Nejdou otvírat místní disky,díky Vyřešeno

[p-a-t-e-j-l]

Instaloval jsem Crack a od té doby nejdou otvírat Hlásí to
Systém Windows nemůže nalézt RECYCLER/S-3-8-86-100030976-100009255-100013282-5088.com



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:24, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PWS.LD.Pinch - {649E2DCE-1AD1-470B-ACC8-42842396A94C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\Ivana\LOCALS~1\Temp\E_S15D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E59A79F-C773-4C3A-B56D-8BD1B9E6A5FF}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5907 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[p-a-t-e-j-l]

Zatím moc díky za Tvůj čas :-)
Myslím,že to nevypadá pěkně.....

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 11:39:22
mbam-log-2009-02-04 (11-39-17).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54148
Uplynulý cas: 3 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

poté:
Vypni rez.ochranu u NOD32 a štít u Windows Defender.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Budu později večer.

[p-a-t-e-j-l]

Tak to vypadá,že je vše v pořádku :-)) MOC DĚKUJI,je vidět,že tomu opravdu rozumíš
Posílám ty dva logy. Zatím moc díky

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 12:13:08
mbam-log-2009-02-04 (12-13-08).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54108
Uplynulý cas: 4 minute(s), 9 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 12:13:08
mbam-log-2009-02-04 (12-13-08).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54108
Uplynulý cas: 4 minute(s), 9 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.


ComboFix 09-02-03.01 - Ivana 2009-02-04 12:38:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.268 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active

.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Ivana\Data aplikací\inst.exe
c:\recycler\S-1-3-18-100016950-100006797-100015160-2326.com
c:\windows\system32\drivers\gaopdxarmpcfqp.sys
c:\windows\system32\drivers\gaopdxlwmimxbn.sys
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\gaopdxepbhxrdn.dll
c:\windows\system32\Nmorenu.dll
c:\windows\system32\systeminfo3.dll
F:\Autorun.inf
f:\recycler\S-1-3-18-100016950-100006797-100015160-2326.com
f:\recycler\S-6-6-32-100028592-100018642-100016524-9121.com
f:\recycler\S-9-8-91-100016597-100013827-100032084-2285.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-02-04 05:48 . 2009-02-04 09:29 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 11:29 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-04 08:30 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-05-22 12:11 8 --sh--r c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 12:40:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,eb,b7,8b,c6,1c,5f,c2,f4,b4,16,99,6f,72,88,9a,37,4b,2f,82,ac,1a,82,
8c,08,1a,dc,fa,5a,84,07,5b,2a,7d,0a,1c,81,ae,d6,01,25,4f,97,75,5d,6c,00,e1,\
"??"=hex:c0,c0,5d,9a,d4,c5,c3,47,73,36,cc,5b,ea,f7,5a,80

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:a5,1b,30,da,a3,42,1c,cc,d4,52,62,83,2c,6c,36,73,59,32,58,2a,4b,
72,af,03,7f,a9,79,f7,e2,6c,56,fa,6b,39,14,03,69,d8,29,65,9f,e4,18,d5,3e,f9,\
"rkeysecu"=hex:f0,53,65,b3,aa,d0,2b,e5,ca,91,ca,a9,dc,80,cc,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6C06AF31E4D8D8DA4BED7C2F76CF009E5D9485D7F7F33920DAD926ADA261D319BDDC4820B2BF4CBAE526EE560DC9AFA0C3155F4876AE0192182BCF2956BD3390419CAE9892E137B99CB4EC35746D93F4728CE86B9A3A927A75905BA6060F759B524E5E43AE66466B4AA1FAD7A4EE322566A15054CFF4EC78336C405F2E82339191343A99B0644E7B11A906A09CF3B652E22DA9E6043336C1D4D45CDCCE3829D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3D17227F04AD19A715A5CA6C4D36025BEBAE5DA663D115E771893180C2241804869916324A83BFDEA3C258CD5B029DE32D04983E59855FFC0E8A695DEDE9D6F2AEE8CC15A43DD9D3AE4FEF8E507F6D71FA5DC7FDC6004469AA00EB68E63D073C3261571170E2F38262E46065AFC6CA99B7351603740A0B797D67E1C7D9B7FB88BCA17A775F7D8D897E632A68CF740214584D64CE7D726DA0CFFE2606C876FDA00E8AAFF9F51E9BAD57EF85955A2654BEE429C5C6D10798F3024FCB91081CC675F643263210D485D755EDDCCC4F0077997D9081B5351FB0AE042015BDBF4E059862B53F1A5BBBA791F48CCED282AB9349511113C6BF1149AC5DFEFB3F6E35DDC0488F0E11D669528DC638ADCE18D1C598A578AA0CDB3BEDF1A83CABB0E27F65C8B9425EDADB7EC89CEE24FECD8CA49FF2D4DC2B7CCA7D9C23926C8592C2DE2AB0D985AC1F929E43B9A4487FC02FD6A469CB95ABEE20BBC689DFEB9E440709A71BDE532CE8F76EEEFE36E09AFCA01FD0B08A3F792343605294E4D4BE0F7C37D3CD16E84027DE9AE9AC81EA76B8593A0E22293A92B870579AD50C09E19B44A79335DC49032E6DD049A57C2A661124683FBACDA92AB636906B82D42E3AF7511BC3DF27B9C1B49CC294F32FA7F6861FEBB89AB775A98579818975CFAC2B186E58B07F7C457F56BA284942352BE5FDBD8C4388B64C2BF2F122282B2533CC51B72920EB773A7093683BD560BE47A540C5971DEAB11BFD30ABEF73C68DB0EB5E9DD9C89FC8A9FDCD9DBB1F42124D5D7752D976502198A651066B088DD7DB8ADDE53CD33BB1E9C64E22EAFC8185D36737D2AAF46913BB5BD1B319F8E9E6AD5B51A7A7E1FE0B969B3E94903B5705B751F00ADEAF0AA740888FBE804CE8B0E34820D07306D3BF8B02AF65F519A492175FFE8E52B52D9327CEC901AFFA3EBEFC6C94227F46C24F6DB393DC6B4C6DC155869CC965076D22B400A6AB37F4BDB0C1995C30AA1EFCCC9F1EC313C2FBDA3A1AF16B7D7C998D30EF24AFC02B99E23739D20A645EFD545E4FE2F9F5524436B8CE806F397DD5712DA676521A25C0C999B05295FA8146BFC068D756C77535F18DA44410E5D59822A0"
.
Celkový čas: 2009-02-04 12:42:59
ComboFix-quarantined-files.txt 2009-02-04 11:42:33

Před spuštěním: 8,939,532,288
Po spuštění: 8,989,618,176

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

197 --- E O F --- 2009-02-03 06:59:31

[Pic]

Doufám, že již nebudeš pokoušet nelegální praktiky, protože to budu jinak zamykat. Teď již je toto zbytečné zamykat, ale pokud by to některý z moderátorů zjistil dříve, jistě by to zamkl. Přečti si pravidla fóra!

[p-a-t-e-j-l]

Ahoj díky za upozornění.....omlouvám se!
Ale myslím,že nejvíc by měli dostat přes čumes, Ti co to vymýšlí.
Jinak pravidla jsem si již přečetl,souhlasím s nimi a hodlám je napříště dodržovat.

[jaro3]

Toto znáš: C:\write_test.649 ?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\gaopdxcounter

Folder::
c:\windows\system32\gaopdxcounter

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
Vlož sem potom odkaz výsledku.

[p-a-t-e-j-l]

Jaro,moc děkuji ještě jednou za Tvůj čas a trpělivost!!! Nevím co na to říci....DÍKY

Ten soubor na test,jsem,ale bohužel nenašel.....jsem asi blbej:-(

ComboFix 09-02-03.01 - Ivana 2009-02-04 21:09:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.194 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
c:\windows\system32\gaopdxcounter
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gaopdxcounter

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-04 19:01 . 2009-02-04 19:01 <DIR> d-------- c:\windows\LastGood
2009-02-04 16:10 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 11:29 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-04 08:30 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-05-22 12:11 8 --sh--r c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-04_12.41.41.34 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 21:10:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,eb,b7,8b,c6,1c,5f,c2,f4,b4,16,99,6f,72,88,9a,37,4b,2f,82,ac,1a,82,
8c,08,1a,dc,fa,5a,84,07,5b,2a,7d,0a,1c,81,ae,d6,01,25,4f,97,75,5d,6c,00,e1,\
"??"=hex:c0,c0,5d,9a,d4,c5,c3,47,73,36,cc,5b,ea,f7,5a,80

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:a5,1b,30,da,a3,42,1c,cc,d4,52,62,83,2c,6c,36,73,59,32,58,2a,4b,
72,af,03,7f,a9,79,f7,e2,6c,56,fa,6b,39,14,03,69,d8,29,65,9f,e4,18,d5,3e,f9,\
"rkeysecu"=hex:f0,53,65,b3,aa,d0,2b,e5,ca,91,ca,a9,dc,80,cc,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6C06AF31E4D8D8DA4BED7C2F76CF009E5D9485D7F7F33920DAD926ADA261D319BDDC4820B2BF4CBAE526EE560DC9AFA0C3155F4876AE0192182BCF2956BD3390419CAE9892E137B99CB4EC35746D93F4728CE86B9A3A927A75905BA6060F759B524E5E43AE66466B4AA1FAD7A4EE322566A15054CFF4EC78336C405F2E82339191343A99B0644E7B11A906A09CF3B652E22DA9E6043336C1D4D45CDCCE3829D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3D17227F04AD19A715A5CA6C4D36025BEBAE5DA663D115E771893180C2241804869916324A83BFDEA3C258CD5B029DE32D04983E59855FFC0E8A695DEDE9D6F2AEE8CC15A43DD9D3AE4FEF8E507F6D71FA5DC7FDC6004469AA00EB68E63D073C3261571170E2F38262E46065AFC6CA99B7351603740A0B797D67E1C7D9B7FB88BCA17A775F7D8D897E632A68CF740214584D64CE7D726DA0CFFE2606C876FDA00E8AAFF9F51E9BAD57EF85955A2654BEE429C5C6D10798F3024FCB91081CC675F643263210D485D755EDDCCC4F0077997D9081B5351FB0AE042015BDBF4E059862B53F1A5BBBA791F48CCED282AB9349511113C6BF1149AC5DFEFB3F6E35DDC0488F0E11D669528DC638ADCE18D1C598A578AA0CDB3BEDF1A83CABB0E27F65C8B9425EDADB7EC89CEE24FECD8CA49FF2D4DC2B7CCA7D9C23926C8592C2DE2AB0D985AC1F929E43B9A4487FC02FD6A469CB95ABEE20BBC689DFEB9E440709A71BDE532CE8F76EEEFE36E09AFCA01FD0B08A3F792343605294E4D4BE0F7C37D3CD16E84027DE9AE9AC81EA76B8593A0E22293A92B870579AD50C09E19B44A79335DC49032E6DD049A57C2A661124683FBACDA92AB636906B82D42E3AF7511BC3DF27B9C1B49CC294F32FA7F6861FEBB89AB775A98579818975CFAC2B186E58B07F7C457F56BA284942352BE5FDBD8C4388B64C2BF2F122282B2533CC51B72920EB773A7093683BD560BE47A540C5971DEAB11BFD30ABEF73C68DB0EB5E9DD9C89FC8A9FDCD9DBB1F42124D5D7752D976502198A651066B088DD7DB8ADDE53CD33BB1E9C64E22EAFC8185D36737D2AAF46913BB5BD1B319F8E9E6AD5B51A7A7E1FE0B969B3E94903B5705B751F00ADEAF0AA740888FBE804CE8B0E34820D07306D3BF8B02AF65F519A492175FFE8E52B52D9327CEC901AFFA3EBEFC6C94227F46C24F6DB393DC6B4C6DC155869CC965076D22B400A6AB37F4BDB0C1995C30AA1EFCCC9F1EC313C2FBDA3A1AF16B7D7C998D30EF24AFC02B99E23739D20A645EFD545E4FE2F9F5524436B8CE806F397DD5712DA676521A25C0C999B05295FA8146BFC068D756C77535F18DA44410E5D59822A0"
.
Celkový čas: 2009-02-04 21:12:49
ComboFix-quarantined-files.txt 2009-02-04 20:12:19
ComboFix2.txt 2009-02-04 11:43:00

Před spuštěním: 8 334 929 920
Po spuštění: 8,323,710,976

181 --- E O F --- 2009-02-04 18:02:35




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:06, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\AudioPlugins\RMADEC.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5193 bytes

[jaro3]

Takže si zase vypni ochrany a ještě jeden script:

Kód: Vybrat vše

File::
c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys

Driver::
F7C1D9671E

Postup stejný jako výše, pak sem vlož log z CF a HJt, zítra to dokončíme.

[p-a-t-e-j-l]

Ahoj Díky znovu za info. Vše jsem zvládl a posílám ty logy.

ComboFix 09-02-04.04 - Ivana 2009-02-05 19:12:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.188 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-05 do 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 16:10 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-05 18:34 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 18:09 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-05 17:34 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-04_12.41.41.34 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 19:14:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\docume~1\Ivana\LOCALS~1\Temp\Perflib_Perfdata_870.dat 16384 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2009-02-05 19:16:23
ComboFix-quarantined-files.txt 2009-02-05 18:15:50
ComboFix2.txt 2009-02-04 20:12:50
ComboFix3.txt 2009-02-04 11:43:00

Před spuštěním: 8 324 415 488
Po spuštění: 8,311,013,376

168 --- E O F --- 2009-02-05 17:36:58




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:47, on 5.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5111 bytes

[jaro3]

logy O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.