Kontrola logu(zasekávání) Vyřešeno

[hawks86]

Tady je ten log z CombiFixu

ComboFix 09-04-16.02 - Misa 17.04.2009 13:19.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.526 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090416-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acbdafbfdb_z.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-17 do 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-15 07:37 . 2008-12-08 04:34 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 07:37 . 2008-06-05 04:50 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 07:37 . 2008-06-05 04:50 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 07:35 . 2009-03-03 02:36 389120 ----a-w c:\windows\system32\html.iec
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\users\Misa\AppData\Roaming\Malwarebytes
2009-04-14 15:40 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 15:40 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\programdata\Malwarebytes
2009-04-06 11:58 . 2004-01-14 01:10 163840 ----a-w c:\windows\BJPSUNST.EXE
2009-04-06 11:57 . 1998-11-13 10:58 307200 ----a-w c:\windows\IsUn0405.exe
2009-04-06 11:56 . 2009-04-06 11:56 -------- d--h--w c:\users\All Users\CanonBJ
2009-04-06 11:56 . 2009-04-06 11:56 -------- d--h--w c:\programdata\CanonBJ
2009-04-06 11:55 . 2009-04-06 11:55 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-06 11:53 . 2006-04-24 05:00 161792 ----a-w c:\windows\system32\CNMLM84.DLL
2009-04-05 10:13 . 1997-06-23 05:06 407312 ----a-w c:\windows\system32\MsRepl35.dll
2009-04-05 10:13 . 1997-03-07 14:40 77824 ----a-w c:\windows\system32\ODBCTL32.dll
2009-04-05 10:13 . 1997-06-23 05:06 252176 ----a-w c:\windows\system32\MSRD2x35.dll
2009-04-05 10:13 . 1997-07-21 12:30 1045776 ----a-w c:\windows\system32\MSJet35.dll
2009-04-05 10:13 . 1997-01-14 01:00 519680 ----a-w c:\windows\system32\DBGRID32.OCX
2009-04-05 10:13 . 1997-06-23 05:06 24848 ----a-w c:\windows\system32\MSJtEr35.dll
2009-04-05 10:13 . 1997-06-23 05:06 123664 ----a-w c:\windows\system32\MSJInt35.dll
2009-04-05 10:13 . 1996-12-11 01:00 46080 ----a-w c:\windows\system32\MCIWNDX.OCX
2009-03-23 09:43 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-23 09:43 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-23 09:43 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-23 09:43 . 2008-06-20 01:17 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-03-23 09:43 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-23 09:43 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-23 09:43 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-23 09:43 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-23 09:39 . 2009-03-23 09:43 45301760 ----a-w c:\windows\ocsetup_install_NetFx3.etl
2009-03-23 09:39 . 2009-03-23 09:43 32768 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-23 09:39 . 2009-03-23 09:43 16384 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-23 09:25 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-23 09:25 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-23 09:25 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-23 09:24 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-23 09:24 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-21 16:52 . 2009-03-21 16:53 -------- d-----w c:\users\All Users\ICQ
2009-03-21 16:52 . 2009-03-21 16:53 -------- d-----w c:\programdata\ICQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 11:18 . 2009-01-26 10:01 -------- d-----w c:\users\Misa\AppData\Roaming\DNA
2009-04-17 11:15 . 2009-04-17 11:15 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041720090418\index.dat
2009-04-17 11:15 . 2008-11-18 16:50 -------- d-----w c:\users\Misa\AppData\Roaming\Spyware Terminator
2009-04-17 11:15 . 2007-08-21 12:49 49152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-17 11:15 . 2007-08-21 12:49 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-17 11:15 . 2007-08-21 12:49 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-17 07:35 . 2007-01-08 21:09 81404 ----a-w c:\windows\System32\perfc005.dat
2009-04-17 07:35 . 2007-01-08 21:09 473598 ----a-w c:\windows\System32\perfh005.dat
2009-04-17 07:28 . 2009-04-17 07:28 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-17 07:28 . 2009-04-17 07:28 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-16 11:17 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 16:17 . 2008-03-01 14:46 -------- d-----w c:\program files\ICQToolbar
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 13:22 . 2009-02-02 10:40 -------- d-----w c:\users\Misa\AppData\Roaming\uTorrent
2009-04-10 15:16 . 2007-04-24 13:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 11:58 . 2009-04-06 11:52 -------- d-----w c:\program files\Canon
2009-04-06 11:55 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-04-06 11:55 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-06 11:55 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-06 11:53 . 2009-04-06 11:53 -------- d--h--w c:\program files\CanonBJ
2009-04-05 10:13 . 2009-04-05 10:13 -------- d-----w c:\program files\KCZ
2009-04-01 11:44 . 2007-09-19 07:33 -------- d-----w c:\program files\Java
2009-03-29 15:44 . 2008-11-15 20:47 -------- d-----w c:\users\Misa\AppData\Roaming\dvdcss
2009-03-21 16:55 . 2009-03-21 16:49 -------- d-----w c:\program files\ICQ6.5
2009-03-21 16:53 . 2009-03-21 16:53 -------- d-----w c:\program files\ICQ6Toolbar
2009-03-21 16:51 . 2007-08-23 15:25 -------- d-----w c:\program files\ICQ6
2009-03-17 11:05 . 2009-03-17 11:03 -------- d-----w c:\program files\The KMPlayer
2009-03-17 10:52 . 2009-03-17 10:52 -------- d-----w c:\program files\Codec Pack - All In 1
2009-03-17 10:51 . 2008-10-10 10:02 737280 ----a-w c:\windows\iun6002.exe
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\users\Misa\AppData\Roaming\Ashampoo
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\programdata\ashampoo
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\program files\Ashampoo
2009-03-17 03:16 . 2009-04-15 07:36 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:16 . 2009-04-15 07:36 14848 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 07:36 25600 ----a-w c:\windows\System32\amxread.dll
2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\users\Misa\AppData\Roaming\FinalBurner Video DVD
2009-03-09 03:19 . 2008-12-06 14:34 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:24 . 2009-04-15 07:36 3503584 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-15 07:36 3469280 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-15 07:35 826368 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:19 . 2009-04-15 07:36 158720 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 07:36 549888 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:19 . 2009-04-15 07:36 24576 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-15 07:35 56320 ----a-w c:\windows\System32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 07:36 97280 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 07:36 37888 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 07:36 53248 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:16 . 2009-04-15 07:35 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:16 . 2009-04-15 07:35 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-15 07:35 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-03 02:40 . 2009-04-15 07:36 654336 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 07:35 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 07:35 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-02-27 09:29 . 2008-10-28 17:59 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 12:42 . 2008-08-02 14:31 -------- d-----w c:\program files\Raxco
2009-02-13 07:26 . 2009-04-15 07:36 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 07:26 . 2009-04-15 07:36 1233408 ----a-w c:\windows\System32\lsasrv.dll
2009-02-13 07:26 . 2009-04-15 07:36 7680 ----a-w c:\windows\System32\lsass.exe
2009-02-09 01:59 . 2009-03-11 08:08 2028032 ----a-w c:\windows\System32\win32k.sys
2009-01-19 12:15 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2008-12-13 12:36 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-27 08:12 . 2007-10-03 18:59 70320 ----a-w c:\users\Misa\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-04 16:36 . 2008-07-04 16:36 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-04 16:36 . 2008-07-04 16:36 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-29 13:09 . 2007-08-21 12:54 70320 ----a-w c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-04 15:18 . 2008-01-31 21:20 47360 ----a-w c:\users\Misa\AppData\Roaming\pcouffin.sys
2008-01-27 11:23 . 2008-01-27 11:23 32 ----a-w c:\users\All Users\ezsid.dat
2008-01-27 11:23 . 2008-01-27 11:23 32 ----a-w c:\programdata\ezsid.dat
2007-10-16 17:07 . 2007-10-16 17:07 136 ----a-w c:\users\Misa\BackupResult.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\users\Misa\Program Files\DNA\btdna.exe" [2009-01-27 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3673696946-49459437-4126574629-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{972A6272-DFEE-4E0F-8CBB-E6CC2C714850}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{17E1F2BB-8368-4346-9AE4-CDD461562BE3}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{37282749-6575-4B7E-8D4E-5795F3A5C3A5}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{B81BA2CB-0F6E-4462-B172-8D07A004C882}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{9AB83639-16C1-45C8-8729-8A059B35908D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A2AC4360-EB9E-4A8B-850B-B8B5626996E9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A7F3B784-0B5D-498F-A686-5DA3971AA6FA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{72179BF4-ACA1-44E5-AD81-2E1AEDC3BFA6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6E874E08-6A3F-4D3C-97BD-1D01C6C171B5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{788B01D4-3C45-4B34-B593-A0FD7CECDE96}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{80ED51A4-16A6-43A4-8760-EEF788E62302}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{0C4930FF-15E5-44D9-9A36-4548AFE23E53}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{A16D5A2C-7E21-424E-804E-C0A27D1DE7EB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{73896333-E45A-41B9-9E64-B45614D4DDB1}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{2DA5947A-90DB-4752-9E1A-9A8B570B216E}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{2C3897E9-A2AE-4CF7-8CE8-7A55648AE567}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{978108FC-1A12-4AC8-9678-C29438549494}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{1D0A91AA-D016-4168-9F5D-CD05994EB86B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{41D1A4A3-21A2-40ED-AA98-2A09FAD7F151}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{8C539CCD-5BE0-43C8-A5E2-7642E4C7F397}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{668EB0E4-2D55-4528-BC0F-F4BA1C9BC910}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{8410DF86-D11B-4428-8EB5-24840A3AC224}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{F4298089-C0B8-460A-9A29-F51055719DED}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F9E4CC21-C3D5-49CA-91E7-D5C4D7A634E5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{9E792781-80DF-46A4-BE21-D0BC79F08BCC}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{234F4167-243F-4E15-9A19-C7F2E898CA81}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{922A704E-ACBE-469D-91DE-57508FC45529}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5164A912-4885-48A3-81BC-4466BCF7E680}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{05465DAA-6A0A-41F1-8F30-ECB4501F8EDD}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{052C932D-8E0F-4FB8-9C1C-0F0CC19F4631}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo
"TCP Query User{B51B2366-CE07-4D78-B079-4CA2C4E91EFE}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{B348A364-1094-44FD-928D-EE82CE2B1E8A}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{39860AF4-E1A4-4C3F-BC84-D7A8208EE840}d:\\program files\\ea sports\\nhl07\\nhl2007.exe"= UDP:d:\program files\ea sports\nhl07\nhl2007.exe:nhl2007
"UDP Query User{B7485736-804A-4F2C-A352-12A1D6D21C73}d:\\program files\\ea sports\\nhl07\\nhl2007.exe"= TCP:d:\program files\ea sports\nhl07\nhl2007.exe:nhl2007
"TCP Query User{12B062D8-9F8E-494F-9202-F0D3ED0003FD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E4237DA3-08FD-4B27-BFC1-4AAF625A8BB9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E16719C6-AA3A-4F92-807A-FF5367A32D2B}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{AE3ADD21-C527-416A-AA77-D23F32A7846E}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{524BC890-71D1-44EB-9BAF-7BE9F0F1B4E7}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{6055F5BE-27EC-4905-913B-41C8EBB3AAB0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{27DD1E24-5488-4400-A8C1-1BC290FB5DDE}d:\\program files\\thq\\pandemic studios\\full spectrum warrior\\launcher.exe"= UDP:d:\program files\thq\pandemic studios\full spectrum warrior\launcher.exe:Launcher
"UDP Query User{2B76117A-364B-44A3-B6E4-BC7E2C34E0B9}d:\\program files\\thq\\pandemic studios\\full spectrum warrior\\launcher.exe"= TCP:d:\program files\thq\pandemic studios\full spectrum warrior\launcher.exe:Launcher
"{4E155754-B513-4CD3-9177-1FC2A2594B1C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5CFE707-5E53-430D-9F18-E4F836EB4B32}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C1D62E23-03B1-4232-BBB6-D283555CC521}d:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:d:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{ED7019C1-F5A4-444E-9185-40802723975C}d:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:d:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{6180E57A-1F09-46AE-A6D6-3C60596EE950}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{89019DE9-6B23-41E2-A501-15570F722372}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4E6EFD30-2DE0-4E03-B9F8-DF000747B1D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FD527B61-066D-4CB7-9163-C4CB6C98112C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{A0B15C97-E06D-4CD8-ADE9-BB6D7574A008}d:\\program files\\half-life 2\\hl2.exe"= UDP:d:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{92B60DAC-5B1C-4FA7-AFFE-4DABBB4080E7}d:\\program files\\half-life 2\\hl2.exe"= TCP:d:\program files\half-life 2\hl2.exe:hl2
"TCP Query User{F0305955-0556-4DEE-8E9E-B96E98F52EE9}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{70412DBF-1962-4629-936D-1F33010D9DB9}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-12-16 23600]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 PSDFilter;PSDFilter;c:\windows\system32\DRIVERS\psdfilter.sys [2007-02-06 20264]
S0 PSDNServ;PSDNSERVER;c:\windows\system32\drivers\PSDNServ.sys [2007-02-06 16680]
S0 psdvdisk;psdvdisk;c:\windows\system32\drivers\psdvdisk.sys [2007-02-06 60712]
S0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2007-03-20 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1fbad65-9943-11dc-a4ed-0016d4d7b102}]
\shell\AutoRun\command - F:\autorun.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{50EAEB3D-984B-4306-89B6-72E53F724792}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Explorer_Run-Mpk.exe - c:\windows\system32\MPK\Mpk.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.efotbal.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Misa\Program Files\DNA\plugins\npbtdna.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 13:24
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\eNetHook.dll
.
Celkový čas: 2009-04-17 13:27
ComboFix-quarantined-files.txt 2009-04-17 11:26
ComboFix2.txt 2008-12-06 14:18

Před spuštěním: 2 715 525 120
Po spuštění: 3 032 961 024

313 --- E O F --- 2009-04-16 07:50

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\ocsetup_install_NetFx3.etl
c:\windows\ocsetup_cbs_install_NetFx3.perf
c:\windows\ocsetup_cbs_install_NetFx3.dpx
F:\autorun.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1fbad65-9943-11dc-a4ed-0016d4d7b102}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[hawks86]

Tady je ten log z toho, jak jsem přesunul ten notepad na ComboFix

ComboFix 09-04-18.05 - Misa 18.04.2009 14:04.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.503 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\ocsetup_cbs_install_NetFx3.dpx
c:\windows\ocsetup_cbs_install_NetFx3.perf
c:\windows\ocsetup_install_NetFx3.etl
F:\autorun.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-18 do 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-15 07:37 . 2008-12-08 04:34 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 07:37 . 2008-06-05 04:50 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 07:37 . 2008-06-05 04:50 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 07:35 . 2009-03-03 02:36 389120 ----a-w c:\windows\system32\html.iec
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\users\Misa\AppData\Roaming\Malwarebytes
2009-04-14 15:40 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 15:40 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\programdata\Malwarebytes
2009-04-06 11:58 . 2004-01-14 01:10 163840 ----a-w c:\windows\BJPSUNST.EXE
2009-04-06 11:57 . 1998-11-13 10:58 307200 ----a-w c:\windows\IsUn0405.exe
2009-04-06 11:56 . 2009-04-06 11:56 -------- d--h--w c:\users\All Users\CanonBJ
2009-04-06 11:56 . 2009-04-06 11:56 -------- d--h--w c:\programdata\CanonBJ
2009-04-06 11:55 . 2009-04-06 11:55 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-06 11:53 . 2006-04-24 05:00 161792 ----a-w c:\windows\system32\CNMLM84.DLL
2009-04-05 10:13 . 1997-06-23 05:06 407312 ----a-w c:\windows\system32\MsRepl35.dll
2009-04-05 10:13 . 1997-03-07 14:40 77824 ----a-w c:\windows\system32\ODBCTL32.dll
2009-04-05 10:13 . 1997-06-23 05:06 252176 ----a-w c:\windows\system32\MSRD2x35.dll
2009-04-05 10:13 . 1997-07-21 12:30 1045776 ----a-w c:\windows\system32\MSJet35.dll
2009-04-05 10:13 . 1997-01-14 01:00 519680 ----a-w c:\windows\system32\DBGRID32.OCX
2009-04-05 10:13 . 1997-06-23 05:06 24848 ----a-w c:\windows\system32\MSJtEr35.dll
2009-04-05 10:13 . 1997-06-23 05:06 123664 ----a-w c:\windows\system32\MSJInt35.dll
2009-04-05 10:13 . 1996-12-11 01:00 46080 ----a-w c:\windows\system32\MCIWNDX.OCX
2009-03-23 09:43 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-23 09:43 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-23 09:43 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-23 09:43 . 2008-06-20 01:17 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-03-23 09:43 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-23 09:43 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-23 09:43 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-23 09:43 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-23 09:25 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-23 09:25 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-23 09:25 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-23 09:24 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-23 09:24 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-21 16:52 . 2009-03-21 16:53 -------- d-----w c:\users\All Users\ICQ
2009-03-21 16:52 . 2009-03-21 16:53 -------- d-----w c:\programdata\ICQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 12:08 . 2009-01-26 10:01 -------- d-----w c:\users\Misa\AppData\Roaming\DNA
2009-04-18 09:55 . 2007-01-08 21:09 81404 ----a-w c:\windows\System32\perfc005.dat
2009-04-18 09:55 . 2007-01-08 21:09 473598 ----a-w c:\windows\System32\perfh005.dat
2009-04-17 11:30 . 2008-11-18 16:50 -------- d-----w c:\users\Misa\AppData\Roaming\Spyware Terminator
2009-04-16 11:17 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 16:17 . 2008-03-01 14:46 -------- d-----w c:\program files\ICQToolbar
2009-04-14 15:40 . 2009-04-14 15:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 13:22 . 2009-02-02 10:40 -------- d-----w c:\users\Misa\AppData\Roaming\uTorrent
2009-04-10 15:16 . 2007-04-24 13:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 11:58 . 2009-04-06 11:52 -------- d-----w c:\program files\Canon
2009-04-06 11:55 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-04-06 11:55 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-06 11:55 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-06 11:53 . 2009-04-06 11:53 -------- d--h--w c:\program files\CanonBJ
2009-04-05 10:13 . 2009-04-05 10:13 -------- d-----w c:\program files\KCZ
2009-04-01 11:44 . 2007-09-19 07:33 -------- d-----w c:\program files\Java
2009-03-29 15:44 . 2008-11-15 20:47 -------- d-----w c:\users\Misa\AppData\Roaming\dvdcss
2009-03-21 16:55 . 2009-03-21 16:49 -------- d-----w c:\program files\ICQ6.5
2009-03-21 16:53 . 2009-03-21 16:53 -------- d-----w c:\program files\ICQ6Toolbar
2009-03-21 16:51 . 2007-08-23 15:25 -------- d-----w c:\program files\ICQ6
2009-03-17 11:05 . 2009-03-17 11:03 -------- d-----w c:\program files\The KMPlayer
2009-03-17 10:52 . 2009-03-17 10:52 -------- d-----w c:\program files\Codec Pack - All In 1
2009-03-17 10:51 . 2008-10-10 10:02 737280 ----a-w c:\windows\iun6002.exe
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\users\Misa\AppData\Roaming\Ashampoo
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\programdata\ashampoo
2009-03-17 10:32 . 2009-03-17 10:32 -------- d-----w c:\program files\Ashampoo
2009-03-17 03:16 . 2009-04-15 07:36 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:16 . 2009-04-15 07:36 14848 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 07:36 25600 ----a-w c:\windows\System32\amxread.dll
2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\users\Misa\AppData\Roaming\FinalBurner Video DVD
2009-03-09 03:19 . 2008-12-06 14:34 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:24 . 2009-04-15 07:36 3503584 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-15 07:36 3469280 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-15 07:35 826368 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:19 . 2009-04-15 07:36 158720 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 07:36 549888 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:19 . 2009-04-15 07:36 24576 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-15 07:35 56320 ----a-w c:\windows\System32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 07:36 97280 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 07:36 37888 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 07:36 53248 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:16 . 2009-04-15 07:35 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:16 . 2009-04-15 07:35 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-15 07:35 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-03 02:40 . 2009-04-15 07:36 654336 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 07:35 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 07:35 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-02-27 09:29 . 2008-10-28 17:59 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 12:42 . 2008-08-02 14:31 -------- d-----w c:\program files\Raxco
2009-02-13 07:26 . 2009-04-15 07:36 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 07:26 . 2009-04-15 07:36 1233408 ----a-w c:\windows\System32\lsasrv.dll
2009-02-13 07:26 . 2009-04-15 07:36 7680 ----a-w c:\windows\System32\lsass.exe
2009-02-09 01:59 . 2009-03-11 08:08 2028032 ----a-w c:\windows\System32\win32k.sys
2009-01-19 12:15 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2008-12-13 12:36 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-27 08:12 . 2007-10-03 18:59 70320 ----a-w c:\users\Misa\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-04 16:36 . 2008-07-04 16:36 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-04 16:36 . 2008-07-04 16:36 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-29 13:09 . 2007-08-21 12:54 70320 ----a-w c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-04 15:18 . 2008-01-31 21:20 47360 ----a-w c:\users\Misa\AppData\Roaming\pcouffin.sys
2008-01-27 11:23 . 2008-01-27 11:23 32 ----a-w c:\users\All Users\ezsid.dat
2008-01-27 11:23 . 2008-01-27 11:23 32 ----a-w c:\programdata\ezsid.dat
2007-10-16 17:07 . 2007-10-16 17:07 136 ----a-w c:\users\Misa\BackupResult.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-17_11.24.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-24 13:29 . 2009-04-18 08:34 74832 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-04-24 13:29 . 2009-04-17 07:31 74832 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-08-21 12:53 . 2009-04-18 09:50 15596 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3673696946-49459437-4126574629-1000_UserData.bin
+ 2007-08-21 12:49 . 2009-04-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-21 12:49 . 2009-04-17 11:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-21 12:49 . 2009-04-17 11:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-21 12:49 . 2009-04-18 09:53 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-21 12:49 . 2009-04-17 11:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-21 12:49 . 2009-04-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-18 08:31 . 2009-04-18 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-17 07:28 . 2009-04-17 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-17 07:28 . 2009-04-17 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-18 08:31 . 2009-04-18 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-04-18 09:50 135996 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-04-18 09:55 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-17 07:35 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-17 07:35 103924 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-18 09:55 103924 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:43 . 2009-04-18 12:04 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:43 . 2009-04-17 11:19 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:47 . 2009-04-17 11:24 212992 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-18 12:09 212992 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-17 09:20 217088 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-18 09:50 217088 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\users\Misa\Program Files\DNA\btdna.exe" [2009-01-27 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3673696946-49459437-4126574629-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{972A6272-DFEE-4E0F-8CBB-E6CC2C714850}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{17E1F2BB-8368-4346-9AE4-CDD461562BE3}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{37282749-6575-4B7E-8D4E-5795F3A5C3A5}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{B81BA2CB-0F6E-4462-B172-8D07A004C882}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{9AB83639-16C1-45C8-8729-8A059B35908D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A2AC4360-EB9E-4A8B-850B-B8B5626996E9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A7F3B784-0B5D-498F-A686-5DA3971AA6FA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{72179BF4-ACA1-44E5-AD81-2E1AEDC3BFA6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6E874E08-6A3F-4D3C-97BD-1D01C6C171B5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{788B01D4-3C45-4B34-B593-A0FD7CECDE96}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{80ED51A4-16A6-43A4-8760-EEF788E62302}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{0C4930FF-15E5-44D9-9A36-4548AFE23E53}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{A16D5A2C-7E21-424E-804E-C0A27D1DE7EB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{73896333-E45A-41B9-9E64-B45614D4DDB1}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{2DA5947A-90DB-4752-9E1A-9A8B570B216E}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{2C3897E9-A2AE-4CF7-8CE8-7A55648AE567}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{978108FC-1A12-4AC8-9678-C29438549494}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{1D0A91AA-D016-4168-9F5D-CD05994EB86B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{41D1A4A3-21A2-40ED-AA98-2A09FAD7F151}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{8C539CCD-5BE0-43C8-A5E2-7642E4C7F397}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{668EB0E4-2D55-4528-BC0F-F4BA1C9BC910}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{8410DF86-D11B-4428-8EB5-24840A3AC224}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{F4298089-C0B8-460A-9A29-F51055719DED}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F9E4CC21-C3D5-49CA-91E7-D5C4D7A634E5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{9E792781-80DF-46A4-BE21-D0BC79F08BCC}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{234F4167-243F-4E15-9A19-C7F2E898CA81}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{922A704E-ACBE-469D-91DE-57508FC45529}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5164A912-4885-48A3-81BC-4466BCF7E680}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{05465DAA-6A0A-41F1-8F30-ECB4501F8EDD}c:\\program files\\wyzo\\wyzo.exe"= UDP:c:\program files\wyzo\wyzo.exe:Wyzo
"UDP Query User{052C932D-8E0F-4FB8-9C1C-0F0CC19F4631}c:\\program files\\wyzo\\wyzo.exe"= TCP:c:\program files\wyzo\wyzo.exe:Wyzo
"TCP Query User{B51B2366-CE07-4D78-B079-4CA2C4E91EFE}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{B348A364-1094-44FD-928D-EE82CE2B1E8A}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{39860AF4-E1A4-4C3F-BC84-D7A8208EE840}d:\\program files\\ea sports\\nhl07\\nhl2007.exe"= UDP:d:\program files\ea sports\nhl07\nhl2007.exe:nhl2007
"UDP Query User{B7485736-804A-4F2C-A352-12A1D6D21C73}d:\\program files\\ea sports\\nhl07\\nhl2007.exe"= TCP:d:\program files\ea sports\nhl07\nhl2007.exe:nhl2007
"TCP Query User{12B062D8-9F8E-494F-9202-F0D3ED0003FD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E4237DA3-08FD-4B27-BFC1-4AAF625A8BB9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E16719C6-AA3A-4F92-807A-FF5367A32D2B}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{AE3ADD21-C527-416A-AA77-D23F32A7846E}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{524BC890-71D1-44EB-9BAF-7BE9F0F1B4E7}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{6055F5BE-27EC-4905-913B-41C8EBB3AAB0}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{27DD1E24-5488-4400-A8C1-1BC290FB5DDE}d:\\program files\\thq\\pandemic studios\\full spectrum warrior\\launcher.exe"= UDP:d:\program files\thq\pandemic studios\full spectrum warrior\launcher.exe:Launcher
"UDP Query User{2B76117A-364B-44A3-B6E4-BC7E2C34E0B9}d:\\program files\\thq\\pandemic studios\\full spectrum warrior\\launcher.exe"= TCP:d:\program files\thq\pandemic studios\full spectrum warrior\launcher.exe:Launcher
"{4E155754-B513-4CD3-9177-1FC2A2594B1C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5CFE707-5E53-430D-9F18-E4F836EB4B32}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C1D62E23-03B1-4232-BBB6-D283555CC521}d:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:d:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{ED7019C1-F5A4-444E-9185-40802723975C}d:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:d:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{6180E57A-1F09-46AE-A6D6-3C60596EE950}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{89019DE9-6B23-41E2-A501-15570F722372}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4E6EFD30-2DE0-4E03-B9F8-DF000747B1D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FD527B61-066D-4CB7-9163-C4CB6C98112C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{A0B15C97-E06D-4CD8-ADE9-BB6D7574A008}d:\\program files\\half-life 2\\hl2.exe"= UDP:d:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{92B60DAC-5B1C-4FA7-AFFE-4DABBB4080E7}d:\\program files\\half-life 2\\hl2.exe"= TCP:d:\program files\half-life 2\hl2.exe:hl2
"TCP Query User{F0305955-0556-4DEE-8E9E-B96E98F52EE9}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{70412DBF-1962-4629-936D-1F33010D9DB9}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-12-16 23600]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 PSDFilter;PSDFilter;c:\windows\system32\DRIVERS\psdfilter.sys [2007-02-06 20264]
S0 PSDNServ;PSDNSERVER;c:\windows\system32\drivers\PSDNServ.sys [2007-02-06 16680]
S0 psdvdisk;psdvdisk;c:\windows\system32\drivers\psdvdisk.sys [2007-02-06 60712]
S0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-18 141312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2007-03-20 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]

.
Obsah adresáře 'Naplánované úlohy'

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{50EAEB3D-984B-4306-89B6-72E53F724792}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.efotbal.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Misa\Program Files\DNA\plugins\npbtdna.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 14:09
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4932)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Celkový čas: 2009-04-18 14:12
ComboFix-quarantined-files.txt 2009-04-18 12:11
ComboFix2.txt 2009-04-18 09:43
ComboFix3.txt 2009-04-17 11:27
ComboFix4.txt 2008-12-06 14:18

Před spuštěním: 2 683 752 448
Po spuštění: 2 553 810 944

372 --- E O F --- 2009-04-16 07:50

[hawks86]

A pak závěrečný log s hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:21, on 18.4.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Misa\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Misa\AppData\Local\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Misa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9718 bytes

[jaro3]

Ještě je tam ten Symantec/Norton , tak to pročistíme, i tempy.
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
ALUSchedulerSvc
ccSvcHst
LUCOMS~1

:Reg

:Files
C:\Program Files\Common Files\Symantec Shared

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
*****************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O13 - Gopher Prefix:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.

[hawks86]

Tak jsem zkopíroval ty řádky do toho OTMoveltu a restartoval se počítač. Pak ale při zapnutí Mozilly nefungují na stránkách žádné obrázky ani grafika, co s tím?? Tady je ta pravá strana

Files moved on Reboot...
Folder move failed. C:\Program Files\Common Files\Symantec Shared\SPManifests scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\Help scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\CCPD-LC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\SPManifests scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\Help scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\CCPD-LC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared scheduled to be moved on reboot.

[jaro3]

Ten log z OTMoveIt není celý....
Vlož sem nový log z HJT.

Zazálohuj záložky atd, v FF, odinstaluj a smaž vše co k němu patří a stáhni si ho znovu a nainstaluj.Včetně všech pluginů.

[hawks86]

Jo sorry, tady je ten celej log z toho OT Moveltu, pak fixnu ty souboru v Hijacku

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver ALUSchedulerSvc not found.

Service\Driver ccSvcHst not found.

Service\Driver LUCOMS~1 not found.

========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Program Files\Common Files\Symantec Shared\SPManifests scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\PIF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\Help scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\CCPD-LC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Misa\AppData\Local\Temp\etilqs_Zjupp9Tj3qzol9pgbHlk scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Misa\AppData\Local\Mozilla\Firefox\Profiles\i8eorezm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Misa\AppData\Local\Mozilla\Firefox\Profiles\i8eorezm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Misa\AppData\Local\Mozilla\Firefox\Profiles\i8eorezm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Misa\AppData\Local\Mozilla\Firefox\Profiles\i8eorezm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Misa\AppData\Local\Mozilla\Firefox\Profiles\i8eorezm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04192009_121805

[hawks86]

Tady je pak log s Hijack po tom, jak jsem udělat fixed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:24, on 20.4.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Misa\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Users\Misa\AppData\Local\Temp\Rar$EX00.641\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Misa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9675 bytes

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config LiveUpdate - Symantec Corporation  start= disabled
sc stop LiveUpdate - Symantec Corporation
sc delete LiveUpdate - Symantec Corporation
sc config LiveUpdate Notice Service Ex  start= disabled
sc stop LiveUpdate Notice Service Ex
sc delete LiveUpdate Notice Service Ex

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Ještě zkus fix v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: AutorunsDisabled
O13 - Gopher Prefix

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vše.

[pukar]

Cavte potrebovaol by som od vas pomoc lebo uz som zufaly s toho avg mi najde v c:\windows\system32\drivers\ws2_32sik.sys trojsky kon rootkit agent.CW a systemntmi.sys a netsik.sys neviem ho nijako odstranit skusal som trojan remover,avg,search and destroy,ad-aware a Mbam ... odstranili ten trojan ale on sa tam zas po 5 minutach objavi ...
Mam 50 beziacich procesov...a trochu spomaleny pc... tu su logy

hijack this

Logfile of HijackThis v1.99.1
Scan saved at 15:39:45, on 20.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ivan\Plocha\Rootkit_Detective.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TC UP\totalcmd.exe
C:\Documents and Settings\Ivan\Ivan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ivan] C:\Documents and Settings\Ivan\Ivan.exe /i
O4 - HKCU\..\Run: [] C:\Documents and Settings\Ivan\.exe /i
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

Malware bytes

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2014
Windows 5.1.2600 Service Pack 3

20.4.2009 14:50:30
mbam-log-2009-04-20 (14-50-28).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 81814
Uplynutý cas: 7 minute(s), 29 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 14
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 4
Infikovaných priecinkov: 0
Infikovaných súborov: 19

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\YIFWTTEH\load[1].exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivan\Local Settings\Temp\BN3F.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> No action taken.

[hawks86]

jaro3:
Tak jsem všechno udělal, jak mám, tak díky za rady, snad to pomůže