Prosim o kontrolu logu - podivny problem

Michal ll · Příspěvekod **Michal ll** » 02 led 2009 15:22

Mam nejake podivne chovani PC. Antiviry AVG ani NOD nic neukazuji, ale nemuzu stahnout aktualizace, dostat se na jejich stranky...Navic preba ADaware nejde spustit ani po preintalovani a SpyBot ani nenainstaluju.
Diky moc.

Logfile of HijackThis v1.99.1
Scan saved at 15:02:52, on 2.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Michal\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [domovská stránka] c:\Program Files\Domovská stránka\config.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

Reklama

Příspěvekod **jaro3** » 02 led 2009 16:46

Máš mít jen jeden antivir, odinstaluj AVG...
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Michal ll · Příspěvekod **Michal ll** » 05 led 2009 09:02

Diky moc za odpoved.
Bohuzel situace bude asi slozitejsi.
Nod mi objevil PINIT viros, ktery se snad podarilo odstranit.
Nicmene instalacni programy Anti Malware, Combofix.... proste nejdou spustit. Zrovna tak se nedostanu na stranky techto programu a musim stahovat z jineho PC.
Zkousel jsem i nouzovy rezim a do toho se take vubec nedostanu i kdyz drzim F8 co to jde.
Tak fakt nevim co s tim.
Diky.

Příspěvekod **jaro3** » 05 led 2009 10:14

Zkusíme postupovat podle fredika:
Zkus si zde
http://uloz.to/1086026/Tools.zip

stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - viz. návod na RSIT
buss - viz. návod na DDS
viewtopic.php?f=70&t=34644&start=1

SR - viz. návod na Silent Runners
viewtopic.php?f=70&t=25550&start=64

VerTer - viz. návod na ComboFix
viewtopic.php?f=47&t=32104&start=5
pokud ti některý pojede, tak sem vlož z něho log.

Michal ll · Příspěvekod **Michal ll** » 05 led 2009 14:46

Opet dekuji.
Podarilo se mi spustit v podstate vse, takze zde jsou vypisy:

HijackThis
Logfile of random's system information tool 1.05 (written by random/random)
Run by Michal at 2009-01-05 14:00:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (8%) free of 191 GB
Total RAM: 2038 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:20, on 5.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michal\Dokumenty\!vir\itr.exe
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

--
End of file - 5848 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-08 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-08 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-08 137752]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-02 949376]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2006-11-07 110592]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-11-07 8192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-12-18 25365032]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GetRight Monitor.lnk - C:\Program Files\GetRight\getright.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Port pro program Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-05 13:57:52 ----D---- C:\WINDOWS\temp
2009-01-05 13:57:50 ----A---- C:\ComboFix.txt
2009-01-05 13:42:29 ----A---- C:\Boot.bak
2009-01-05 13:42:26 ----RASHD---- C:\cmdcons
2009-01-05 13:41:16 ----A---- C:\WINDOWS\zip.exe
2009-01-05 13:41:16 ----A---- C:\WINDOWS\SWREG.exe
2009-01-05 13:41:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\VFIND.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\SWSC.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\sed.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\grep.exe
2009-01-05 13:41:15 ----A---- C:\WINDOWS\fdsv.exe
2009-01-05 13:40:34 ----D---- C:\WINDOWS\ERDNT
2009-01-05 13:40:34 ----AD---- C:\Qoobox
2009-01-05 13:39:38 ----D---- C:\Program Files\trend micro
2009-01-05 13:39:37 ----D---- C:\rsit
2009-01-01 17:29:51 ----D---- C:\Documents and Settings\Michal\Data aplikací\Help
2009-01-01 17:25:37 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-12-25 22:02:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2008-12-25 12:27:58 ----D---- C:\Program Files\Bonjour
2008-12-25 12:21:37 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-21 11:58:22 ----D---- C:\Program Files\DVD Shrink
2008-12-21 11:58:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-12-12 12:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 12:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 12:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 12:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-05 13:59:07 ----D---- C:\WINDOWS\system32
2009-01-05 13:59:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 13:57:52 ----D---- C:\WINDOWS
2009-01-05 13:56:52 ----A---- C:\WINDOWS\system.ini
2009-01-05 13:54:40 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 13:54:40 ----D---- C:\WINDOWS\AppPatch
2009-01-05 13:54:40 ----D---- C:\Program Files\Common Files
2009-01-05 13:52:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 13:42:29 ----RASH---- C:\boot.ini
2009-01-05 13:40:44 ----D---- C:\WINDOWS\Prefetch
2009-01-05 13:40:13 ----D---- C:\Documents and Settings\Michal\Data aplikací\Skype
2009-01-05 13:39:38 ----RD---- C:\Program Files
2009-01-05 12:29:00 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 09:52:14 ----A---- C:\WINDOWS\iltwain.ini
2009-01-05 08:33:11 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-05 08:11:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 00:31:40 ----D---- C:\Program Files\ICQToolbar
2009-01-05 00:30:43 ----D---- C:\Program Files\GetRight
2009-01-02 14:30:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-02 14:30:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-01 17:34:15 ----HD---- C:\WINDOWS\inf
2009-01-01 17:25:29 ----D---- C:\Program Files\Google
2008-12-30 02:42:22 ----D---- C:\Program Files\ESET
2008-12-30 01:03:15 ----D---- C:\WINDOWS\Minidump
2008-12-30 01:03:15 ----D---- C:\WINDOWS\Debug
2008-12-30 00:56:47 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-12-29 15:08:12 ----SHD---- C:\WINDOWS\Installer
2008-12-29 15:07:59 ----D---- C:\Program Files\Lavasoft
2008-12-29 15:07:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-12-29 15:07:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-25 22:05:47 ----D---- C:\Documents and Settings\Michal\Data aplikací\Adobe
2008-12-25 12:29:28 ----D---- C:\Program Files\Adobe
2008-12-25 12:28:53 ----D---- C:\Program Files\Common Files\Adobe
2008-12-25 12:28:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2008-12-25 12:26:18 ----RSD---- C:\WINDOWS\Fonts
2008-12-21 12:25:35 ----D---- C:\Games
2008-12-21 11:38:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 23:05:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 21:38:09 ----D---- C:\Documents and Settings\Michal\Data aplikací\Mozilla
2008-12-15 14:35:06 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-13 07:39:09 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 12:57:03 ----D---- C:\Program Files\Internet Explorer
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-06-02 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-06-02 512096]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-02 552064]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-25 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

DDS

DDS (Version 1.1.0) - NTFSx86
Run by Michal at 14:02:23,40 on po 05.01.2009
Internet Explorer: 7.0.5730.13
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1535 [GMT 1:00]

AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michal\Dokumenty\!vir\mot3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michal\Dokumenty\!vir\buss.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.atlas.cz/?from=icqhp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ICQ Toolbar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: XTTBPos00 Class: {055FD26D-3A88-4e15-963D-DC8493744B1D} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: ICQ Toolbar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\progra~1\icqtoo~1\toolbaru.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [ICQ] "c:\program files\icq6\ICQ.exe" silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\getrig~1.lnk - c:\program files\getright\getright.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\portpr~1.lnk - c:\program files\microsoft office\office\1029\OLFSNT40.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
LSP: c:\windows\system32\imon.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\getright\ie2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\getright\ie2gr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michal\dataap~1\mozilla\firefox\profiles\ad8bmxpz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.key.chromeAccess", 4);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("keyword.URL", "chrome://browser-region/locale/region.properties");

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-6-2 15424]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" [2008-6-2 552064]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-6-2 36864]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]

=============== Created Last 30 ================

2009-01-05 13:42 <DIR> a-dshr-- C:\cmdcons
2009-01-05 13:41 161,792 a------- c:\windows\SWREG.exe
2009-01-05 13:41 98,816 a------- c:\windows\sed.exe
2009-01-05 13:39 <DIR> --d----- c:\program files\trend micro
2009-01-01 17:25 <DIR> --d----- c:\windows\system32\IOSUBSYS
2008-12-25 12:27 <DIR> --d----- c:\program files\Bonjour
2008-12-25 12:21 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-12-21 11:58 <DIR> --d----- c:\program files\DVD Shrink
2008-12-12 22:47 3,751,995 a------- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-01-05 13:59 398,250 a------- c:\windows\system32\perfh005.dat
2009-01-05 13:59 73,506 a------- c:\windows\system32\perfc005.dat
2008-12-21 16:11 3,080 a------- C:\CDBIDXL.DAT
2008-12-21 16:11 2,056 a------- C:\TDBIDXL.DAT
2008-11-24 02:05 40,734 a------- c:\docume~1\michal\dataap~1\mdbu.bin
2008-11-04 00:38 253,952 -------- c:\windows\Setup1.exe
2008-11-04 00:38 74,752 a------- c:\windows\ST6UNST.EXE
2008-10-30 19:19 3,505 a------- C:\NETRKDB.DAT
2008-10-30 19:19 2,215 a------- C:\NECDB.DAT
2008-10-23 13:42 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 21:33 826,368 a------- c:\windows\system32\wininet.dll
2004-10-01 14:00 40,960 a------- c:\program files\Uninstall_CDS.exe
1999-04-07 17:39 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL
2008-06-02 15:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060220080603\index.dat

============= FINISH: 14:02:29,34 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2.6.2008 15:34:55
System Uptime: 1.5.2009 13:46:35 (-2783 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-VM
Processor: Intel(R) Core(TM)2 Duo CPU E4700 @ 2.60GHz | Socket 775 | 2600/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 14,741 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (FAT32) - 466 GiB total, 10,786 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Myš Microsoft pro port PS/2
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Myš Microsoft pro port PS/2
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ACDSee 32
Ad-Aware
Ad-aware 6 Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8 - Czech
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Aktualizace systému Windows XP (KB898461)
Aktualizace systému Windows XP (KB942763)
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951376)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB953839)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Antivirový systém NOD32
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
Balíček ovladače systému Windows - Pinnacle Systems (BENDER) Media (11/21/2005 2.0.19.0)
BasicCalculations
CCleaner (remove only)
CloneCD
DVD Shrink 3.2
DVD Solution
DYMO Label Software
GetRight
Google Earth
HF Designer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
ICQ6
iGO POI Explorer beta
IKK Direkt Mountainbike Challenge 08
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 5
K-Lite Codec Pack 4.1.3 (Full) BETA
MEPAFLOW600 CBM
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office PowerPoint Viewer 2007 (Czech)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MioTransfer
Mozilla Firefox (3.0.4)
Mozilla Thunderbird (1.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
Nero OEM
NOD32 FiX
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
Oprava Hotfix systému Windows XP (KB952287)
ORF-Ski Challenge 2008
ORF-Ski Challenge 2009
PDF Settings
PDFCreator
PDFill PDF Editor with FREE PDF Writer and Tools
PDFill PDF Writer
Picasa 2
Picasa 3
Pinnacle Bender 32-bit
Pinnacle Instant DVD Recorder
PoiEdit
PowerDVD
QuickTime
RAR Password Cracker 4.12
Realtek High Definition Audio Driver
Sada Compatibility Pack pro systém Office 2007
Security Update pro Microsoft .NET Framework 2.0 (KB928365)
Skype 3.0
Skype Plugin Manager
SpywareBlaster 4.0
Studio 11
Total Commander (Remove or Repair)
User Profile Hive Cleanup Service
Version 3.4.00
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR
Yahoo! Desktop Login

==== End Of File ===========================

Michal ll · Příspěvekod **Michal ll** » 05 led 2009 14:47

Jeste Silent Runner.
Zda se ale ze uz se pocitac umoudril.

SR
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"LaunchList" = "C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" ["Pinnacle Systems"]
"ICQ" = ""C:\Program Files\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS]
"VX1000" = "C:\WINDOWS\vVX1000.exe" [MS]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"MMTray" = ""C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"" ["Musicmatch, Inc."]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" ["Musicmatch, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00"
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Podpora odkazu pro Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozšíření panelu Zobrazení pro panoramatické zobrazení"
-> {HKLM...CLSID} = "Rozšíření panelu Zobrazení pro panoramatické zobrazení"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozšíření ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Panel nástrojů Microsoft pro síť Internet"
-> {HKLM...CLSID} = "Panel nástrojů Microsoft pro síť Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Stav stahování"
-> {HKLM...CLSID} = "Stav stahování"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Rozšířená složka prostředí"
-> {HKLM...CLSID} = "Rozšířená složka prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Vyhledávat v podokně"
-> {HKLM...CLSID} = "Vyhledávat v podokně"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Hledání na webu"
-> {HKLM...CLSID} = "Hledání na webu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Nástroj možností registrového stromu"
-> {HKLM...CLSID} = "Nástroj možností registrového stromu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresa"
-> {HKLM...CLSID} = "&Adresa"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Textové pole adresy"
-> {HKLM...CLSID} = "Textové pole adresy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Automatické dokončování Microsoft"
-> {HKLM...CLSID} = "Automatické dokončování Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Automaticky dokončovaný seznam MRU"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Přístupný"
-> {HKLM...CLSID} = "Přístupný"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Automaticky dokončovaný seznam historie"
-> {HKLM...CLSID} = "Automaticky dokončovaný seznam historie"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
-> {HKLM...CLSID} = "Automaticky se doplňující seznam složky prostředí společnosti Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Kontejner automatického dokončování více seznamů"
-> {HKLM...CLSID} = "Kontejner automatického dokončování více seznamů"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Nabídka serveru pruhu prostředí"
-> {HKLM...CLSID} = "Nabídka serveru pruhu prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Panel plochy aplikací prostředí"
-> {HKLM...CLSID} = "Panel plochy aplikací prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Panel plochy prostředí"
-> {HKLM...CLSID} = "Panel plochy prostředí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Asistence uživatele"
-> {HKLM...CLSID} = "Asistence uživatele"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Globální nastavení složek"
-> {HKLM...CLSID} = "Globální nastavení složek"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1029\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozšíření ikon souborů aplikace Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Studio.Project"
\InProcServer32\(Default) = "C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]
<<!>> "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Proces mezipaměti kategorií součástí"
-> {HKLM...CLSID} = "Proces mezipaměti kategorií součástí"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Společnost Microsoft"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS3ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS3"
"InvokeProgID" = "Adobe.adobebridge"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

MMJBAutoplayBURNERPLUS\
"Provider" = "MUSICMATCH Burner Plus"
"InvokeProgID" = "MMJB.BURN"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\MMJB.BURN\shell\Burn\Command\(Default) = ""C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe""-mmjb"" ["Musicmatch, Inc."]

MMJBPlayCDAudioOnArrival\
"Provider" = "Musicmatch Jukebox"
"InvokeProgID" = "MMJB.AUDIOCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\MMJB.AUDIOCD\shell\Play\command\(Default) = ""C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe" /AudioCD "%1"" ["Musicmatch, Inc."]

MMJBPlayMediaOnArrival\
"Provider" = "Musicmatch Jukebox"
"InvokeProgID" = "MMJB.MMJB"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\MMJB.MMJB\shell\Play\command\(Default) = ""C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe" "%1"" ["Musicmatch, Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

PCLEVideoCameraArrival\
"Provider" = "Pinnacle Studio"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

Startup items in "Michal" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
"GetRight Monitor" -> shortcut to: "C:\Program Files\GetRight\getright.exe /drop" ["HeadLight Software."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Port pro program Symantec Fax Starter Edition" -> shortcut to: "C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

{FB858B22-55E2-413F-87F5-30ADC5552151}\
"ButtonText" = "PDFill PDF Editor"
"Exec" = "C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe" ["PlotSoft LLC"]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]
MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
User Profile Hive Cleanup, UPHClean, "C:\Program Files\UPHClean\uphclean.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CUSTPDF Writer Monitor\Driver = "custmon2k.dll" [null data]
OLFax Ports\Driver = "OLFMNT40.DLL" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]

---------- (launch time: 2009-01-05 14:04:03)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 29 seconds for message boxes)

Příspěvekod **jaro3** » 05 led 2009 17:53

Napiš zda fungují již aktualizace.
Toto otestuj na Virustotal
C:\WINDOWS\NIRCMD.exe
c:\program files\Uninstall_CDS.exe
Vlož sem pak výsledky.

Michal ll · Příspěvekod **Michal ll** » 05 led 2009 22:34

Tak aktualizace i instalace funguji bez problemu.
Zde jsou vysledky scanu. Nevim jestli je to dobre nebo spatne. Nejake virusy tam jako jsou.
http://www.virustotal.com/cs/analisis/f ... 2d4a6848d1
http://www.virustotal.com/cs/analisis/2 ... d131ecd72d

A jeste vysledky Antimalware. To jsem teda smazal, protoze to byl asi duvod, ze ICQ porad neco instaloval.
Malwarebytes' Anti-Malware 1.32
Verze databáze: 1619
Windows 5.1.2600 Service Pack 3

5.1.2009 22:28:46
mbam-log-2009-01-05 (22-28-27).txt

Typ skenu: Rychlý sken
Objektu skenováno: 64431
Uplynulý cas: 6 minute(s), 10 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

Příspěvekod **jaro3** » 05 led 2009 22:48

Takže pokud si tak neučinil:
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM

Takže opět , tentokrát:
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\NIRCMD.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Michal ll · Příspěvekod **Michal ll** » 06 led 2009 00:23

Nejak to probehlo a toto je vysledek. Nicmene NIRCMD.EXE mi nekam zmizel
A samozrejme opet velice dekuji za peci.

ComboFix 09-01-05.03 - Michal 2009-01-06 0:10:12.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1345 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active

FILE ::
c:\windows\NIRCMD.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\NIRCMD.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-05 do 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\Michal\Data aplikací\Malwarebytes
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-05 22:04 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 22:04 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 13:39 . 2009-01-05 13:39 <DIR> d-------- C:\rsit
2009-01-05 13:39 . 2009-01-05 14:10 <DIR> d-------- c:\program files\trend micro
2009-01-01 17:25 . 2009-01-01 17:34 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-25 22:02 . 2008-12-25 22:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-12-25 12:27 . 2008-12-25 12:27 <DIR> d-------- c:\program files\Bonjour
2008-12-25 12:21 . 2008-12-25 12:21 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-21 11:58 . 2008-12-21 11:58 <DIR> d-------- c:\program files\DVD Shrink
2008-12-21 11:58 . 2008-12-21 13:35 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-12 22:47 . 2008-12-12 22:47 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 23:12 --------- d-----w c:\documents and settings\Michal\Data aplikací\Skype
2009-01-05 21:31 --------- d-----w c:\program files\ICQToolbar
2009-01-05 15:55 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-04 23:30 --------- d-----w c:\program files\GetRight
2009-01-02 13:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-02 13:30 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-01 16:25 --------- d-----w c:\program files\Google
2008-12-30 01:42 --------- d-----w c:\program files\ESET
2008-12-29 23:56 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-29 14:07 --------- d-----w c:\program files\Lavasoft
2008-12-29 14:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-29 14:07 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2008-12-25 11:28 --------- d-----w c:\program files\Common Files\Adobe
2008-12-21 15:11 3,080 ----a-w C:\CDBIDXL.DAT
2008-12-21 15:11 2,056 ----a-w C:\TDBIDXL.DAT
2008-12-12 11:55 --------- d-----w c:\documents and settings\Ivanka\Data aplikací\Skype
2008-11-25 23:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 23:42 --------- d-----w c:\program files\MUSICMATCH
2008-11-25 23:41 --------- d-----w c:\documents and settings\Michal\Data aplikací\Musicmatch
2008-11-25 23:09 --------- d-----w c:\program files\SlySoft
2008-11-24 01:05 40,734 ----a-w c:\documents and settings\Michal\Data aplikací\mdbu.bin
2008-11-23 20:43 --------- d-----w c:\program files\HappyFoto
2008-11-23 16:04 --------- d-----w c:\program files\iGO POI Explorer beta
2008-11-23 15:58 --------- d-----w c:\program files\Dnote Software
2008-11-23 12:33 --------- d-----w c:\program files\Mio DigiWalker
2008-11-03 23:38 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-03 23:38 253,952 ------w c:\windows\Setup1.exe
2008-10-30 18:19 3,505 ----a-w C:\NETRKDB.DAT
2008-10-30 18:19 2,215 ----a-w C:\NECDB.DAT
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
1999-04-07 16:39 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
2008-06-02 14:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.56.57.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 12:51:20 73,506 ----a-w c:\windows\system32\perfc005.dat
+ 2009-01-05 12:59:07 73,506 ----a-w c:\windows\system32\perfc005.dat
- 2009-01-05 12:51:20 62,422 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-05 12:59:07 62,422 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-05 12:51:20 398,250 ----a-w c:\windows\system32\perfh005.dat
+ 2009-01-05 12:59:07 398,250 ----a-w c:\windows\system32\perfh005.dat
- 2009-01-05 12:51:20 400,760 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-05 12:59:07 400,760 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25365032]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-02 949376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-11-07 110592]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-11-07 8192]
"SkyTel"="SkyTel.EXE" [2007-10-11 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GetRight Monitor.lnk - c:\program files\GetRight\getright.exe [2008-06-22 1209344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-04-07 46080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-06-02 15424]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-02 36864]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\imon.dll
Trusted Zone: online.musicmatch.com
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\ie2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\ie2gr.dll
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\ad8bmxpz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 00:12:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2940)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-01-06 0:13:44
ComboFix-quarantined-files.txt 2009-01-05 23:13:13
ComboFix2.txt 2009-01-05 12:57:50

Před spuštěním: 9 261 563 904
Po spuštění: 9,215,766,528

199 --- E O F --- 2008-12-21 10:38:54

Příspěvekod **jaro3** » 06 led 2009 07:36

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Michal ll · Příspěvekod **Michal ll** » 06 led 2009 11:04

Tak tedy ComboFix

ComboFix 09-01-05.05 - Michal 2009-01-06 10:49:01.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2038.1481 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-12-06 do 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\Michal\Data aplikací\Malwarebytes
2009-01-05 22:04 . 2009-01-05 22:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-05 22:04 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 22:04 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 13:39 . 2009-01-05 13:39 <DIR> d-------- C:\rsit
2009-01-05 13:39 . 2009-01-05 14:10 <DIR> d-------- c:\program files\trend micro
2009-01-01 17:25 . 2009-01-01 17:34 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-25 22:02 . 2008-12-25 22:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-12-25 12:27 . 2008-12-25 12:27 <DIR> d-------- c:\program files\Bonjour
2008-12-25 12:21 . 2008-12-25 12:21 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-21 11:58 . 2008-12-21 11:58 <DIR> d-------- c:\program files\DVD Shrink
2008-12-21 11:58 . 2008-12-21 13:35 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-12 22:47 . 2008-12-12 22:47 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 09:51 --------- d-----w c:\documents and settings\Michal\Data aplikací\Skype
2009-01-06 09:42 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-05 21:31 --------- d-----w c:\program files\ICQToolbar
2009-01-04 23:30 --------- d-----w c:\program files\GetRight
2009-01-02 13:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-02 13:30 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-01 16:25 --------- d-----w c:\program files\Google
2008-12-30 01:42 --------- d-----w c:\program files\ESET
2008-12-29 23:56 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-29 14:07 --------- d-----w c:\program files\Lavasoft
2008-12-29 14:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-29 14:07 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2008-12-25 11:28 --------- d-----w c:\program files\Common Files\Adobe
2008-12-21 15:11 3,080 ----a-w C:\CDBIDXL.DAT
2008-12-21 15:11 2,056 ----a-w C:\TDBIDXL.DAT
2008-12-12 11:55 --------- d-----w c:\documents and settings\Ivanka\Data aplikací\Skype
2008-11-25 23:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 23:42 --------- d-----w c:\program files\MUSICMATCH
2008-11-25 23:41 --------- d-----w c:\documents and settings\Michal\Data aplikací\Musicmatch
2008-11-25 23:09 --------- d-----w c:\program files\SlySoft
2008-11-24 01:05 40,734 ----a-w c:\documents and settings\Michal\Data aplikací\mdbu.bin
2008-11-23 20:43 --------- d-----w c:\program files\HappyFoto
2008-11-23 16:04 --------- d-----w c:\program files\iGO POI Explorer beta
2008-11-23 15:58 --------- d-----w c:\program files\Dnote Software
2008-11-23 12:33 --------- d-----w c:\program files\Mio DigiWalker
2008-11-03 23:38 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-03 23:38 253,952 ------w c:\windows\Setup1.exe
2008-10-30 18:19 3,505 ----a-w C:\NETRKDB.DAT
2008-10-30 18:19 2,215 ----a-w C:\NECDB.DAT
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
1999-04-07 16:39 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
2008-06-02 14:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.56.57.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 12:51:20 73,506 ----a-w c:\windows\system32\perfc005.dat
+ 2009-01-06 09:39:52 73,506 ----a-w c:\windows\system32\perfc005.dat
- 2009-01-05 12:51:20 62,422 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-06 09:39:52 62,422 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-05 12:51:20 398,250 ----a-w c:\windows\system32\perfh005.dat
+ 2009-01-06 09:39:52 398,250 ----a-w c:\windows\system32\perfh005.dat
- 2009-01-05 12:51:20 400,760 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-06 09:39:52 400,760 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25365032]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-02 949376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-11-07 110592]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-11-07 8192]
"SkyTel"="SkyTel.EXE" [2007-10-11 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GetRight Monitor.lnk - c:\program files\GetRight\getright.exe [2008-06-22 1209344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-04-07 46080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-06-02 15424]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-02 36864]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\imon.dll
Trusted Zone: online.musicmatch.com
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\ie2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\progra~1\GetRight\ie2gr.dll
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\ad8bmxpz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 10:51:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,dd,9c,29,b7,52,\
b8,51,49,c8,28,51,af,b0,29,a3,98,b1,4b,fe,aa,f4,69,df,9b,e2,63,26,f1,3f,c8,\
ff,68,db,e2,c3,cf,ae,51,d8,c1,2e,e8,e1,00,eb,16,2b,de,30,7c,cf,40,3e,4f,60,\
68,a8,84,9e,6f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a1,60,34,4d,00,\
ba,30,60,71,3b,04,66,8b,46,0d,96,49,d3,e6,ee,83,2b,10,16,6a,9c,d6,61,af,45,\
84,18,b1,3f,6c,95,52,8f,05,3d,71,3b,04,66,8b,46,0d,96,59,fb,70,28,9e,9c,b7,\
a9,4a,73,2e,2b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,41,2b,a6,d7,3e,\
b9,5e,3a,25,da,ec,7e,55,20,c9,26,b6,50,a3,c3,12,cf,05,4c,ff,7c,85,e0,43,d4,\
0e,fe,b4,5f,8a,0b,08,c0,b0,6a,ff,7c,85,e0,43,d4,0e,fe,35,e6,13,d9,25,68,02,\
f2,20,75,13,09

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6b,e7,0f,ee,62,\
e0,2d,e8,3e,1e,9e,e0,57,5a,93,61,8b,4e,3e,bb,55,ac,77,f3,86,8c,21,01,be,91,\
eb,e7,6c,da,77,f5,d0,04,db,a0,3e,1e,9e,e0,57,5a,93,61,38,8e,24,30,05,a4,95,\
ef,dd,38,f2,32

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,52,70,b9,0f,b6,\
3a,fa,2e,cd,44,cd,b9,a6,33,6c,cd,98,ec,74,89,75,98,59,88,f5,1d,4d,73,a8,13,\
5c,05,89,e7,2a,2c,b8,1b,1d,1e,f5,1d,4d,73,a8,13,5c,05,f9,3e,c4,0e,84,de,e8,\
c9,ff,d7,7d,bc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,0b,6e,d3,0c,\
9f,44,a9,b0,18,ed,a7,3f,8d,37,a4,49,8e,2c,73,cd,c8,65,f2,df,20,58,62,78,6b,\
cf,c8,69,99,e8,f5,4d,61,25,70,df,20,58,62,78,6b,cf,c8,fb,b1,c4,36,4b,c0,27,\
b0,3a,e2,13,f2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,90,1d,a9,3a,eb,\
66,56,fc,31,77,e1,ba,b1,f8,68,02,1f,77,67,73,4e,cd,a7,c4,fb,a7,78,e6,12,2f,\
9a,ea,e9,24,57,82,ca,05,e1,c8,31,77,e1,ba,b1,f8,68,02,7e,bf,2e,83,12,6c,35,\
5d,fc,24,96,76

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ae,01,5e,25,ba,\
d2,5b,d6,83,6c,56,8b,a0,85,96,ab,63,bd,43,72,59,fb,88,a5,01,3a,48,fc,e8,04,\
4a,f1,2e,99,8f,f6,50,34,9f,19,83,6c,56,8b,a0,85,96,ab,45,a6,b0,a4,33,28,30,\
71,25,c0,f4,83

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d0,44,90,16,da,\
37,bf,84,51,fa,6e,91,28,9e,14,cc,39,1a,40,50,6d,af,0b,a5,f6,0f,4e,58,98,5b,\
89,c9,65,a8,b3,8d,e9,19,96,4c,f6,0f,4e,58,98,5b,89,c9,98,56,62,04,00,e3,88,\
3d,ec,4a,e4,da

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f2,ef,48,fc,fc,\
9a,47,65,b1,cd,45,5a,a8,c4,f8,b9,6e,97,73,d8,60,1c,69,b9,3d,ce,ea,26,2d,45,\
aa,78,fb,a7,98,73,09,c2,b5,78,3d,ce,ea,26,2d,45,aa,78,59,9b,fc,48,33,0b,81,\
63,d5,aa,fb,14

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,25,76,e9,84,f3,\
e6,73,90,e3,0e,66,d5,eb,bc,2f,6b,d7,1c,21,fb,b6,bd,4a,29,2a,b7,cc,b5,b9,7f,\
41,e7,c0,8b,62,35,e3,b2,59,29,2a,b7,cc,b5,b9,7f,41,e7,a8,8f,50,9c,3c,be,ea,\
ab,7c,85,a0,3e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,0f,b7,4a,a8,41,\
f2,18,2a,fa,ea,66,7f,d4,3b,6b,70,e0,65,b2,9d,9a,9b,2e,f1,6c,43,2d,1e,aa,22,\
2f,9c,6d,c2,ce,7f,f8,a8,5f,f3,05,73,21,dd,54,d8,4a,c5,12,f9,39,2d,e4,f4,1a,\
f1,a5,2f,1c,0a
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-01-06 10:53:01
ComboFix-quarantined-files.txt 2009-01-06 09:52:47
ComboFix2.txt 2009-01-05 23:15:55
ComboFix3.txt 2009-01-05 12:57:50

Před spuštěním: 8 640 643 072
Po spuštění: 8,631,472,128

274 --- E O F --- 2008-12-21 10:38:54

a HJT

Logfile of HijackThis v1.99.1
Scan saved at 11:02:03, on 6.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Michal\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - Global Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

Prosim o kontrolu logu - podivny problem

Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Re: Prosim o kontrolu logu - podivny problem

Kdo je online