Prosím o kontrolu logu Vyřešeno

[jaro3]

Najdi a smaž: C:\fixwareout
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C1D3461-4829-42CF-B5E0-7D2C039146BA} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: pmnmKASJ - C:\WINDOWS\

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Nainstaluj si javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Pokud nejsou problémy , je to vše.

[Reklama]

[Nius]

nerad to říkám ale všechny mé problémy zůstali nezměněny
nejdou mi otevřít lokální disky chybová hláška :
recycler/s-5-2-98-100015156-100016329-100014661-4364.com
nejde spustit ani obnova systému a vypnula se mi automatická aktualizace windows
nejde spustit ani Spybot - Search & Destroy

[Nius]

posílám nové logy

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

3.2.2009 20:53:05
mbam-log-2009-02-03 (20-52-59).txt

Typ skenu: Rychlý sken
Objektu skenováno: 47997
Uplynulý cas: 42 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.

[Nius]

po vymazání

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

3.2.2009 20:53:12
mbam-log-2009-02-03 (20-53-12).txt

Typ skenu: Rychlý sken
Objektu skenováno: 47997
Uplynulý cas: 42 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4941aef-e884-4362-be87-82ec88a5a4ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[Nius]

HJT po restartu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:07, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\SWT2000\HCM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SDM4500P] D:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

--
End of file - 5934 bytes

[jaro3]

Vypni rez. ochranu u NOD32, deaktivuj (pokud) jde Spybot.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Nius]

du na to

[Nius]

omlouvám se za zdržení
první log je tento ale protože se musel restartovat PC tak se mi automaticky znovu zapnul nod 32 takže sem to potom udělal ještě jednou posílám oba logy
ComboFix 09-02-02.04 - Musilovi 2009-02-03 21:23:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1709 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\Musilovi\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Musilovi\LOCALS~1\Temp\tmp2.tmp
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-9-5-18-100002285-100021680-100025740-1182.com
c:\windows\system32\drivers\gaopdxcbejwbmk.sys
c:\windows\system32\drivers\gaopdxnvpyprum.sys
c:\windows\system32\drivers\gaopdxosapulfk.sys
c:\windows\system32\drivers\gaopdxovmpxurq.sys
c:\windows\system32\drivers\gaopdxoyxujrig.sys
c:\windows\system32\drivers\gaopdxpdmecfmi.sys
c:\windows\system32\drivers\gaopdxsixnrirs.sys
c:\windows\system32\drivers\gaopdxtxuwkkyu.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gaopdxnvpehesp.dll
c:\windows\system32\packet.dll
c:\windows\system32\Setup_ver1.1777.0.exe
c:\windows\system32\wpcap.dll
D:\Autorun.inf
d:\recycler\S-0-9-66-100020402-100010607-100009633-8172.com
d:\recycler\S-8-0-99-100030694-100028899-100011849-1804.com
d:\recycler\S-9-5-18-100002285-100021680-100025740-1182.com
E:\Autorun.inf
e:\recycler\S-0-9-66-100020402-100010607-100009633-8172.com
e:\recycler\S-8-0-99-100030694-100028899-100011849-1804.com
e:\recycler\S-9-5-18-100002285-100021680-100025740-1182.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-03 05:18 . 2009-02-03 20:56 4 --a------ c:\windows\system32\gaopdxcounter
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
2009-01-05 18:09 . 2009-01-05 18:11 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:39 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:26:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\msacm32.drv
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-02-03 21:28:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-03 20:28:30

Před spuštěním: 6,853,255,168
Po spuštění: 6,774,411,264

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

223 --- E O F --- 2008-12-10 14:16:37

[Nius]

a toto je druhý log ale již po prvnim vyčištění

ComboFix 09-02-02.04 - Musilovi 2009-02-03 21:36:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1683 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-03 05:18 . 2009-02-03 20:56 4 --a------ c:\windows\system32\gaopdxcounter
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
2009-01-05 18:09 . 2009-01-05 18:11 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:39 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 18:02 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_21.28.01.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 20:32:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"SDM4500P"=d:\program files\SWT2000\HCM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:36:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
Celkový čas: 2009-02-03 21:37:43
ComboFix-quarantined-files.txt 2009-02-03 20:37:41
ComboFix2.txt 2009-02-03 20:28:33

Před spuštěním: 6,790,053,888
Po spuštění: 6,775,885,824

175 --- E O F --- 2008-12-10 14:16:37

[Nius]

takže JARO musim ti moc poděkovat všechno už funguje jak má moccccccccccccccccc díky


akorát mi nejde zapnout automatická aktualizace windows

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\gaopdxcounter

Folder::
c:\windows\system32\gaopdxcounter

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\vbohost.exe
Vlož sem pak odkaz výsledku.

[Nius]

je to tu

ComboFix 09-02-02.04 - Musilovi 2009-02-03 22:00:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1623 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\gaopdxcounter
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gaopdxcounter

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
2009-01-05 18:09 . 2009-01-05 18:11 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 20:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 19:39 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 18:02 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_21.28.01.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 20:32:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"SDM4500P"=d:\program files\SWT2000\HCM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 22:00:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
Celkový čas: 2009-02-03 22:01:30
ComboFix-quarantined-files.txt 2009-02-03 21:01:28
ComboFix2.txt 2009-02-03 20:37:43
ComboFix3.txt 2009-02-03 20:28:33

Před spuštěním: 6 752 673 792
Po spuštění: 6,740,901,888

183 --- E O F --- 2008-12-10 14:16:37