Vir operačního systému

[petrocka]

Prosím o pomoc antivirák NOd 32 mi nalezl vir operačního systému Win32/agent.0DG trojský kůň. Prosím o radu jak se ho zbavit:-)

[Reklama]

[memphisto]

Vítej na fóru PC-HELP.CZ

pro začátek vlož log z HijackThis (návod na vytvoření logu mám v podpise)

[petrocka]

prosím o pomoc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:21, on 30.4.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\ehome\ehtray.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{12DB1974-2C06-4A16-92B6-B7A2D5C7C1B7}: NameServer = 213.226.224.12,194.213.224.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12DB1974-2C06-4A16-92B6-B7A2D5C7C1B7}: NameServer = 213.226.224.12,194.213.224.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12DB1974-2C06-4A16-92B6-B7A2D5C7C1B7}: NameServer = 213.226.224.12,194.213.224.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12544 bytes

[petrocka]

ahojik mohla bych mít ješte jeden dotaz ?stahuju přes cz-share, myslíš,že je to bezpečné nebo je tu velká pravděpodobnost vir chytit,moc děkuji.-)

[CrasherKill]

Nezáleží přes co stahuješ, ale obsah jaký stahuješ podle toho je míra ryzika chycení viru buď velká nebo malá

[petrocka]

prosím o odpověd,počítač jsem už projela tím programem:-)

[jaro3]

No , jo těžká práce , máš to zanesený antivirama...Nech jen jeden antivir a antispyware. Takže pokud je funkční
Norton Internet Security tak bych ho nechal a ostatní odinstalovat:
SpywareTerminator
ESET NOD32 Antivirus
SUPERAntiSpyware - ten můžeš ponechat
AVG8
Windows Defender


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[petrocka]

Moc děkuji za pomoc sama si vazne neporadim
tady jsou vysledky:
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2079
Windows 6.0.6000

5.5.2009 21:31:03
mbam-log-2009-05-05 (21-30-45).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71553
Uplynulý cas: 4 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\System32\drivers\ovfsthxtgouphqe.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\ovfsthxndftoxou.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\ovfsthxowjvbgkl.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\ovfsthxtmwymdet.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\ovfsthxhwowcpxs.dat (Trojan.Agent) -> No action taken.
C:\Windows\System32\ovfsthxvnpopcuw.dat (Trojan.Agent) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u zbývajícího antiviru , antispywaru a deaktivuj firewall

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra se podívám.

[petrocka]

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2079
Windows 6.0.6000

5.5.2009 22:00:47
mbam-log-2009-05-05 (22-00-47).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71361
Uplynulý cas: 3 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\System32\drivers\ovfsthxtgouphqe.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthxndftoxou.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthxowjvbgkl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthxtmwymdet.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthxhwowcpxs.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthxvnpopcuw.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

[petrocka]

ComboFix 09-05-05.02 - petrocka 05.05.2009 22:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2037.1176 [GMT 2:00]
Spuštěný z: c:\users\petrocka\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\petrocka\AppData\Roaming\inst.exe
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-05 do 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w c:\users\petrocka\AppData\Roaming\Malwarebytes
2009-05-05 19:25 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 19:25 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w c:\programdata\Malwarebytes
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-05 14:40 . 2009-05-05 17:54 88 --sh--r c:\windows\system32\78B4A35103.sys
2009-05-05 14:40 . 2009-05-05 14:40 -------- d-----w c:\users\petrocka\AppData\Roaming\Corel
2009-05-05 14:40 . 2009-05-05 14:40 -------- d-----w c:\programdata\Corel
2009-05-05 14:40 . 2009-05-05 14:40 -------- d-----w c:\users\All Users\Corel
2009-05-05 14:37 . 2009-05-05 14:39 -------- d-----w c:\program files\Common Files\Corel
2009-05-05 13:46 . 2009-05-05 13:46 88 --sh--r c:\windows\system32\088004418E.sys
2009-05-05 13:46 . 2009-05-05 13:46 8 --sh--r c:\windows\system32\451B48278C.sys
2009-05-05 13:46 . 2009-05-05 17:54 6892 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-05 13:42 . 2009-05-05 14:37 -------- d-----w c:\program files\Corel
2009-05-01 16:26 . 2009-05-01 16:25 737280 ----a-w c:\windows\iun6002.exe
2009-04-30 13:48 . 2009-04-30 13:48 -------- d-----w c:\program files\Trend Micro
2009-04-25 17:44 . 2009-04-26 08:16 -------- d-----w c:\programdata\Vso
2009-04-25 17:44 . 2009-04-26 08:16 -------- d-----w c:\users\All Users\Vso
2009-04-25 17:39 . 2009-04-25 17:39 -------- d-----w c:\program files\VSO
2009-04-25 15:50 . 2009-04-25 15:50 -------- d-----w c:\program files\Nero
2009-04-25 14:22 . 2009-04-25 14:22 335 ----a-w c:\windows\nsreg.dat
2009-04-25 14:22 . 2009-04-25 14:22 -------- d-----w c:\users\petrocka\AppData\Roaming\Talkback
2009-04-25 14:21 . 2009-04-25 14:21 99024 ----a-w c:\windows\MozillaUninstall.exe
2009-04-25 14:21 . 2009-04-25 14:21 99024 ----a-w c:\windows\GREUninstall.exe
2009-04-25 14:21 . 2009-04-25 14:21 8657 ----a-w c:\windows\mozver.dat
2009-04-25 14:21 . 2009-04-25 14:21 -------- d-----w c:\program files\Common Files\mozilla.org
2009-04-25 14:21 . 2009-04-25 14:21 -------- d-----w c:\program files\mozilla.org
2009-04-19 11:13 . 2009-04-28 18:12 -------- d-----w c:\program files\ESET
2009-04-19 09:13 . 2009-04-19 09:13 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-19 09:13 . 2009-04-19 09:13 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-19 09:12 . 2009-04-19 09:12 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-19 09:12 . 2009-04-19 09:12 -------- d-----w c:\users\petrocka\AppData\Roaming\SUPERAntiSpyware.com
2009-04-19 08:51 . 2009-05-05 20:03 -------- d-----w c:\programdata\Norton
2009-04-19 08:51 . 2009-05-05 20:03 -------- d-----w c:\users\All Users\Norton
2009-04-19 08:48 . 2009-04-19 08:48 -------- d-----w c:\programdata\NortonInstaller
2009-04-19 08:48 . 2009-04-19 08:48 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-19 08:48 . 2009-04-19 10:59 -------- d-----w C:\Combo-Fix
2009-04-19 08:14 . 2009-04-19 08:14 -------- d-----w c:\program files\Alwil Software
2009-04-19 07:32 . 2009-04-19 11:23 -------- d-----w c:\programdata\ESET
2009-04-19 07:32 . 2009-04-19 11:23 -------- d-----w c:\users\All Users\ESET
2009-04-11 12:02 . 1999-03-23 08:12 299520 ----a-w c:\windows\uninst.exe
2009-04-06 15:34 . 2009-04-06 15:34 -------- d-----w c:\program files\Common Files\Skype
2009-04-06 15:34 . 2009-04-06 15:35 -------- d-----r c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 20:00 . 2008-06-21 11:26 -------- d-----w c:\program files\ICQToolbar
2009-05-05 19:18 . 2007-12-13 06:04 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:18 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-05 19:18 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-05 19:18 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-05 14:59 . 2007-12-13 14:37 81404 ----a-w c:\windows\system32\perfc005.dat
2009-05-05 14:59 . 2007-12-13 14:37 473598 ----a-w c:\windows\system32\perfh005.dat
2009-04-25 17:40 . 2009-02-01 07:38 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-25 17:40 . 2009-02-01 07:38 47360 ----a-w c:\users\petrocka\AppData\Roaming\pcouffin.sys
2009-04-25 15:50 . 2008-06-22 12:34 -------- d-----w c:\program files\Common Files\Ahead
2009-04-25 15:13 . 2008-12-27 13:54 -------- d-----w c:\program files\ABC Transdict
2009-04-25 14:54 . 2008-06-22 12:20 -------- d-----w c:\program files\Recepty doma
2009-04-25 14:53 . 2007-12-13 06:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 14:53 . 2007-12-13 07:32 -------- d-----w c:\program files\CyberLink
2009-04-25 14:51 . 2008-06-22 12:34 -------- d-----w c:\program files\Ahead
2009-04-25 14:50 . 2009-03-27 20:04 -------- d-----w c:\program files\GameTop.com
2009-04-25 14:49 . 2008-10-23 10:05 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 14:46 . 2009-02-13 17:20 -------- d-----w c:\program files\Giants
2009-04-25 14:44 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games
2009-04-25 14:34 . 2009-03-20 17:39 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-25 14:30 . 2008-06-21 09:05 -------- d-----w c:\program files\Atari
2009-04-18 20:36 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-27 16:53 . 2009-03-27 13:56 -------- d-----w c:\program files\DarXide games
2009-03-27 16:52 . 2009-03-27 13:56 81920 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-27 16:52 . 2009-03-27 13:56 233472 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-27 16:43 . 2009-03-27 14:01 -------- d-----w c:\program files\DDD Pool
2009-03-19 09:45 . 2009-03-19 09:45 93848 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-03-19 09:44 . 2009-03-19 09:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 09:41 . 2009-03-19 09:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-17 03:16 . 2009-04-16 13:12 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 13:12 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-16 06:35 . 2009-03-16 06:34 -------- d-----w c:\program files\Paint.NET
2009-03-15 16:26 . 2008-06-21 11:25 -------- d-----w c:\program files\ICQ6
2009-03-13 14:14 . 2008-06-21 08:13 -------- d-----w c:\program files\Common Files\Adobe
2009-03-03 04:24 . 2009-04-16 13:12 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 13:12 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 13:12 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 13:12 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 13:12 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 13:12 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 13:12 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 13:12 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 13:12 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 13:12 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 13:12 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 13:12 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 13:12 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 13:12 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 13:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-18 08:00 . 2009-02-18 08:00 16945 ----a-w c:\windows\War3Unin.dat
2009-02-18 08:00 . 2009-02-18 08:00 2829 ----a-w c:\windows\War3Unin.pif
2009-02-18 08:00 . 2009-02-18 08:00 126976 ----a-w c:\windows\War3Unin.exe
2009-02-14 08:44 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-02-14 07:56 . 2008-06-21 08:19 104840 ----a-w c:\users\petrocka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 07:26 . 2009-04-16 13:12 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 13:12 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 13:12 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 11:02 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-12 17:44 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-23 1232896]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-25 185896]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]

c:\users\petrocka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Czech /KBD:3

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FEDD9F65-9F54-4957-9BDC-4A20F402490F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{AF0AC398-6B34-4949-8014-9FAD01A6EB05}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{08517EE9-AAEA-4EFA-A8DB-8264CEF74848}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{7CDC2D8D-7949-44AE-919B-5446779D0F2B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4A52ACB6-86CA-4BC4-892F-ACE007B5F4D7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EED90B61-22A6-49CE-BF70-1A22F0F9F380}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4C6719FB-9F6D-4AE8-890F-9F64005AAC94}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1CC2DCE9-1FAF-4F94-B635-F740F7EF618B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{36CCBD46-DFEB-4117-A749-DFD76DCDFD40}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AE5D21B2-9F52-40DF-9511-B07AF65D88D9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5E5EA1D8-5FC5-41A9-8DAD-EE78A4A8CB96}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D5473B04-57BA-4375-AE01-6CA35383BF88}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B28BDC73-1349-4CC3-A4CC-11132F0CC0CD}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FDD7CA08-CF3D-4E62-97CB-BAE0227939DF}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{4C19DF84-0BB1-44C4-B2AE-4E1D8B104287}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4E2EE8CF-D85F-466A-94ED-E6C86219495B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3C232C80-B891-4E27-912D-5B650B1496D1}c:\\users\\petrocka\\desktop\\marias_talon_cz.exe"= UDP:c:\users\petrocka\desktop\marias_talon_cz.exe:marias_talon_cz.exe
"UDP Query User{7F73C4A0-A77E-4918-90AC-5A791A906C94}c:\\users\\petrocka\\desktop\\marias_talon_cz.exe"= TCP:c:\users\petrocka\desktop\marias_talon_cz.exe:marias_talon_cz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\drivers\OCDE.sys [22.9.2004 15:10 29728]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19.3.2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [19.3.2009 11:45 93848]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [13.12.2007 8:45 70144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.3.2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 14:07 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19.3.2009 11:44 731840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 14:07 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1632c58-c158-11dd-b7b4-bccfd9217309}]
\shell\AutoRun\command - H:\2w.cmd
\shell\explore\Command - H:\2w.cmd
\shell\open\Command - H:\2w.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f67f96e0-6d86-11dd-8ed9-001eec1fab26}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe868487-1794-11de-a972-b3f8beb4fdbd}]
\shell\AUTOplay\coMmaND - H:\meklx.pif
\shell\AutoRun\command - H:\meklx.pif
\shell\eXploRE\cOmmand - H:\meklx.pif
\shell\opEn\CommaNd - H:\meklx.pif
.
Obsah adresáře 'Naplánované úlohy'

2009-05-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 15:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
TCP: {12DB1974-2C06-4A16-92B6-B7A2D5C7C1B7} = 213.226.224.12,194.213.224.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\petrocka\AppData\Roaming\Mozilla\Firefox\Profiles\g1i0vi8a.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 22:14
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-67603541-1624302462-980826803-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,e6,4b,a0,c1,23,bc,a7,68,90,d9,8e,3a,1c,7a,d7,18,bb,9a,f1,93,
d8,4d,a9,fc,c4,53,bf,b0,a4,6c,ff,5f,ad,56,cf,60,ce,af,78,8b,23,f7,64,b9,f4,\
"rkeysecu"=hex:97,ef,a2,85,5a,0e,47,d1,07,96,41,69,e7,3b,c8,ba

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-05-05 22:17
ComboFix-quarantined-files.txt 2009-05-05 20:17

Před spuštěním: Volných bajtů: 92 034 609 152
Po spuštění: Volných bajtů: 92 242 464 768

279 --- E O F --- 2009-05-04 14:39

[petrocka]

Tak jak to vypada ted?:-)
Ps: klobouk dolu,obdivuju te