17:33 . 2010-04-02 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 17:33 . 2010-04-03 10:16 -------- d-----w- c:\program files\Java
2010-04-02 17:15 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-02 17:10 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 17:10 . 2010-04-02 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 20:27 . 2010-04-06 20:23 -------- d-----w- c:\program files\Aliens Vs Predator
2010-04-06 20:26 . 2010-04-06 20:26 -------- d-----w- c:\program files\Common Files\CANON
2010-04-06 20:26 . 2010-04-06 20:22 -------- d-----w- c:\program files\Canon
2010-04-06 20:23 . 2010-04-06 20:23 -------- d--h--w- c:\program files\CanonBJ
2010-04-05 17:20 . 2010-04-02 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 13:17 . 2001-10-25 14:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 13:17 . 2001-10-25 14:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 14:45 . 2010-04-02 10:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 14:45 . 2010-04-02 10:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-03 14:45 . 2010-04-02 10:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-02 12:08 . 2010-04-02 12:08 -------- d-----w- c:\program files\Opera
2010-04-02 12:03 . 2010-04-02 12:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-04-02 12:02 . 2010-04-02 10:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-02 11:30 . 2010-04-02 11:30 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 11:13 . 2010-04-02 11:13 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-02 10:51 . 2010-04-02 10:51 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-02 10:50 . 2010-04-02 10:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-02 10:48 . 2010-04-02 10:48 -------- d-----w- c:\program files\Nero
2010-04-02 10:33 . 2010-04-02 10:33 -------- d-----w- c:\program files\Intel
2010-04-02 10:28 . 2010-04-02 10:28 -------- d-----w- c:\program files\Realtek
2010-04-02 10:28 . 2010-04-02 10:28 315392 ----a-w- c:\windows\HideWin.exe
2010-04-02 10:22 . 2010-04-02 10:22 -------- d-----w- c:\program files\microsoft frontpage
2010-04-02 10:19 . 2010-04-02 10:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 08:13 . 2008-07-01 07:04 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 08:13 . 2010-03-09 08:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 08:11 . 2008-07-01 06:56 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-26 06:12 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-04-02 133368]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1691:TCP"= 1691:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 95872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.4.2010 13:13 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2010 19:10 691696]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - EAMON
*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN
*NewlyCreated* - EPFWTDIR

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\Norton Security Scan for jirka.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-05 10:50]

2010-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]

2010-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.samsungodd.com/liveupdate.asp?type=en
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\vtfkhncu.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 20:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-04-07 20:28:02
ComboFix-quarantined-files.txt 2010-04-07 18:27

Před spuštěním: 6 109 061 120
Po spuštění: 6 074 130 432

- - End Of File - - 983BE888EF8ACAB32A13AC0EE4DDD4D5

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Collect::
c:\windows\system32\winsys2.exe

Driver::
Akamai

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikionu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 10-04-06.05 - jirka 07.04.2010 20:55:59.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jirka\Plocha\cfscript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\windows\system32\winsys2.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\winsys2.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Service_Akamai


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 18:03 . 2010-04-07 18:03 -------- d-s---w- c:\documents and settings\jirka\UserData
2010-04-06 20:34 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-06 20:34 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-06 19:45 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-06 15:31 . 2010-04-06 15:33 -------- d-----w- c:\program files\The KMPlayer
2010-04-06 01:20 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-06 01:20 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-06 01:20 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-06 01:20 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-04-06 01:20 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-06 01:20 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-04-06 01:20 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-06 01:20 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-06 01:19 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-04-06 01:19 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-06 01:19 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-05 17:22 . 2010-04-05 17:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----w- c:\program files\Common Files\Skype
2010-04-05 17:21 . 2010-04-05 17:21 -------- d-----r- c:\program files\Skype
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Eye 312
2010-04-05 17:20 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-04-05 17:20 . 2007-06-14 16:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-04-05 17:20 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2010-04-05 17:20 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\program files\Common Files\Pac7302
2010-04-05 17:20 . 2010-04-05 17:20 -------- d-----w- c:\windows\PixArt
2010-04-05 13:25 . 2010-04-06 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\Norton Security Scan
2010-04-05 13:02 . 2010-04-05 13:02 -------- d-----w- c:\program files\NortonInstaller
2010-04-04 17:39 . 2010-04-04 17:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-04 17:30 . 2010-04-04 17:47 -------- d-----w- c:\program files\AutoCAD 2010
2010-04-04 17:28 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-04-04 17:28 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-04-04 17:28 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-04-04 17:27 . 2010-04-04 17:27 -------- d-----w- c:\windows\Logs
2010-04-04 17:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-04 17:25 . 2010-04-04 17:26 -------- d-----w- c:\windows\system32\cs-CZ
2010-04-04 17:19 . 2010-04-04 17:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-04 17:18 . 2010-04-04 17:18 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 17:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-04 17:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-04 17:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-04 17:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-04 17:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-04 16:59 . 2010-04-04 16:59 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 13:40 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-04-04 12:39 . 2010-04-07 18:35 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-03 23:10 . 2010-04-03 23:10 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 23:10 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 23:10 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-03 23:05 . 2004-08-17 13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\windows\ServicePackFiles
2010-04-03 22:59 . 2010-04-03 22:59 -------- d-----w- c:\program files\MSXML 4.0
2010-04-03 19:40 . 2010-04-03 19:40 -------- d-----w- c:\program files\LG Electronics
2010-04-03 11:59 . 2010-04-03 12:21 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-03 11:53 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-03 11:53 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-03 11:53 . 2009-12-09 10:28 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-03 11:53 . 2009-12-09 10:28 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-03 11:53 . 2009-12-09 10:28 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-03 11:53 . 2009-12-09 10:28 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-03 11:37 . 2010-04-05 12:51 -------- d--h--w- c:\windows\$hf_mig$
2010-04-03 10:46 . 2010-04-03 10:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 10:10 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-04-03 10:10 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-04-03 09:33 . 2010-04-03 09:33 -------- d-----w- c:\program files\Flagship Studios
2010-04-03 09:29 . 2010-04-03 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-03 09:27 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-03 09:27 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-03 09:26 . 2010-04-03 09:26 -------- d-----w- c:\program files\Microsoft Works
2010-04-03 09:25 . 2010-04-04 17:19 -------- d-----w- c:\program files\MSBuild
2010-04-03 09:17 . 2010-04-03 09:23 -------- d-----w- c:\windows\SHELLNEW
2010-04-03 09:13 . 2010-04-03 09:13 -------- d-----r- C:\MSOCache
2010-04-02 17:44 . 2010-04-02 17:44 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2010-04-02 17:34 . 2010-04-02 17:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 17:33 . 2010-04-02 17:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 17:33 . 2010-04-03 10:16 -------- d-----w- c:\program files\Java
2010-04-02 17:15 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-02 17:10 . 2010-04-02 17:15 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 17:10 . 2010-04-02 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 20:27 . 2010-04-06 20:23 -------- d-----w- c:\program files\Aliens Vs Predator
2010-04-06 20:26 . 2010-04-06 20:26 -------- d-----w- c:\program files\Common Files\CANON
2010-04-06 20:26 . 2010-04-06 20:22 -------- d-----w- c:\program files\Canon
2010-04-06 20:23 . 2010-04-06 20:23 -------- d--h--w- c:\program files\CanonBJ
2010-04-05 17:20 . 2010-04-02 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 13:17 . 2001-10-25 14:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 13:17 . 2001-10-25 14:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 14:45 . 2010-04-02 10:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 14:45 . 2010-04-02 10:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-03 14:45 . 2010-04-02 10:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-02 12:08 . 2010-04-02 12:08 -------- d-----w- c:\program files\Opera
2010-04-02 12:03 . 2010-04-02 12:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-04-02 12:02 . 2010-04-02 10:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-02 11:30 . 2010-04-02 11:30 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 11:13 . 2010-04-02 11:13 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-02 10:51 . 2010-04-02 10:51 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-02 10:50 . 2010-04-02 10:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-02 10:48 . 2010-04-02 10:48 -------- d-----w- c:\program files\Nero
2010-04-02 10:33 . 2010-04-02 10:33 -------- d-----w- c:\program files\Intel
2010-04-02 10:28 . 2010-04-02 10:28 -------- d-----w- c:\program files\Realtek
2010-04-02 10:28 . 2010-04-02 10:28 315392 ----a-w- c:\windows\HideWin.exe
2010-04-02 10:22 . 2010-04-02 10:22 -------- d-----w- c:\program files\microsoft frontpage
2010-04-02 10:19 . 2010-04-02 10:19 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 08:13 . 2008-07-01 07:04 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 08:13 . 2010-03-09 08:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 08:11 . 2008-07-01 06:56 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-02-26 06:12 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-04-02 133368]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2010 19:10 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 95872]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.4.2010 13:13 246520]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-04-06 c:\windows\Tasks\Norton Security Scan for jirka.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-05 10:50]

2010-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.samsungodd.com/liveupdate.asp?type=en
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\vtfkhncu.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 21:07
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6041F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> 0x8a6041f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47b21
SendHandler -> NDIS.sys @ 0xf7b2587b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(660)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-07 21:12:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-07 19:12
ComboFix2.txt 2010-04-07 18:28

Před spuštěním: 6 055 616 512
Po spuštění: 5 876 195 328

- - End Of File - - 6394D2D83C00C414C133CD8F738C8CAB

nepomohlo stále mi to hlásí error při otevírání jakékoliv složky

Dejte log z CF po posledním spuštění. Jen nevím, jak tohle všechno souvisí s Internet Explorerem.