prosím o kontrolu logu,nejdou aktualizace na ntb Vyřešeno

[fortret]

Ahoj, prosím o kontrolu logu, nejdou aktualizace programů a přestal jít i update OS, děkuji



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:30, on 20.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O13 - Gopher Prefix:


Nic tam závadného nevidím.

Vypni rez. ochranu U Kaspersky.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[fortret]

ComboFix 09-03-19.02 - VERONIKA 2009-03-20 19:07:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.2038.1239 [GMT 1:00]
Spuštěný z: c:\users\VERONIKA\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-20 do 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 14:44 . 2009-03-20 14:44 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 08:07 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:07 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:07 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:07 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-26 08:22 . 2009-03-05 18:05 <DIR> d-------- c:\users\VERONIKA\nehty mmb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 18:09 --------- d-----w c:\users\VERONIKA\AppData\Roaming\Skype
2009-03-20 15:01 --------- d-----w c:\users\VERONIKA\AppData\Roaming\skypePM
2009-03-20 06:13 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-19 21:10 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-19 21:10 2,396 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-19 21:10 2,035,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-19 21:10 16,984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-17 14:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 14:10 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-11 20:04 --------- d-----w c:\program files\Windows Mail
2009-03-11 20:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-28 08:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-10 11:47 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-06 12:11 --------- d-----w c:\programdata\Skype
2009-02-06 12:11 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 12:11 --------- d-----r c:\program files\Skype
2009-02-03 18:41 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:41 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-08-28 16:12 27,620 ----a-w c:\users\VERONIKA\AppData\Roaming\nvModes.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
2003-03-18 15:53 1,069,056 ----a-w c:\users\VERONIKA\Advent.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-17 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1DF7C515-855C-4723-8BDC-A80925FFFED9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D76DFDE6-5502-4089-8402-F32281262826}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{D342C27F-5634-482C-95C7-D4728D7098B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30360E38-6987-49CF-BAC7-0A9958602637}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E7A0A90A-8338-484B-89B2-8039081D61CB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AFF90478-4597-41CA-ABA8-E416702BEDE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E82F3B8-5503-49CB-8371-4E059523A092}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5C8BD0B5-CDA5-492D-8C40-B0AE9D26D156}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{550033C2-BEB9-4A2A-96CD-6A5F029E3B93}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ACE21F0D-FAA5-4456-9B4C-4B2C0CC1C1B4}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{355D9168-B83A-4F8E-947F-9EC5C6544731}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"{132C3DDF-762F-41B1-8FEA-8ECE9F68DA23}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{7A2DB48C-54F2-4732-AFD3-3D68E202F4CA}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{2FB0494C-3EF6-4BA9-9855-7A0E9A1CFC66}"= UDP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{3204A46C-E69B-4D7F-848B-9A7A222129CA}"= TCP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{0ED46ECE-B275-4A76-A803-1BAC3BE5386B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CEFCAA-6332-4FAD-91CA-25EED22BAD02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC1AA533-4B45-4254-9D63-38C709F86E08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1140A90-4996-4678-A7C3-58669EA4D94D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AA41256-5D5F-4D78-89A7-1ED8A25CD1B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{25F1C402-6F5C-4A7C-BEC7-66C9C71A92B2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77D24638-6330-411F-97D6-9D75D094EB82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C303C87-BF22-4824-B391-7932597D8FF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4011BB2A-7120-43C6-A4D2-66AE57F4C600}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C214471-F569-47E8-A7CD-DA4EBA27295F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{12BCDD48-4B64-460E-A032-7E20ABAD6595}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA42D741-46D1-47E5-8872-48BBCC49BEA0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6798FB90-C261-462A-B945-08A3D549FBE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B9C6088-18B4-4126-93F2-A7B59751F482}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EDE07C2-FF7B-42EB-8EF5-8651C0538A53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{09267255-2F48-4FD2-B616-FEFCD3118A04}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C62CD915-78AD-4CF8-A800-3DE7596FDE79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6463D0E7-890B-4D8C-9DAC-0B7F84A20096}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D845503-6D88-43C4-99A0-B9BF0E6B7093}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04925DCA-6067-4C94-BF8D-53A6664DC5D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6FA15E9C-F005-49D6-B72C-55CF57C05ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3AD30393-D046-4C3C-9B78-3CB3BA8E6AD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4598CF2C-7E95-49A7-B202-785F3B05D435}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15A36752-C138-4316-BA8B-7A902752A6D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{704674E0-D23D-4D53-A35A-525309FDF2C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B7335637-1D9D-4E62-B5D5-1A627E8A0983}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F87062BA-FFA4-40A2-ACDC-2F31CADDADD1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9BD82434-F234-4F8B-83EC-DE272D5374FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4256679-56B6-4BC7-8033-672CBAF8C17C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{96DDE5CF-61E8-4B97-9050-F5B4517480A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF9CAE85-3DB2-47EE-9970-8E4ED62F82C7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90AF7C93-8F63-4760-B2F8-B57B936AA7C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{834C4E3B-512D-49BF-A31D-1C93F5188474}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5629ABE0-32BA-4710-B5BC-1C0BCEDDDAA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0282D4B1-E26E-4318-84D5-C5B3A6EF0F8F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E22FAC0-7B32-40E8-A9B9-0A4452A85D85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B58B92C9-C755-48B5-85F9-78E93D8752B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E52F0F46-26A1-4F1C-9F31-6E30F016817F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA4B22CA-CBC7-453B-A94C-28C0365E26E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F7A6FEC-3814-4796-9E4C-E786998C8DC2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C511816-76F4-4EFD-8A1E-F83FC1834762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{165EE0FC-552E-469C-9FF0-E85BF1A400E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A408029E-72B0-4DA1-8C50-D8D5BB6CC828}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-08-28 72192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-04 809296]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-08-31 351232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284d9491-12c5-11de-89c8-001b24cc69c2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{64357DEA-9F34-437C-A5AD-179D1DC744F7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\7kktzk4f.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 19:09:55
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-20 19:12:21
ComboFix-quarantined-files.txt 2009-03-20 18:12:17

Před spuštěním: Volných bajtů: 88 267 689 984
Po spuštění: Volných bajtů: 88,224,542,720

171 --- E O F --- 2009-03-20 06:19:29

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Tuto složku znáš: c:\users\VERONIKA\nehty mmb ?

[fortret]

ta složka by měla být v pořádku, jsou v ní upravené fotografie nehtů mé drahé polovičky na mimibazar

ComboFix 09-03-19.02 - VERONIKA 2009-03-20 20:19:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.2038.1104 [GMT 1:00]
Spuštěný z: c:\users\VERONIKA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-20 do 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 20:18 . 2009-03-20 20:18 <DIR> d-------- C:\32788R22FWJFW
2009-03-20 14:44 . 2009-03-20 14:44 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 08:07 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:07 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:07 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:07 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-26 08:22 . 2009-03-05 18:05 <DIR> d-------- c:\users\VERONIKA\nehty mmb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 19:23 --------- d-----w c:\users\VERONIKA\AppData\Roaming\Skype
2009-03-20 18:17 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-20 15:01 --------- d-----w c:\users\VERONIKA\AppData\Roaming\skypePM
2009-03-19 21:10 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-19 21:10 2,396 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-19 21:10 2,035,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-19 21:10 16,984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-17 14:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 14:10 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-11 20:04 --------- d-----w c:\program files\Windows Mail
2009-03-11 20:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-28 08:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-10 11:47 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-06 12:11 --------- d-----w c:\programdata\Skype
2009-02-06 12:11 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 12:11 --------- d-----r c:\program files\Skype
2009-02-03 18:41 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:41 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-08-28 16:12 27,620 ----a-w c:\users\VERONIKA\AppData\Roaming\nvModes.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
2003-03-18 15:53 1,069,056 ----a-w c:\users\VERONIKA\Advent.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_19.10.22,52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-20 06:14:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-20 18:09:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-20 19:23:00 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-20 19:23:00 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-17 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1DF7C515-855C-4723-8BDC-A80925FFFED9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D76DFDE6-5502-4089-8402-F32281262826}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{D342C27F-5634-482C-95C7-D4728D7098B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30360E38-6987-49CF-BAC7-0A9958602637}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E7A0A90A-8338-484B-89B2-8039081D61CB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AFF90478-4597-41CA-ABA8-E416702BEDE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E82F3B8-5503-49CB-8371-4E059523A092}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5C8BD0B5-CDA5-492D-8C40-B0AE9D26D156}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{550033C2-BEB9-4A2A-96CD-6A5F029E3B93}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ACE21F0D-FAA5-4456-9B4C-4B2C0CC1C1B4}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{355D9168-B83A-4F8E-947F-9EC5C6544731}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"{132C3DDF-762F-41B1-8FEA-8ECE9F68DA23}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{7A2DB48C-54F2-4732-AFD3-3D68E202F4CA}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{2FB0494C-3EF6-4BA9-9855-7A0E9A1CFC66}"= UDP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{3204A46C-E69B-4D7F-848B-9A7A222129CA}"= TCP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{0ED46ECE-B275-4A76-A803-1BAC3BE5386B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CEFCAA-6332-4FAD-91CA-25EED22BAD02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC1AA533-4B45-4254-9D63-38C709F86E08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1140A90-4996-4678-A7C3-58669EA4D94D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AA41256-5D5F-4D78-89A7-1ED8A25CD1B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{25F1C402-6F5C-4A7C-BEC7-66C9C71A92B2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77D24638-6330-411F-97D6-9D75D094EB82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C303C87-BF22-4824-B391-7932597D8FF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4011BB2A-7120-43C6-A4D2-66AE57F4C600}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C214471-F569-47E8-A7CD-DA4EBA27295F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{12BCDD48-4B64-460E-A032-7E20ABAD6595}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA42D741-46D1-47E5-8872-48BBCC49BEA0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6798FB90-C261-462A-B945-08A3D549FBE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B9C6088-18B4-4126-93F2-A7B59751F482}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EDE07C2-FF7B-42EB-8EF5-8651C0538A53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{09267255-2F48-4FD2-B616-FEFCD3118A04}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C62CD915-78AD-4CF8-A800-3DE7596FDE79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6463D0E7-890B-4D8C-9DAC-0B7F84A20096}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D845503-6D88-43C4-99A0-B9BF0E6B7093}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04925DCA-6067-4C94-BF8D-53A6664DC5D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6FA15E9C-F005-49D6-B72C-55CF57C05ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3AD30393-D046-4C3C-9B78-3CB3BA8E6AD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4598CF2C-7E95-49A7-B202-785F3B05D435}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15A36752-C138-4316-BA8B-7A902752A6D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{704674E0-D23D-4D53-A35A-525309FDF2C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B7335637-1D9D-4E62-B5D5-1A627E8A0983}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F87062BA-FFA4-40A2-ACDC-2F31CADDADD1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9BD82434-F234-4F8B-83EC-DE272D5374FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4256679-56B6-4BC7-8033-672CBAF8C17C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{96DDE5CF-61E8-4B97-9050-F5B4517480A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF9CAE85-3DB2-47EE-9970-8E4ED62F82C7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90AF7C93-8F63-4760-B2F8-B57B936AA7C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{834C4E3B-512D-49BF-A31D-1C93F5188474}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5629ABE0-32BA-4710-B5BC-1C0BCEDDDAA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0282D4B1-E26E-4318-84D5-C5B3A6EF0F8F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E22FAC0-7B32-40E8-A9B9-0A4452A85D85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B58B92C9-C755-48B5-85F9-78E93D8752B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E52F0F46-26A1-4F1C-9F31-6E30F016817F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA4B22CA-CBC7-453B-A94C-28C0365E26E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F7A6FEC-3814-4796-9E4C-E786998C8DC2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C511816-76F4-4EFD-8A1E-F83FC1834762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{165EE0FC-552E-469C-9FF0-E85BF1A400E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A408029E-72B0-4DA1-8C50-D8D5BB6CC828}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-08-28 72192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-04 809296]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-08-31 351232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284d9491-12c5-11de-89c8-001b24cc69c2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{64357DEA-9F34-437C-A5AD-179D1DC744F7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 1.1.1.4:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\7kktzk4f.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 20:23:14
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-20 20:26:11
ComboFix-quarantined-files.txt 2009-03-20 19:26:05
ComboFix2.txt 2009-03-20 18:12:23



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:50, on 20.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 1.1.1.4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.1.1.4:3128
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4798 bytes

[jaro3]

Takže zapomněl jsem napsat aby si před scriptem zase vypnul rez. ochrany u Kaspersky.
Takže je vypni a proveď tento script:

Kód: Vybrat vše

File::
C:\32788R22FWJFW

Registry::
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000000


Postup stejný jako výše.

[fortret]

Nový log

ComboFix 09-03-19.02 - VERONIKA 2009-03-20 21:30:59.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.2038.1166 [GMT 1:00]
Spuštěný z: c:\users\VERONIKA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

FILE ::
C:\32788R22FWJFW
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-20 do 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 14:44 . 2009-03-20 14:44 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 08:07 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:07 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:07 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:07 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-26 08:22 . 2009-03-05 18:05 <DIR> d-------- c:\users\VERONIKA\nehty mmb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 20:32 --------- d-----w c:\users\VERONIKA\AppData\Roaming\Skype
2009-03-20 18:17 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-20 15:01 --------- d-----w c:\users\VERONIKA\AppData\Roaming\skypePM
2009-03-19 21:10 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-19 21:10 2,396 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-19 21:10 2,035,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-19 21:10 16,984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-17 14:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 14:10 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-11 20:04 --------- d-----w c:\program files\Windows Mail
2009-03-11 20:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-28 08:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-10 11:47 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-06 12:11 --------- d-----w c:\programdata\Skype
2009-02-06 12:11 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 12:11 --------- d-----r c:\program files\Skype
2009-02-03 18:41 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:41 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-08-28 16:12 27,620 ----a-w c:\users\VERONIKA\AppData\Roaming\nvModes.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
2003-03-18 15:53 1,069,056 ----a-w c:\users\VERONIKA\Advent.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_19.10.22,52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-20 06:14:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-20 18:09:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-20 20:32:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-17 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1DF7C515-855C-4723-8BDC-A80925FFFED9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D76DFDE6-5502-4089-8402-F32281262826}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{D342C27F-5634-482C-95C7-D4728D7098B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30360E38-6987-49CF-BAC7-0A9958602637}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E7A0A90A-8338-484B-89B2-8039081D61CB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AFF90478-4597-41CA-ABA8-E416702BEDE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E82F3B8-5503-49CB-8371-4E059523A092}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5C8BD0B5-CDA5-492D-8C40-B0AE9D26D156}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{550033C2-BEB9-4A2A-96CD-6A5F029E3B93}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ACE21F0D-FAA5-4456-9B4C-4B2C0CC1C1B4}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{355D9168-B83A-4F8E-947F-9EC5C6544731}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"{132C3DDF-762F-41B1-8FEA-8ECE9F68DA23}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{7A2DB48C-54F2-4732-AFD3-3D68E202F4CA}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{2FB0494C-3EF6-4BA9-9855-7A0E9A1CFC66}"= UDP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{3204A46C-E69B-4D7F-848B-9A7A222129CA}"= TCP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{0ED46ECE-B275-4A76-A803-1BAC3BE5386B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CEFCAA-6332-4FAD-91CA-25EED22BAD02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC1AA533-4B45-4254-9D63-38C709F86E08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1140A90-4996-4678-A7C3-58669EA4D94D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AA41256-5D5F-4D78-89A7-1ED8A25CD1B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{25F1C402-6F5C-4A7C-BEC7-66C9C71A92B2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77D24638-6330-411F-97D6-9D75D094EB82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C303C87-BF22-4824-B391-7932597D8FF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4011BB2A-7120-43C6-A4D2-66AE57F4C600}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C214471-F569-47E8-A7CD-DA4EBA27295F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{12BCDD48-4B64-460E-A032-7E20ABAD6595}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA42D741-46D1-47E5-8872-48BBCC49BEA0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6798FB90-C261-462A-B945-08A3D549FBE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B9C6088-18B4-4126-93F2-A7B59751F482}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EDE07C2-FF7B-42EB-8EF5-8651C0538A53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{09267255-2F48-4FD2-B616-FEFCD3118A04}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C62CD915-78AD-4CF8-A800-3DE7596FDE79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6463D0E7-890B-4D8C-9DAC-0B7F84A20096}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D845503-6D88-43C4-99A0-B9BF0E6B7093}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04925DCA-6067-4C94-BF8D-53A6664DC5D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6FA15E9C-F005-49D6-B72C-55CF57C05ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3AD30393-D046-4C3C-9B78-3CB3BA8E6AD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4598CF2C-7E95-49A7-B202-785F3B05D435}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15A36752-C138-4316-BA8B-7A902752A6D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{704674E0-D23D-4D53-A35A-525309FDF2C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B7335637-1D9D-4E62-B5D5-1A627E8A0983}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F87062BA-FFA4-40A2-ACDC-2F31CADDADD1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9BD82434-F234-4F8B-83EC-DE272D5374FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4256679-56B6-4BC7-8033-672CBAF8C17C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{96DDE5CF-61E8-4B97-9050-F5B4517480A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF9CAE85-3DB2-47EE-9970-8E4ED62F82C7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90AF7C93-8F63-4760-B2F8-B57B936AA7C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{834C4E3B-512D-49BF-A31D-1C93F5188474}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5629ABE0-32BA-4710-B5BC-1C0BCEDDDAA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0282D4B1-E26E-4318-84D5-C5B3A6EF0F8F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E22FAC0-7B32-40E8-A9B9-0A4452A85D85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B58B92C9-C755-48B5-85F9-78E93D8752B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E52F0F46-26A1-4F1C-9F31-6E30F016817F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA4B22CA-CBC7-453B-A94C-28C0365E26E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F7A6FEC-3814-4796-9E4C-E786998C8DC2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C511816-76F4-4EFD-8A1E-F83FC1834762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{165EE0FC-552E-469C-9FF0-E85BF1A400E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A408029E-72B0-4DA1-8C50-D8D5BB6CC828}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-08-28 72192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-04 809296]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-08-31 351232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284d9491-12c5-11de-89c8-001b24cc69c2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{64357DEA-9F34-437C-A5AD-179D1DC744F7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 1.1.1.4:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\7kktzk4f.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 21:32:49
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-20 21:35:14
ComboFix-quarantined-files.txt 2009-03-20 20:35:10
ComboFix2.txt 2009-03-20 20:13:25
ComboFix3.txt 2009-03-20 19:26:12
ComboFix4.txt 2009-03-20 18:12:23

Před spuštěním: Volných bajtů: 88 290 996 224
Po spuštění: Volných bajtů: 88,225,525,760

186 --- E O F --- 2009-03-20 06:19:29

[jaro3]

Ta hodnota klíče pro Kaspersky je pořád špatná...
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
****************************************************************************************************************************************
Pak zkus znovu tento script:

Kód: Vybrat vše

Registry::
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000


Kouknu se zítra..

[fortret]

dr.web nic nenašel
poté script přes combofix
nový log

ComboFix 09-03-19.02 - VERONIKA 2009-03-20 22:17:55.5 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.2038.813 [GMT 1:00]
Spuštěný z: c:\users\VERONIKA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-20 do 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 22:09 . 2009-03-20 22:09 <DIR> d-------- c:\users\VERONIKA\DoctorWeb
2009-03-20 14:44 . 2009-03-20 14:44 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 08:07 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:07 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 08:07 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:07 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:07 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-26 08:22 . 2009-03-05 18:05 <DIR> d-------- c:\users\VERONIKA\nehty mmb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 21:16 --------- d-----w c:\users\VERONIKA\AppData\Roaming\Skype
2009-03-20 18:17 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-20 15:01 --------- d-----w c:\users\VERONIKA\AppData\Roaming\skypePM
2009-03-19 21:10 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-19 21:10 2,396 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-19 21:10 2,035,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-19 21:10 16,984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-17 14:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 14:10 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-11 20:04 --------- d-----w c:\program files\Windows Mail
2009-03-11 20:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-28 08:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-10 11:47 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-06 12:11 --------- d-----w c:\programdata\Skype
2009-02-06 12:11 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 12:11 --------- d-----r c:\program files\Skype
2009-02-03 18:41 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:41 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-08-28 16:12 27,620 ----a-w c:\users\VERONIKA\AppData\Roaming\nvModes.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
2003-03-18 15:53 1,069,056 ----a-w c:\users\VERONIKA\Advent.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_19.10.22,52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-20 06:14:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-20 18:10:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-20 18:09:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-20 21:19:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-20 21:19:53 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-17 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-250979526-2358378067-2524899568-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1DF7C515-855C-4723-8BDC-A80925FFFED9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D76DFDE6-5502-4089-8402-F32281262826}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{D342C27F-5634-482C-95C7-D4728D7098B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{30360E38-6987-49CF-BAC7-0A9958602637}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E7A0A90A-8338-484B-89B2-8039081D61CB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AFF90478-4597-41CA-ABA8-E416702BEDE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E82F3B8-5503-49CB-8371-4E059523A092}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5C8BD0B5-CDA5-492D-8C40-B0AE9D26D156}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{550033C2-BEB9-4A2A-96CD-6A5F029E3B93}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ACE21F0D-FAA5-4456-9B4C-4B2C0CC1C1B4}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{355D9168-B83A-4F8E-947F-9EC5C6544731}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"{132C3DDF-762F-41B1-8FEA-8ECE9F68DA23}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{7A2DB48C-54F2-4732-AFD3-3D68E202F4CA}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{2FB0494C-3EF6-4BA9-9855-7A0E9A1CFC66}"= UDP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{3204A46C-E69B-4D7F-848B-9A7A222129CA}"= TCP:c:\program files\Yamicsoft\Vista Manager\LiveUpdate.exe:LiveUpdate
"{0ED46ECE-B275-4A76-A803-1BAC3BE5386B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CEFCAA-6332-4FAD-91CA-25EED22BAD02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC1AA533-4B45-4254-9D63-38C709F86E08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1140A90-4996-4678-A7C3-58669EA4D94D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AA41256-5D5F-4D78-89A7-1ED8A25CD1B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{25F1C402-6F5C-4A7C-BEC7-66C9C71A92B2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77D24638-6330-411F-97D6-9D75D094EB82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C303C87-BF22-4824-B391-7932597D8FF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4011BB2A-7120-43C6-A4D2-66AE57F4C600}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C214471-F569-47E8-A7CD-DA4EBA27295F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{12BCDD48-4B64-460E-A032-7E20ABAD6595}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA42D741-46D1-47E5-8872-48BBCC49BEA0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6798FB90-C261-462A-B945-08A3D549FBE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B9C6088-18B4-4126-93F2-A7B59751F482}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EDE07C2-FF7B-42EB-8EF5-8651C0538A53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{09267255-2F48-4FD2-B616-FEFCD3118A04}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C62CD915-78AD-4CF8-A800-3DE7596FDE79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6463D0E7-890B-4D8C-9DAC-0B7F84A20096}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D845503-6D88-43C4-99A0-B9BF0E6B7093}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04925DCA-6067-4C94-BF8D-53A6664DC5D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6FA15E9C-F005-49D6-B72C-55CF57C05ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3AD30393-D046-4C3C-9B78-3CB3BA8E6AD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4598CF2C-7E95-49A7-B202-785F3B05D435}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{15A36752-C138-4316-BA8B-7A902752A6D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{704674E0-D23D-4D53-A35A-525309FDF2C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B7335637-1D9D-4E62-B5D5-1A627E8A0983}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F87062BA-FFA4-40A2-ACDC-2F31CADDADD1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9BD82434-F234-4F8B-83EC-DE272D5374FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4256679-56B6-4BC7-8033-672CBAF8C17C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{96DDE5CF-61E8-4B97-9050-F5B4517480A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF9CAE85-3DB2-47EE-9970-8E4ED62F82C7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90AF7C93-8F63-4760-B2F8-B57B936AA7C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{834C4E3B-512D-49BF-A31D-1C93F5188474}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5629ABE0-32BA-4710-B5BC-1C0BCEDDDAA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0282D4B1-E26E-4318-84D5-C5B3A6EF0F8F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E22FAC0-7B32-40E8-A9B9-0A4452A85D85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B58B92C9-C755-48B5-85F9-78E93D8752B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E52F0F46-26A1-4F1C-9F31-6E30F016817F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA4B22CA-CBC7-453B-A94C-28C0365E26E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F7A6FEC-3814-4796-9E4C-E786998C8DC2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C511816-76F4-4EFD-8A1E-F83FC1834762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{165EE0FC-552E-469C-9FF0-E85BF1A400E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A408029E-72B0-4DA1-8C50-D8D5BB6CC828}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-08-28 72192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-04 809296]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-08-31 351232]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - DwShield00003852

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{284d9491-12c5-11de-89c8-001b24cc69c2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{64357DEA-9F34-437C-A5AD-179D1DC744F7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 1.1.1.4:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\7kktzk4f.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 22:20:06
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-20 22:22:45
ComboFix-quarantined-files.txt 2009-03-20 21:22:42
ComboFix2.txt 2009-03-20 20:35:15
ComboFix3.txt 2009-03-20 20:13:25
ComboFix4.txt 2009-03-20 19:26:12
ComboFix5.txt 2009-03-20 21:17:13

Před spuštěním: Volných bajtů: 88 247 328 768
Po spuštění: Volných bajtů: 88,181,350,400

189 --- E O F --- 2009-03-20 06:19:29



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:14, on 20.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 1.1.1.4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.1.1.4:3128
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4641 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stahni si SREng
- rozbal na plochu a spust ho
- zvol "zvol Smart Scan", nech nastaveni tak jak je
- zvol "Verify the digital signature of process modules"
- klik na "Scan"
- klik na Save Reports, uloz log na plochu a cely obsah logu zkopirujt sem
- rozbal na plochu a spust ho
+
- Spusť ho a zvol možnost System Repair
- Na první záložce File Associations pokud bude zatrhnutý/vybraný některý čtvereček z výpisu, tak klikni dole na tlačítko Repair

[fortret]

Tak jsem včera ještě po scriptu projel PC ccleanerem a spybotem(našel jednoho dablclica a breberku jejíž jméno si nepamatuji) a všechny problémy s aktualizacemi zmizely. Při update se veškeré aktualizace nainstalovali, programy šli též zaktualizovat. Dokonce i počasí v sidebaru začalo ukazovat aktuální teploty(před čištěním ukazovalo stále 5 stupňů a zataženo i když venku bylo -10). Pro formu jsem provedl ještě kroky které jsi mi radil a zde je log z SREng.
Jinak čtvereček žádný zaškrtnutý nebyl

Kód: Vybrat vše


2009-03-21,19:39:01

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
    <WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
    <AlcoholAutomount><"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe">  [(Verified)Kaspersky Lab]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\Windows\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]

==================================
Startup Folders
N/A

==================================
Services
[Lavasoft Ad-Aware Service / aawservice][Running/Auto Start]
  <"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"><Lavasoft>
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r><Kaspersky Lab>
[SBSD Security Center Service / SBSDWSCService][Running/Auto Start]
  <C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe><Safer Networking Ltd.>
[StarWind AE Service / StarWindServiceAE][Running/Auto Start]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe><Rocket Division Software>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Conexant UAA Function Driver for High Definition Audio Service / CnxtHdAudService][Stopped/Manual Start]
  <system32\drivers\CHDRT32.sys><Conexant Systems Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\drivers\fltmgr.sys><Společnost Microsoft>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDART.sys><Conexant Systems Inc.>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSFHWAZL / HSFHWAZL][Stopped/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[kl1 / kl1][Running/System Start]
  <system32\DRIVERS\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS 6 Filter / KLIM6][Running/System Start]
  <system32\DRIVERS\klim6.sys><Kaspersky Lab>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasr.sys><LSI Corporation, Inc.>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[RT73 USB Wireless LAN Card Driver for Vista / netr73][Running/Manual Start]
  <system32\DRIVERS\netr73.sys><Ralink Technology Corp.>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver    / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>
[NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwlh][Running/Manual Start]
  <system32\DRIVERS\yk60x86.sys><Marvell>

==================================
Browser Add-ons
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Pomocník pro přihlášení ke službě Windows Live]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_07]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Web traffic protection statistics]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[&Zdroje informací]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[ICQ6]
  {E59EB121-F339-4851-A3BA-FE49C35617C2} <C:\Program Files\ICQ6\ICQ.exe, (Signed) ICQ, Inc.>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <, >
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Pomocník pro přihlášení ke službě Windows Live]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E59EB121-F339-4851-A3BA-FE49C35617C2} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[E&xportovat do aplikace Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 436 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 512 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 564 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 572 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 608 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 620 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 628 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 692 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 824 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 884 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 940 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1016 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1092 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1104 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1212 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1256 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1568 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe]  [Lavasoft, 7,1,0,12]
    [C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll]  [Lavasoft, 7,1,0,12]
    [C:\Program Files\Lavasoft\Ad-Aware\PKArchive85u.dll]  [PKWARE, Inc., 8.4.1045.0]
[PID: 1648 / VERONIKA][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.11.0142]
[PID: 1680 / VERONIKA][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\icm32.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarlng.dll]  [, ]
    [C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 1, 0, 0]
    [C:\Program Files\MagicISO\misosh.dll]  [MagicISO, Inc., 5, 3, 0, 198]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\Windows\system32\nvcpl.dll]  [NVIDIA Corporation, 7.15.11.0142]
    [C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.0142]
[PID: 1824 / VERONIKA][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\icm32.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.11.0142]
[PID: 1840 / VERONIKA][C:\Program Files\Windows Media Player\wmpnscfg.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 260 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 300 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 384 / VERONIKA][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.0142]
[PID: 1712 / VERONIKA][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.11.0142]
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.3074 (QFE.050727-3000)]
    [C:\Users\VERONIKA\AppData\Local\Microsoft\Windows Sidebar\Gadgets\networktraffic13.gadget\netlib.dll]  [Jonathan Abbott, 1.0.2588.9125]
[PID: 1408 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1200 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1868 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe]  [Rocket Division Software, 3.2.3 Build 20070527]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1884 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 460 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2168 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2296 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 2328 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.05.00]
[PID: 2468 / SYSTEM][C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe]  [Safer Networking Ltd., 1, 0, 0, 12]
[PID: 3044 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 3544 / VERONIKA][C:\Program Files\Skype\Phone\Skype.exe]  [Skype Technologies S.A., 4.0.0.215]
    [C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2896 / VERONIKA][C:\Program Files\Skype\Plugin Manager\skypePM.exe]  [Skype Technologies, 2.0.0.65]
    [C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll]  [EasyBits Media AS, 2.0.0.140]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3036 / VERONIKA][C:\Program Files\ICQ6\ICQ.exe]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MKernel.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MUtils.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\ICQ6\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ICQ6\coolcore49.dll]  [AOL LLC, 4.9.0.5711]
    [C:\Program Files\ICQ6\xprt6.dll]  [AOL LLC, 6.5.5.5711]
    [C:\Program Files\ICQ6\MDb.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MCoreLib.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MUIUtils.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MUICoreLib.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\AOLSvcMgr.dll]  [AOL LLC, 15.5.1.2]
    [c:\program files\icq6\services\boxelyRenderer\VER2_5_5_1\boxelyRenderer.dll]  [AOL LLC, 2.5.5.3]
    [C:\Program Files\ICQ6\ICQDevilImg.ocx]  [ICQ Ltd., 1, 0, 0, 1]
    [C:\Program Files\ICQ6\MBContainer.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MCore.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\MReport.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Program Files\ICQ6\FlashPlayerControl.dll]  [Softanics, 2, 1, 7, 0]
    [C:\Program Files\ICQ6\MISB.dll]  [ICQ, Inc., 6.0.0.5011]
    [C:\Program Files\ICQ6\dBenderC14.dll]  [Red Bend Ltd., 4,0,0,22]
    [C:\Program Files\ICQ6\MUICore.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Windows\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\VSFilter.dll]  [Gabest, 1, 0, 1, 5]
    [C:\Program Files\VistaCodecPack\filters\OggSplitter.ax]  [Gabest, 1, 1, 0, 0]
    [C:\Program Files\VistaCodecPack\filters\FLVSplitter.ax]  [Gabest, 1, 1, 0, 0]
    [C:\Program Files\VistaCodecPack\filters\RealMediaSplitter.ax]  [Gabest, 1, 1, 0, 0]
    [C:\Program Files\Common Files\Nero\DSFilter\NeMP4Splitter.ax]  [Nero AG, 5, 3, 9, 0]
    [C:\Program Files\VistaCodecPack\filters\ffdshow.ax]  [, 1.0.5.2079]
    [C:\Program Files\VistaCodecPack\filters\ac3filter.ax]  [, 1.31b]
    [C:\Program Files\VistaCodecPack\filters\iconv.dll]  [Free Software Foundation, 1.9]
    [C:\Program Files\ICQ6\MUIMessage.dll]  [ICQ, Inc., 6.0.0.7015]
    [C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.11.0142]
    [C:\Program Files\ICQ6\SSCE5532.dll]  [Wintertree Software Inc., 5.16.6.0]
[PID: 5204 / VERONIKA][C:\Windows\system32\conime.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 5652 / VERONIKA][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.7]
    [C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.7]
    [C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
    [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.7]
    [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.7]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.7]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.73]
[PID: 5880 / VERONIKA][C:\Users\VERONIKA\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 2160 / VERONIKA][C:\Users\VERONIKA\Desktop\SRE3ff4451d.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\Users\VERONIKA\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Windows\system32\napinsp.dll]  [Společnost Microsoft, 6.0.6000.16386 (vista_rtm.061101-2205)]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost
::1             localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\{C2552F19-808A-4D92-8B18-49860B69563A}
        C:\Windows\system32\pcalua.exe -a C:\Users\VERONIKA\Downloads\175.19_geforce_winvista_32bit_english_whql.exe -d C:\Users\VERONIKA\Downloads
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
        N/A
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
        N/A
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
        BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
        N/A
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
        N/A
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
        N/A
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
        %SystemRoot%\System32\wsqmcons.exe
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
        %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
        %windir%\system32\defrag.exe \\?\Volume{be406cd3-7518-11dd-822e-806e6f6e6963}\
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
        %windir%\system32\defrag.exe -c -i -g
[Enabled] \Microsoft\Windows\MobilePC\HotStart
        N/A
[Enabled] \Microsoft\Windows\MobilePC\TMM
        N/A
[Enabled] \Microsoft\Windows\MUI\LPRemove
        %windir%\system32\lpremove.exe
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
        N/A
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
        N/A
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
        N/A
[Disabled] \Microsoft\Windows\SystemRestore\SR
        %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
        sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
        %windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
        %windir%\system32\gatherWiredInfo.vbs
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
        %windir%\system32\gatherWirelessInfo.vbs

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================




[jaro3]

Tak fajn ,log z SREng je O.K., můžeš dát vyřešeno , fajfku.