Prosím o kontrolu logu Vyřešeno

[Luise]

Dobrý den prosím o kontrolu logu z důvodu vyskakujících hlašek o chybném skriptu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:05, on 24.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\Ocagoa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Documents and Settings\Patrik\Dokumenty\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Patrik\LOCALS~1\Temp\Okd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0359997765
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

--
End of file - 7041 bytes

[Reklama]

[jaro3]

Odinstaluj:
ICQToolBar
uTorrentBar Toolbar


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Fi O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll les\uTorrentBar\tbuTor.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Patrik\LOCALS~1\Temp\Okd.exe


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Luise]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5166

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.12.2010 0:57:28
mbam-log-2010-12-25 (00-57-28).txt

Typ skenu: Rychlý sken
Skenované objekty: 136579
Uplynulý čas: 4 minuta(y), 52 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

[memphisto]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Luise]

ComboFix 10-12-24.01 - Patrik 25.12.2010 10:11:18.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1734 [GMT 1:00]
Spuštěný z: c:\documents and settings\Patrik\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\Patrik\Data aplikací\PriceGong
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Patrik\Data aplikací\PriceGong\Data\z.xml

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-25 do 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-24 21:11 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-24 21:11 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-24 21:11 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-24 21:11 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-24 21:11 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-24 21:11 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-24 21:11 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-24 21:11 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-24 21:11 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-24 20:04 . 2010-12-24 20:05 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-24 19:59 . 2010-12-24 19:59 233472 ----a-w- c:\windows\Ocagoa.exe
2010-12-24 19:58 . 2010-12-24 19:59 -------- d-----w- c:\program files\Mystery of Mortlake Mansion
2010-12-23 16:29 . 2010-12-23 16:29 -------- d-----w- c:\program files\Activision
2010-12-23 15:15 . 2010-12-23 15:15 162925840 ----a-w- c:\documents and settings\Patrik\Data aplikací\Mystery_of_Mortlake_Mansion____justforfun-games.com.exe
2010-12-22 14:11 . 2010-12-22 14:25 -------- d-----w- c:\program files\Amazing Photo Editor
2010-12-22 13:59 . 2010-12-22 13:59 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\ACD Systems
2010-12-22 13:57 . 2010-12-22 13:57 -------- d-----w- c:\windows\Downloaded Installations
2010-12-22 13:51 . 2010-12-22 14:25 -------- d-----w- c:\program files\Light Artist
2010-12-21 16:57 . 2010-12-21 16:57 298100154 ----a-w- c:\documents and settings\Patrik\Data aplikací\Twisted - A Haunted Carol.exe
2010-12-19 16:57 . 2010-12-23 12:46 -------- d-----w- c:\program files\World of Warcraft
2010-12-18 18:01 . 2010-12-18 18:01 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Mystery of Mortlake Mansion
2010-12-17 18:41 . 2010-12-17 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Fugazo
2010-12-17 18:41 . 2010-12-18 18:07 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files\bfgclient
2010-12-17 18:38 . 2010-12-17 18:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-12-10 08:39 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Media Player Classic
2010-11-30 21:21 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-30 21:21 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-28 21:02 . 2010-12-22 12:31 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Adobe
2010-11-28 21:01 . 2010-11-28 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-28 20:52 . 2010-11-28 20:55 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:51 -------- d-----r- C:\MSOCache
2010-11-28 16:06 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\HP
2010-11-28 16:05 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 16:05 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 16:05 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-11-28 16:05 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-11-28 16:05 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-11-28 16:05 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 16:04 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-11-28 16:04 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-11-28 16:04 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-11-28 16:03 . 2010-11-28 16:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Product Assistant
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\HP
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-28 16:01 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2010-11-28 16:00 . 2010-11-28 16:00 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-28 15:59 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-28 15:59 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-28 15:59 . 2010-11-29 16:38 -------- d-----w- c:\program files\HP
2010-11-28 15:56 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-28 15:56 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-28 15:53 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-28 15:53 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-28 15:53 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-28 15:53 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-25 18:50 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-25 17:33 . 2010-12-21 20:17 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar
2010-11-25 17:33 . 2010-12-21 20:17 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\temp
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\uTorrent
2010-11-25 17:28 . 2010-12-24 20:16 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\uTorrent
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\program files\Alwil Software
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 22:10 . 2010-11-21 22:10 388096 ----a-r- c:\documents and settings\Patrik\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-21 21:03 . 2010-11-21 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-18 08:00 . 2010-11-24 01:19 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-11-21 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2010 22:03 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.12.2010 22:11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2010 22:11 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [21.11.2010 20:11 247096]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\p91nspi0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-HijackThis - c:\documents and settings\Patrik\Dokumenty\Stažené soubory\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 10:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\HP\Digital Imaging\bin\hpqdirec.exe
.
**************************************************************************
.
Celkový čas: 2010-12-25 10:18:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-25 09:18

Před spuštěním: Volných bajtů: 426 219 679 744
Po spuštění: Volných bajtů: 426 180 415 488

- - End Of File - - 9FFD6AC8FFF10FE4F6CFD195A3C175A5

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\p91nspi0.default\

Folder::
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\Ocagoa.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Luise]

AhnLab-V3 2010.12.25.00 2010.12.24 Trojan/Win32.FakeAV
AntiVir 7.11.0.174 2010.12.24 -
Antiy-AVL 2.0.3.7 2010.12.25 -
Avast 4.8.1351.0 2010.12.24 -
Avast5 5.0.677.0 2010.12.24 -
AVG 9.0.0.851 2010.12.25 -
BitDefender 7.2 2010.12.25 Gen:Variant.Kazy.6522
CAT-QuickHeal 11.00 2010.12.25 -
ClamAV 0.96.4.0 2010.12.25 -
Command 5.2.11.5 2010.12.25 W32/Renos.A!Generic
Comodo 7178 2010.12.24 -
DrWeb 5.0.2.03300 2010.12.25 Trojan.DownLoader1.47717
Emsisoft 5.1.0.1 2010.12.25 -
eSafe 7.0.17.0 2010.12.22 -
eTrust-Vet 36.1.8060 2010.12.24 Win32/Renos.D!generic
F-Prot 4.6.2.117 2010.12.24 W32/Renos.A!Generic
F-Secure 9.0.16160.0 2010.12.25 Gen:Variant.Kazy.6522
Fortinet 4.2.254.0 2010.12.25 -
GData 21 2010.12.25 Gen:Variant.Kazy.6522
Ikarus T3.1.1.90.0 2010.12.25 -
Jiangmin 13.0.900 2010.12.25 -
K7AntiVirus 9.74.3335 2010.12.24 Virus
Kaspersky 7.0.0.125 2010.12.25 -
McAfee 5.400.0.1158 2010.12.25 -
McAfee-GW-Edition 2010.1C 2010.12.25 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6402 2010.12.25 -
NOD32 5730 2010.12.24 -
Norman 6.06.12 2010.12.24 W32/Obfuscated.M
nProtect 2010-12-25.01 2010.12.25 Gen:Variant.Kazy.6522
Panda 10.0.2.7 2010.12.24 Suspicious file
PCTools 7.0.3.5 2010.12.25 -
Prevx 3.0 2010.12.25 Medium Risk Malware
Rising 22.79.04.00 2010.12.25 -
Sophos 4.60.0 2010.12.25 Mal/EncPk-NS
SUPERAntiSpyware 4.40.0.1006 2010.12.24 Trojan.Agent/Gen-FrauderX
Symantec 20101.3.0.103 2010.12.25 -
TheHacker 6.7.0.1.105 2010.12.25 -
TrendMicro 9.120.0.1004 2010.12.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.25 -
VBA32 3.12.14.2 2010.12.24 Malware-Cryptor.Limpopo
VIPRE 7815 2010.12.25 VirTool.Win32.Obfuscator.hg!b1 (v)
ViRobot 2010.12.25.4220 2010.12.25 -
VirusBuster 13.6.112.0 2010.12.25 -

[memphisto]

Stačilo sem dát odkaz na ten test, ale nevadí. Alespoň víme, že to je šmejd. Udělej tak CFSkript a dej sem výsledek

[Luise]

ComboFix 10-12-24.01 - Patrik 25.12.2010 11:11:00.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1740 [GMT 1:00]
Spuštěný z: c:\documents and settings\Patrik\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Patrik\Dokumenty\Stažené soubory\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215857840756250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220940193781250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\AccountTypes.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\aol.com.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\comcast.net.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\google.com.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\hotmail.com.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\EmailNotifier\yahoo.com.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.bck.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.bck.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.bck.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.bck.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.txt
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
c:\documents and settings\Patrik\Local Settings\Data aplikací\uTorrentBar\ThirdPartyComponents.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-25 do 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-24 21:11 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-24 21:11 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-24 21:11 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-24 21:11 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-24 21:11 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-24 21:11 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-24 21:11 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-24 21:11 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-24 21:11 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-24 20:04 . 2010-12-24 20:05 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-24 19:59 . 2010-12-24 19:59 233472 ----a-w- c:\windows\Ocagoa.exe
2010-12-24 19:58 . 2010-12-24 19:59 -------- d-----w- c:\program files\Mystery of Mortlake Mansion
2010-12-23 16:29 . 2010-12-23 16:29 -------- d-----w- c:\program files\Activision
2010-12-23 15:15 . 2010-12-23 15:15 162925840 ----a-w- c:\documents and settings\Patrik\Data aplikací\Mystery_of_Mortlake_Mansion____justforfun-games.com.exe
2010-12-22 14:11 . 2010-12-22 14:25 -------- d-----w- c:\program files\Amazing Photo Editor
2010-12-22 13:59 . 2010-12-22 13:59 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\ACD Systems
2010-12-22 13:57 . 2010-12-22 13:57 -------- d-----w- c:\windows\Downloaded Installations
2010-12-22 13:51 . 2010-12-22 14:25 -------- d-----w- c:\program files\Light Artist
2010-12-21 16:57 . 2010-12-21 16:57 298100154 ----a-w- c:\documents and settings\Patrik\Data aplikací\Twisted - A Haunted Carol.exe
2010-12-19 16:57 . 2010-12-23 12:46 -------- d-----w- c:\program files\World of Warcraft
2010-12-18 18:01 . 2010-12-18 18:01 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Mystery of Mortlake Mansion
2010-12-17 18:41 . 2010-12-17 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Fugazo
2010-12-17 18:41 . 2010-12-18 18:07 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files\bfgclient
2010-12-17 18:38 . 2010-12-17 18:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-12-10 08:39 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Media Player Classic
2010-11-30 21:21 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-30 21:21 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-28 21:02 . 2010-12-22 12:31 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Adobe
2010-11-28 21:01 . 2010-11-28 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-28 20:52 . 2010-11-28 20:55 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:51 -------- d-----r- C:\MSOCache
2010-11-28 16:06 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\HP
2010-11-28 16:05 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 16:05 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 16:05 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-11-28 16:05 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-11-28 16:05 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-11-28 16:05 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 16:04 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-11-28 16:04 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-11-28 16:04 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-11-28 16:03 . 2010-11-28 16:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Product Assistant
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\HP
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-28 16:01 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2010-11-28 16:00 . 2010-11-28 16:00 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-28 15:59 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-28 15:59 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-28 15:59 . 2010-11-29 16:38 -------- d-----w- c:\program files\HP
2010-11-28 15:56 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-28 15:56 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-28 15:53 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-28 15:53 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-28 15:53 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-28 15:53 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-25 18:50 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-25 17:33 . 2010-12-21 20:17 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\temp
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\uTorrent
2010-11-25 17:28 . 2010-12-24 20:16 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\uTorrent
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\program files\Alwil Software
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 22:10 . 2010-11-21 22:10 388096 ----a-r- c:\documents and settings\Patrik\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-21 21:03 . 2010-11-21 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-18 08:00 . 2010-11-24 01:19 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-11-21 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2010 22:03 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.12.2010 22:11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2010 22:11 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [21.11.2010 20:11 247096]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\p91nspi0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 11:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-12-25 11:15:37
ComboFix-quarantined-files.txt 2010-12-25 10:15
ComboFix2.txt 2010-12-25 09:18

Před spuštěním: Volných bajtů: 426 165 481 472
Po spuštění: Volných bajtů: 426 160 857 088

- - End Of File - - 7F5FA73E1458294F4761EE746CC67C58

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Ocagoa.exe

Folder::
c:\program files\ICQ6Toolbar

Driver::
ICQ Service


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Luise]

ComboFix 10-12-24.01 - Patrik 25.12.2010 12:12:27.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1747 [GMT 1:00]
Spuštěný z: c:\documents and settings\Patrik\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Patrik\Dokumenty\Stažené soubory\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Ocagoa.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\Ocagoa.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-25 do 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-24 21:11 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-24 21:11 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-24 21:11 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-24 21:11 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-24 21:11 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-24 21:11 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-24 21:11 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-24 21:11 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-24 21:11 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-24 20:04 . 2010-12-24 20:05 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-24 19:58 . 2010-12-24 19:59 -------- d-----w- c:\program files\Mystery of Mortlake Mansion
2010-12-23 16:29 . 2010-12-23 16:29 -------- d-----w- c:\program files\Activision
2010-12-23 15:15 . 2010-12-23 15:15 162925840 ----a-w- c:\documents and settings\Patrik\Data aplikací\Mystery_of_Mortlake_Mansion____justforfun-games.com.exe
2010-12-22 14:11 . 2010-12-22 14:25 -------- d-----w- c:\program files\Amazing Photo Editor
2010-12-22 13:59 . 2010-12-22 13:59 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-12-22 13:58 . 2010-12-22 13:58 -------- d-----w- c:\program files\ACD Systems
2010-12-22 13:57 . 2010-12-22 13:57 -------- d-----w- c:\windows\Downloaded Installations
2010-12-22 13:51 . 2010-12-22 14:25 -------- d-----w- c:\program files\Light Artist
2010-12-21 16:57 . 2010-12-21 16:57 298100154 ----a-w- c:\documents and settings\Patrik\Data aplikací\Twisted - A Haunted Carol.exe
2010-12-19 16:57 . 2010-12-23 12:46 -------- d-----w- c:\program files\World of Warcraft
2010-12-18 18:01 . 2010-12-18 18:01 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Mystery of Mortlake Mansion
2010-12-17 18:41 . 2010-12-17 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Fugazo
2010-12-17 18:41 . 2010-12-18 18:07 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files\bfgclient
2010-12-17 18:38 . 2010-12-17 18:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-12-10 08:39 . 2010-12-19 21:04 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\Media Player Classic
2010-11-30 21:21 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-30 21:21 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-28 21:02 . 2010-12-22 12:31 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Adobe
2010-11-28 21:01 . 2010-11-28 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-28 20:52 . 2010-11-28 20:55 -------- d-----w- c:\windows\SHELLNEW
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-28 20:52 . 2010-11-28 20:52 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-11-28 20:51 . 2010-11-28 20:51 -------- d-----r- C:\MSOCache
2010-11-28 16:06 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\HP
2010-11-28 16:05 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-11-28 16:05 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-11-28 16:05 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-11-28 16:05 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-11-28 16:05 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-11-28 16:05 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-11-28 16:04 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2010-11-28 16:04 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-11-28 16:04 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-11-28 16:04 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-11-28 16:03 . 2010-11-28 16:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Product Assistant
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\HP
2010-11-28 16:01 . 2010-11-28 16:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-28 16:01 . 2010-11-28 16:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2010-11-28 16:00 . 2010-11-28 16:00 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-28 15:59 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-28 15:59 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-28 15:59 . 2010-11-29 16:38 -------- d-----w- c:\program files\HP
2010-11-28 15:56 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-28 15:56 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-28 15:53 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-28 15:53 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-28 15:53 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-28 15:53 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-28 15:53 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-25 18:50 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-25 17:33 . 2010-12-21 20:17 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\Conduit
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\documents and settings\Patrik\Local Settings\Data aplikací\temp
2010-11-25 17:33 . 2010-11-25 17:33 -------- d-----w- c:\program files\uTorrent
2010-11-25 17:28 . 2010-12-24 20:16 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\uTorrent
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\program files\Alwil Software
2010-11-25 17:27 . 2010-11-25 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 22:10 . 2010-11-21 22:10 388096 ----a-r- c:\documents and settings\Patrik\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-21 21:03 . 2010-11-21 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-18 08:00 . 2010-11-24 01:19 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-11-21 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.11.2010 22:03 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.12.2010 22:11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2010 22:11 17744]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Patrik\Data aplikací\Mozilla\Firefox\Profiles\p91nspi0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 12:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\HP\Digital Imaging\bin\hpqdirec.exe
.
**************************************************************************
.
Celkový čas: 2010-12-25 12:19:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-25 11:19
ComboFix2.txt 2010-12-25 10:15
ComboFix3.txt 2010-12-25 09:18

Před spuštěním: Volných bajtů: 426 165 964 800
Po spuštění: Volných bajtů: 426 063 179 776

- - End Of File - - 5F93FC6CD37637215671D57E6ED01220

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?