PC-HELP.CZ

Mám někde v počítači pravděpodobně keylogger. Zkoukněte to někdo, jesli se vám tam něco nezdá.
Předem díky.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:23, on 23.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programy\Avast4\aswUpdSv.exe
C:\Programy\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programy\DAP\DAP.EXE
C:\Programy\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Programy\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Programy\ICQ6\ICQ.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Xfire\xfire.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\Avast4\ashMaiSv.exe
C:\Programy\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programy\Avast4\setup\avast.setup
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [DriverCD] D:\Run.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programy\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EzOFF] C:\Programy\Ez OFF\EzOff.exe
O4 - HKLM\..\Run: [mouseElf] C:\Programy\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programy\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programy\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programy\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8444 bytes

Odinstaluj: AskBarDis

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1682
Windows 5.1.2600 Service Pack 3

23.1.2009 14:36:19
mbam-log-2009-01-23 (14-36-19).txt

Typ skenu: Rychlý sken
Objektu skenováno: 64798
Uplynulý cas: 5 minute(s), 47 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Vypni rez. ochranu u Avastu.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 09-01-21.04 - Mozek 2009-01-23 15:06:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3070.2461 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mozek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mozek\Local Settings\Temporary Internet Files\head_firmware.inf
c:\documents and settings\Mozek\Local Settings\Temporary Internet Files\T10.GIF
c:\documents and settings\Mozek\Local Settings\Temporary Internet Files\T10_0x4102_0x1117_P_FRE.ZIP
c:\program files\INSTALL.LOG
c:\windows\admintxt.txt
c:\windows\system32\200913429.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 14:27 . 2009-01-23 14:27 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\Malwarebytes
2009-01-23 14:26 . 2009-01-23 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-23 14:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 14:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 13:12 . 2009-01-23 13:12 <DIR> d-------- c:\program files\AskBarDis
2009-01-23 13:11 . 2009-01-23 13:11 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-23 13:10 . 2009-01-23 13:10 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-23 13:10 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-23 13:10 . 2009-01-23 15:10 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-23 13:09 . 2009-01-23 15:11 <DIR> d-------- c:\windows\Internet Logs
2009-01-22 15:29 . 1999-10-13 07:12 4,398 --a------ c:\windows\caesar3.ico
2009-01-22 15:29 . 2000-04-24 11:03 2,102 --a------ c:\windows\cleoicon.ico
2009-01-22 15:29 . 2000-03-29 16:19 766 --a------ c:\windows\zeusicon.ico
2009-01-22 15:29 . 1999-09-30 15:41 766 --a------ c:\windows\attwns.ico
2009-01-22 15:28 . 2009-01-22 15:28 <DIR> d-------- c:\program files\Sierra On-Line
2009-01-22 15:27 . 2009-01-22 15:29 563 --a------ c:\windows\SIERRA.INI
2009-01-22 10:18 . 2009-01-23 13:30 0 --a------ c:\windows\1.ini
2009-01-22 08:34 . 2009-01-22 08:34 16 --a------ c:\windows\wow
2009-01-20 17:23 . 2009-01-20 17:23 0 --a------ C:\LHT3C.tmp
2009-01-16 17:39 . 2008-07-09 10:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\cs-cz
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\cs
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\bits
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\l2schemas
2009-01-15 18:23 . 2009-01-15 18:25 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-15 18:18 . 2009-01-15 18:18 <DIR> d-------- c:\windows\EHome
2009-01-15 18:09 . 2009-01-15 18:09 <DIR> d---s---- c:\documents and settings\Mozek\UserData
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-13 16:33 . 2009-01-22 14:03 <DIR> d-------- c:\documents and settings\Mozek\.gimp-2.6
2009-01-13 16:33 . 2009-01-13 16:33 <DIR> d-------- c:\documents and settings\Mozek\.gegl-0.0
2009-01-08 19:26 . 2009-01-08 19:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-05 16:52 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-05 16:52 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-05 16:51 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-05 16:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-05 16:51 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 14:12 --------- d-----w c:\documents and settings\Mozek\Data aplikací\uTorrent
2009-01-22 22:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-01-22 18:38 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Xfire
2009-01-22 12:57 --------- d-----w c:\documents and settings\Mozek\Data aplikací\gtk-2.0
2009-01-22 09:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-15 17:39 --------- d-----w c:\program files\MSN Messenger
2009-01-08 18:26 --------- d-----w c:\program files\Java
2009-01-08 18:24 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-05 19:26 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-05-06 15:28 17,152 ----a-w c:\documents and settings\Mozek\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-23 16:06 22,328 ----a-w c:\documents and settings\Mozek\Data aplikací\PnkBstrK.sys
2003-12-18 10:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 06:46 10,960 ----a-w c:\program files\EULA.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\programy\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"uTorrent"="c:\programy\uTorrent\uTorrent.exe" [2009-01-05 270128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ICQ"="c:\programy\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DownloadAccelerator"="c:\programy\DAP\DAP.EXE" [2007-12-19 3335944]
"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"ZoneAlarm Client"="c:\programy\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mozek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - c:\programy\Xfire\xfire.exe [2009-01-15 2993488]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2008-05-07 124400]
Microsoft Office.lnk - c:\programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Xfire\\xfire.exe"=
"c:\\Programy\\DAP\\DAP.exe"=
"c:\\ZZZ\\Akce\\Half-Life 2\\hl2.exe"=
"c:\\Programy\\Azureus\\Azureus.exe"=
"c:\\ZZZ\\World of Warcraft\\Repair.exe"=
"c:\\ZZZ\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programy\\ICQ6\\ICQ.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\Crysis.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ZZZ\\RPG\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\ZZZ\\Simulace\\NFS - Underground 2\\speed2.exe"=
"c:\\Programy\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\Tortun\\gui.exe"=
"c:\\ZZZ\\Strategie\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\ZZZ\\Akce\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28600:TCP"= 28600:TCP:uTorrent
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 111184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-23 464264]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-02-28 16512]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2007-12-20 7808]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-07-23 23600]
S4 softyinforwow;Application Layer Gateway Service.;c:\windows\System32\svchost.exe -k netsvcs [2004-08-18 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
softyinforwow
.
Obsah adresáře 'Naplánované úlohy'

2009-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-606747145-839522115-1004.job
- c:\documents and settings\Mozek\Local Settings\Data aplikac []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-DriverCD - D:\Run.exe
HKLM-Run-EzOFF - c:\programy\Ez OFF\EzOff.exe
HKLM-Run-mouseElf - c:\programy\GAMING~1\MouseElf.EXE
HKLM-Run-QuickTime Task - c:\programy\QuickTime\QTTask.exe
HKLM-Run-WinampAgent - c:\programy\Winamp\winampa.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: &Clean Traces - c:\programy\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programy\DAP\dapextie.htm
IE: Download &all with DAP - c:\programy\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mozek\Data aplikací\Mozilla\Firefox\Profiles\jhfql297.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\programy\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\programy\DivX\DivX Web Player\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 15:10:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1644491937-606747145-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programy\Avast4\aswUpdSv.exe
c:\programy\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programy\Avast4\ashMaiSv.exe
c:\programy\Avast4\ashWebSv.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Celkový čas: 2009-01-23 15:15:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-23 14:15:16

Před spuštěním: Volných bajtů: 53 797 064 704
Po spuštění: Volných bajtů: 53,856,796,672

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
c:\$win_nt$.~bt\BOOTSECT.DAT="Instalace systému Windows"

231 --- E O F --- 2009-01-15 17:30:05

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\\Programy\\Tortun\\gui.exe
Vlož sem pak odkaz výsledku.

Fajn tady je ten Virus total na gui.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.23 -
AhnLab-V3 5.0.0.2 2009.01.23 -
AntiVir 7.9.0.60 2009.01.23 -
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.22 -
AVG 8.0.0.229 2009.01.23 -
BitDefender 7.2 2009.01.23 -
CAT-QuickHeal 10.00 2009.01.23 -
ClamAV 0.94.1 2009.01.23 -
Comodo 943 2009.01.23 -
DrWeb 4.44.0.09170 2009.01.23 -
eSafe 7.0.17.0 2009.01.22 -
eTrust-Vet 31.6.6323 2009.01.23 -
F-Prot 4.4.4.56 2009.01.22 -
F-Secure 8.0.14470.0 2009.01.23 -
Fortinet 3.117.0.0 2009.01.23 -
GData 19 2009.01.23 -
Ikarus T3.1.1.45.0 2009.01.23 -
K7AntiVirus 7.10.602 2009.01.23 -
Kaspersky 7.0.0.125 2009.01.23 -
McAfee 5503 2009.01.22 -
McAfee+Artemis 5503 2009.01.22 -
Microsoft 1.4205 2009.01.23 -
NOD32 3793 2009.01.23 -
Norman 5.93.01 2009.01.23 -
nProtect 2009.1.8.0 2009.01.23 -
Panda 9.5.1.2 2009.01.23 -
PCTools 4.4.2.0 2009.01.23 -
Prevx1 V2 2009.01.23 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.23 -
Sophos 4.37.0 2009.01.23 -
Sunbelt 3.2.1835.2 2009.01.16 -
TheHacker 6.3.1.5.226 2009.01.22 -
TrendMicro 8.700.0.1004 2009.01.23 -
VBA32 3.12.8.11 2009.01.22 -
ViRobot 2009.1.23.1576 2009.01.23 -
VirusBuster 4.5.11.0 2009.01.23 -
Rozšiřující informace
File size: 38912 bytes
MD5...: 844a8be9a868826e572ff13c895c3fe1
SHA1..: 893def3b517b074ba2cf7dfca9b3690c29a75653
SHA256: 5f04a77440118551a924cbcbc585d58c18c90c8c302040624dfe3e5dde75c2fc
SHA512: 1312d7b6e54542ca8e9871a5213a644ad271e4179ac5493057a419d2ebac5350
954329a1eec3e10728a4cf851e036b84968345e979fd40c52da7c57783d90c46
ssdeep: 768:lHKNLp+5e3MBe7KsWR0ZS3sfYU7SlQbpVB+Rp3S0Zv/mWLHN4a:lH4Lp+A78
RD3sfYU75pVB+RBxZv/mWP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40285a
timedatestamp.....: 0x45950393 (Fri Dec 29 12:01:23 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ba2 0x1c00 6.23 562e1257a73048f57627736473e97733
.rdata 0x3000 0x6f6 0x800 4.42 0bc54cbd28b49931942782e80f4ef6d3
.data 0x4000 0x131c 0xc00 4.51 eba5b343aaa3349bcf8645590ff30f63
.rsrc 0x6000 0x6304 0x6400 5.42 2c30aafab03fa989b6d36a9bdbdf10ca

( 3 imports )
> USER32.dll: GetFocus, MessageBoxA
> MSVCR71.dll: _adjust_fdiv, __p__commode, __p__fmode, __setusermatherr, _except_handler3, _strdup, __dllonexit, _onexit, _controlfp, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _XcptFilter, _exit, _c_exit, realloc, bsearch, qsort, fprintf, _iob, setbuf, getenv, atoi, malloc, free, strncmp, strrchr, __p___argv, __p___argc, strncpy, _snprintf, _stricmp, __set_app_type
> KERNEL32.dll: GetStartupInfoA, IsBadReadPtr, SetLastError, GetProcessHeap, HeapFree, VirtualFree, VirtualProtect, VirtualAlloc, FreeLibrary, GetModuleHandleA, LoadLibraryA, GetProcAddress, OutputDebugStringA, GetFullPathNameA, UnmapViewOfFile, CreateFileA, GetFileSize, CreateFileMappingA, CloseHandle, MapViewOfFile, FindResourceA, LoadResource, LockResource, GetModuleFileNameA, GetLastError, FormatMessageA, LocalFree, lstrlenA, HeapAlloc

( 0 exports )
packers (Kaspersky): Py2Exe

Tady je posledni HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:36, on 23.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programy\Avast4\aswUpdSv.exe
C:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programy\DAP\DAP.EXE
C:\Programy\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Programy\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Programy\ICQ6\ICQ.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programy\Xfire\xfire.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\Avast4\ashMaiSv.exe
C:\Programy\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programy\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programy\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programy\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programy\Xfire\xfire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7688 bytes


A tady ten ComboFix:
ComboFix 09-01-21.04 - Mozek 2009-01-23 17:06:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3070.2506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mozek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mozek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
C:\LHT3C.tmp
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\windows\1.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LHT3C.tmp
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskBarDis\zonealarm.ico
c:\windows\1.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SOFTYINFORWOW
-------\Service_softyinforwow


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 14:27 . 2009-01-23 14:27 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\Malwarebytes
2009-01-23 14:26 . 2009-01-23 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-23 14:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 14:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 13:11 . 2009-01-23 13:11 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-23 13:10 . 2009-01-23 13:10 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-23 13:10 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-23 13:10 . 2009-01-23 17:11 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-23 13:09 . 2009-01-23 17:12 <DIR> d-------- c:\windows\Internet Logs
2009-01-22 15:29 . 1999-10-13 07:12 4,398 --a------ c:\windows\caesar3.ico
2009-01-22 15:29 . 2000-04-24 11:03 2,102 --a------ c:\windows\cleoicon.ico
2009-01-22 15:29 . 2000-03-29 16:19 766 --a------ c:\windows\zeusicon.ico
2009-01-22 15:29 . 1999-09-30 15:41 766 --a------ c:\windows\attwns.ico
2009-01-22 15:28 . 2009-01-22 15:28 <DIR> d-------- c:\program files\Sierra On-Line
2009-01-22 15:27 . 2009-01-22 15:29 563 --a------ c:\windows\SIERRA.INI
2009-01-22 08:34 . 2009-01-22 08:34 16 --a------ c:\windows\wow
2009-01-16 17:39 . 2008-07-09 10:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\cs-cz
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\cs
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\system32\bits
2009-01-15 18:25 . 2009-01-15 18:25 <DIR> d-------- c:\windows\l2schemas
2009-01-15 18:23 . 2009-01-15 18:25 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-15 18:18 . 2009-01-15 18:18 <DIR> d-------- c:\windows\EHome
2009-01-15 18:09 . 2009-01-15 18:09 <DIR> d---s---- c:\documents and settings\Mozek\UserData
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-13 16:33 . 2009-01-22 14:03 <DIR> d-------- c:\documents and settings\Mozek\.gimp-2.6
2009-01-13 16:33 . 2009-01-13 16:33 <DIR> d-------- c:\documents and settings\Mozek\.gegl-0.0
2009-01-08 19:26 . 2009-01-08 19:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-05 16:52 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-05 16:52 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-05 16:51 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-05 16:51 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-05 16:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-05 16:51 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 16:13 --------- d-----w c:\documents and settings\Mozek\Data aplikací\uTorrent
2009-01-22 22:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-01-22 18:38 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Xfire
2009-01-22 12:57 --------- d-----w c:\documents and settings\Mozek\Data aplikací\gtk-2.0
2009-01-22 09:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-15 17:39 --------- d-----w c:\program files\MSN Messenger
2009-01-08 18:26 --------- d-----w c:\program files\Java
2009-01-08 18:24 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-05 19:26 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-19 15:15 4,338,246 ----a-w c:\windows\system32\libavcodec.dll
2008-12-17 17:41 884,237 ----a-w c:\windows\system32\ff_x264.dll
2008-12-17 17:22 93,184 ----a-w c:\windows\system32\ff_wmv9.dll
2008-12-17 17:22 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-17 17:17 239,247 ----a-w c:\windows\system32\ff_theora.dll
2008-12-17 16:59 560,802 ----a-w c:\windows\system32\libmplayer.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-29 20:26 991,232 ----a-w c:\windows\system32\VSFilter.dll
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-05-06 15:28 17,152 ----a-w c:\documents and settings\Mozek\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-23 16:06 22,328 ----a-w c:\documents and settings\Mozek\Data aplikací\PnkBstrK.sys
2003-12-18 10:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 06:46 10,960 ----a-w c:\program files\EULA.txt
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\wow ----

c:\windows\wow\


((((((((((((((((((((((((((((( snapshot@2009-01-23_15.14.27.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-23 16:10:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\programy\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"uTorrent"="c:\programy\uTorrent\uTorrent.exe" [2009-01-05 270128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ICQ"="c:\programy\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DownloadAccelerator"="c:\programy\DAP\DAP.EXE" [2007-12-19 3335944]
"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"ZoneAlarm Client"="c:\programy\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mozek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - c:\programy\Xfire\xfire.exe [2009-01-15 2993488]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2008-05-07 124400]
Microsoft Office.lnk - c:\programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Xfire\\xfire.exe"=
"c:\\Programy\\DAP\\DAP.exe"=
"c:\\ZZZ\\Akce\\Half-Life 2\\hl2.exe"=
"c:\\Programy\\Azureus\\Azureus.exe"=
"c:\\ZZZ\\World of Warcraft\\Repair.exe"=
"c:\\ZZZ\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programy\\ICQ6\\ICQ.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\Crysis.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ZZZ\\RPG\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\ZZZ\\Simulace\\NFS - Underground 2\\speed2.exe"=
"c:\\Programy\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\Tortun\\gui.exe"=
"c:\\ZZZ\\Strategie\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\ZZZ\\Akce\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28600:TCP"= 28600:TCP:uTorrent
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 111184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-02-28 16512]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2007-12-20 7808]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-07-23 23600]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-606747145-839522115-1004.job
- c:\documents and settings\Mozek\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: &Clean Traces - c:\programy\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programy\DAP\dapextie.htm
IE: Download &all with DAP - c:\programy\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mozek\Data aplikací\Mozilla\Firefox\Profiles\jhfql297.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\programy\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\programy\DivX\DivX Web Player\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 17:11:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1644491937-606747145-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programy\Avast4\aswUpdSv.exe
c:\programy\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\programy\Avast4\ashMaiSv.exe
c:\programy\Avast4\ashWebSv.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Celkový čas: 2009-01-23 17:16:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-23 16:16:00
ComboFix2.txt 2009-01-23 14:15:21

Před spuštěním: Volných bajtů: 57 084 719 104
Po spuštění: Volných bajtů: 56,986,050,560

237 --- E O F --- 2009-01-15 17:30:05

START-spustit-napiš= cmd.exe - dej OK- v dosovém okně vlož myší toto:
sc stop AskService
sc delete AskService
exit


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Pokud nejsou problémy , je to vše.
.

No snad to bude fungovat. Nevim proc ale nemoh jsem se lognout zpatky na svuj ucet, musel jsem si nechat zaslat novy heslo...

Bohuzel asi nezjistim, jesli je ten problem vyresenej. I tak diky moc za pomoc.

Není zač , kdyby se ti něco ještě nezdálo , dej vědět.

Ok tohle se mi trochu nezda... smazal jsem tu slozku C:\Program Files\AskBarDis\bar\bin\
ve ktery byl ten
AskService.exe (file missing)

.. po restartu pocitace je tam ta slozka zas. Je prazdna krome prevCfg2.html kterej tam byl pred tim taky. A na to smazani jsem pouzil Shred File co dela DAP.

Je neco spatne?

Asi ano. prevCfg2.html patří k C:\Program Files\MyWebSearch (adware) koukni zda tam tu složku máš.
Rozjeď znovu MbAM ,ten jí má smazat pokud je v MyWebSearch.