PC-HELP.CZ

Instaloval jsem Crack a od té doby nejdou otvírat Hlásí to
Systém Windows nemůže nalézt RECYCLER/S-3-8-86-100030976-100009255-100013282-5088.com



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:24, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PWS.LD.Pinch - {649E2DCE-1AD1-470B-ACC8-42842396A94C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\Ivana\LOCALS~1\Temp\E_S15D.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E59A79F-C773-4C3A-B56D-8BD1B9E6A5FF}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5907 bytes

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Zatím moc díky za Tvůj čas :-)
Myslím,že to nevypadá pěkně.....

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 11:39:22
mbam-log-2009-02-04 (11-39-17).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54148
Uplynulý cas: 3 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

poté:
Vypni rez.ochranu u NOD32 a štít u Windows Defender.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Budu později večer.

Tak to vypadá,že je vše v pořádku :-)) MOC DĚKUJI,je vidět,že tomu opravdu rozumíš
Posílám ty dva logy. Zatím moc díky

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 12:13:08
mbam-log-2009-02-04 (12-13-08).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54108
Uplynulý cas: 4 minute(s), 9 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 3

4.2.2009 12:13:08
mbam-log-2009-02-04 (12-13-08).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54108
Uplynulý cas: 4 minute(s), 9 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 3
Infikované položky dat registru: 6
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\winsurf.avideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34e6f97c-34e0-4ce5-b92b-f83634bedc01} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dde5591-a8ab-4897-93ef-1e4e943f85a7} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc18ae76-7e65-4258-a193-9ea0c52da6b8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{649e2dce-1ad1-470b-acc8-42842396a94c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44e670f2-d57b-4815-a576-955d17dbbf2d} (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e59a79f-c773-4c3a-b56d-8bd1b9e6a5ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Data aplikací\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ivana\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.


ComboFix 09-02-03.01 - Ivana 2009-02-04 12:38:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.268 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active

.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Ivana\Data aplikací\inst.exe
c:\recycler\S-1-3-18-100016950-100006797-100015160-2326.com
c:\windows\system32\drivers\gaopdxarmpcfqp.sys
c:\windows\system32\drivers\gaopdxlwmimxbn.sys
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\gaopdxepbhxrdn.dll
c:\windows\system32\Nmorenu.dll
c:\windows\system32\systeminfo3.dll
F:\Autorun.inf
f:\recycler\S-1-3-18-100016950-100006797-100015160-2326.com
f:\recycler\S-6-6-32-100028592-100018642-100016524-9121.com
f:\recycler\S-9-8-91-100016597-100013827-100032084-2285.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-02-04 05:48 . 2009-02-04 09:29 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 11:29 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-04 08:30 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-05-22 12:11 8 --sh--r c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 12:40:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,eb,b7,8b,c6,1c,5f,c2,f4,b4,16,99,6f,72,88,9a,37,4b,2f,82,ac,1a,82,
8c,08,1a,dc,fa,5a,84,07,5b,2a,7d,0a,1c,81,ae,d6,01,25,4f,97,75,5d,6c,00,e1,\
"??"=hex:c0,c0,5d,9a,d4,c5,c3,47,73,36,cc,5b,ea,f7,5a,80

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:a5,1b,30,da,a3,42,1c,cc,d4,52,62,83,2c,6c,36,73,59,32,58,2a,4b,
72,af,03,7f,a9,79,f7,e2,6c,56,fa,6b,39,14,03,69,d8,29,65,9f,e4,18,d5,3e,f9,\
"rkeysecu"=hex:f0,53,65,b3,aa,d0,2b,e5,ca,91,ca,a9,dc,80,cc,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6C06AF31E4D8D8DA4BED7C2F76CF009E5D9485D7F7F33920DAD926ADA261D319BDDC4820B2BF4CBAE526EE560DC9AFA0C3155F4876AE0192182BCF2956BD3390419CAE9892E137B99CB4EC35746D93F4728CE86B9A3A927A75905BA6060F759B524E5E43AE66466B4AA1FAD7A4EE322566A15054CFF4EC78336C405F2E82339191343A99B0644E7B11A906A09CF3B652E22DA9E6043336C1D4D45CDCCE3829D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3D17227F04AD19A715A5CA6C4D36025BEBAE5DA663D115E771893180C2241804869916324A83BFDEA3C258CD5B029DE32D04983E59855FFC0E8A695DEDE9D6F2AEE8CC15A43DD9D3AE4FEF8E507F6D71FA5DC7FDC6004469AA00EB68E63D073C3261571170E2F38262E46065AFC6CA99B7351603740A0B797D67E1C7D9B7FB88BCA17A775F7D8D897E632A68CF740214584D64CE7D726DA0CFFE2606C876FDA00E8AAFF9F51E9BAD57EF85955A2654BEE429C5C6D10798F3024FCB91081CC675F643263210D485D755EDDCCC4F0077997D9081B5351FB0AE042015BDBF4E059862B53F1A5BBBA791F48CCED282AB9349511113C6BF1149AC5DFEFB3F6E35DDC0488F0E11D669528DC638ADCE18D1C598A578AA0CDB3BEDF1A83CABB0E27F65C8B9425EDADB7EC89CEE24FECD8CA49FF2D4DC2B7CCA7D9C23926C8592C2DE2AB0D985AC1F929E43B9A4487FC02FD6A469CB95ABEE20BBC689DFEB9E440709A71BDE532CE8F76EEEFE36E09AFCA01FD0B08A3F792343605294E4D4BE0F7C37D3CD16E84027DE9AE9AC81EA76B8593A0E22293A92B870579AD50C09E19B44A79335DC49032E6DD049A57C2A661124683FBACDA92AB636906B82D42E3AF7511BC3DF27B9C1B49CC294F32FA7F6861FEBB89AB775A98579818975CFAC2B186E58B07F7C457F56BA284942352BE5FDBD8C4388B64C2BF2F122282B2533CC51B72920EB773A7093683BD560BE47A540C5971DEAB11BFD30ABEF73C68DB0EB5E9DD9C89FC8A9FDCD9DBB1F42124D5D7752D976502198A651066B088DD7DB8ADDE53CD33BB1E9C64E22EAFC8185D36737D2AAF46913BB5BD1B319F8E9E6AD5B51A7A7E1FE0B969B3E94903B5705B751F00ADEAF0AA740888FBE804CE8B0E34820D07306D3BF8B02AF65F519A492175FFE8E52B52D9327CEC901AFFA3EBEFC6C94227F46C24F6DB393DC6B4C6DC155869CC965076D22B400A6AB37F4BDB0C1995C30AA1EFCCC9F1EC313C2FBDA3A1AF16B7D7C998D30EF24AFC02B99E23739D20A645EFD545E4FE2F9F5524436B8CE806F397DD5712DA676521A25C0C999B05295FA8146BFC068D756C77535F18DA44410E5D59822A0"
.
Celkový čas: 2009-02-04 12:42:59
ComboFix-quarantined-files.txt 2009-02-04 11:42:33

Před spuštěním: 8,939,532,288
Po spuštění: 8,989,618,176

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

197 --- E O F --- 2009-02-03 06:59:31

Doufám, že již nebudeš pokoušet nelegální praktiky, protože to budu jinak zamykat. Teď již je toto zbytečné zamykat, ale pokud by to některý z moderátorů zjistil dříve, jistě by to zamkl. Přečti si pravidla fóra!

Ahoj díky za upozornění.....omlouvám se!
Ale myslím,že nejvíc by měli dostat přes čumes, Ti co to vymýšlí.
Jinak pravidla jsem si již přečetl,souhlasím s nimi a hodlám je napříště dodržovat.

Toto znáš: C:\write_test.649 ?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
Vlož sem potom odkaz výsledku.

Jaro,moc děkuji ještě jednou za Tvůj čas a trpělivost!!! Nevím co na to říci....DÍKY

Ten soubor na test,jsem,ale bohužel nenašel.....jsem asi blbej:-(

ComboFix 09-02-03.01 - Ivana 2009-02-04 21:09:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.194 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
c:\windows\system32\gaopdxcounter
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gaopdxcounter

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-04 19:01 . 2009-02-04 19:01 <DIR> d-------- c:\windows\LastGood
2009-02-04 16:10 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 11:29 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-04 08:30 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-05-22 12:11 8 --sh--r c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-04_12.41.41.34 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 21:10:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,eb,b7,8b,c6,1c,5f,c2,f4,b4,16,99,6f,72,88,9a,37,4b,2f,82,ac,1a,82,
8c,08,1a,dc,fa,5a,84,07,5b,2a,7d,0a,1c,81,ae,d6,01,25,4f,97,75,5d,6c,00,e1,\
"??"=hex:c0,c0,5d,9a,d4,c5,c3,47,73,36,cc,5b,ea,f7,5a,80

[HKEY_USERS\S-1-5-21-299502267-651377827-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:a5,1b,30,da,a3,42,1c,cc,d4,52,62,83,2c,6c,36,73,59,32,58,2a,4b,
72,af,03,7f,a9,79,f7,e2,6c,56,fa,6b,39,14,03,69,d8,29,65,9f,e4,18,d5,3e,f9,\
"rkeysecu"=hex:f0,53,65,b3,aa,d0,2b,e5,ca,91,ca,a9,dc,80,cc,6e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6C06AF31E4D8D8DA4BED7C2F76CF009E5D9485D7F7F33920DAD926ADA261D319BDDC4820B2BF4CBAE526EE560DC9AFA0C3155F4876AE0192182BCF2956BD3390419CAE9892E137B99CB4EC35746D93F4728CE86B9A3A927A75905BA6060F759B524E5E43AE66466B4AA1FAD7A4EE322566A15054CFF4EC78336C405F2E82339191343A99B0644E7B11A906A09CF3B652E22DA9E6043336C1D4D45CDCCE3829D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3D17227F04AD19A715A5CA6C4D36025BEBAE5DA663D115E771893180C2241804869916324A83BFDEA3C258CD5B029DE32D04983E59855FFC0E8A695DEDE9D6F2AEE8CC15A43DD9D3AE4FEF8E507F6D71FA5DC7FDC6004469AA00EB68E63D073C3261571170E2F38262E46065AFC6CA99B7351603740A0B797D67E1C7D9B7FB88BCA17A775F7D8D897E632A68CF740214584D64CE7D726DA0CFFE2606C876FDA00E8AAFF9F51E9BAD57EF85955A2654BEE429C5C6D10798F3024FCB91081CC675F643263210D485D755EDDCCC4F0077997D9081B5351FB0AE042015BDBF4E059862B53F1A5BBBA791F48CCED282AB9349511113C6BF1149AC5DFEFB3F6E35DDC0488F0E11D669528DC638ADCE18D1C598A578AA0CDB3BEDF1A83CABB0E27F65C8B9425EDADB7EC89CEE24FECD8CA49FF2D4DC2B7CCA7D9C23926C8592C2DE2AB0D985AC1F929E43B9A4487FC02FD6A469CB95ABEE20BBC689DFEB9E440709A71BDE532CE8F76EEEFE36E09AFCA01FD0B08A3F792343605294E4D4BE0F7C37D3CD16E84027DE9AE9AC81EA76B8593A0E22293A92B870579AD50C09E19B44A79335DC49032E6DD049A57C2A661124683FBACDA92AB636906B82D42E3AF7511BC3DF27B9C1B49CC294F32FA7F6861FEBB89AB775A98579818975CFAC2B186E58B07F7C457F56BA284942352BE5FDBD8C4388B64C2BF2F122282B2533CC51B72920EB773A7093683BD560BE47A540C5971DEAB11BFD30ABEF73C68DB0EB5E9DD9C89FC8A9FDCD9DBB1F42124D5D7752D976502198A651066B088DD7DB8ADDE53CD33BB1E9C64E22EAFC8185D36737D2AAF46913BB5BD1B319F8E9E6AD5B51A7A7E1FE0B969B3E94903B5705B751F00ADEAF0AA740888FBE804CE8B0E34820D07306D3BF8B02AF65F519A492175FFE8E52B52D9327CEC901AFFA3EBEFC6C94227F46C24F6DB393DC6B4C6DC155869CC965076D22B400A6AB37F4BDB0C1995C30AA1EFCCC9F1EC313C2FBDA3A1AF16B7D7C998D30EF24AFC02B99E23739D20A645EFD545E4FE2F9F5524436B8CE806F397DD5712DA676521A25C0C999B05295FA8146BFC068D756C77535F18DA44410E5D59822A0"
.
Celkový čas: 2009-02-04 21:12:49
ComboFix-quarantined-files.txt 2009-02-04 20:12:19
ComboFix2.txt 2009-02-04 11:43:00

Před spuštěním: 8 334 929 920
Po spuštění: 8,323,710,976

181 --- E O F --- 2009-02-04 18:02:35




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:06, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\AudioPlugins\RMADEC.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5193 bytes

Takže si zase vypni ochrany a ještě jeden script:

Postup stejný jako výše, pak sem vlož log z CF a HJt, zítra to dokončíme.

Ahoj Díky znovu za info. Vše jsem zvládl a posílám ty logy.

ComboFix 09-02-04.04 - Ivana 2009-02-05 19:12:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.188 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\F7C1D9671E.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-05 do 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 16:10 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-02-04 11:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-04 11:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 09:37 . 2009-02-04 09:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d-------- c:\documents and settings\Tom\Plocha
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní tiskárny
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> d--h----- c:\documents and settings\Tom\Okolní síť
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Oblíbené položky
2009-02-04 09:08 . 2007-03-03 14:34 <DIR> d--h----- c:\documents and settings\Tom\Šablony
2009-02-04 09:08 . 2007-03-03 22:21 <DIR> dr------- c:\documents and settings\Tom\Nabídka Start
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr------- c:\documents and settings\Tom\Dokumenty
2009-02-04 09:08 . 2009-02-04 09:09 <DIR> dr-h----- c:\documents and settings\Tom\Data aplikací
2009-02-04 09:08 . 2009-02-04 09:28 <DIR> d-------- c:\documents and settings\Tom
2009-02-04 06:32 . 2009-02-04 06:32 <DIR> d-------- c:\program files\Yamicsoft
2009-01-30 17:40 . 2009-01-30 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Vivendi Universal Games
2009-01-30 08:40 . 2009-02-05 18:34 <DIR> d-------- c:\documents and settings\Ivana\Data aplikací\skypePM
2009-01-30 08:40 . 2009-01-30 08:40 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-30 08:39 . 2009-01-30 08:39 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 13:50 . 2009-01-09 13:52 98,000,000 --a------ C:\write_test.649
2009-01-09 11:57 . 1997-01-29 16:53 240,640 --a------ c:\windows\system32\Nmocod.dll
2009-01-09 11:57 . 1997-01-29 17:04 200,192 --a------ c:\windows\system32\Httpct.ocx
2009-01-09 11:57 . 1997-01-29 16:46 48,128 --a------ c:\windows\system32\Nmsckn.dll
2009-01-09 11:56 . 2009-01-09 12:06 796,672 --a------ c:\windows\GPInstall.exe
2009-01-09 11:56 . 2001-04-18 22:22 7,589 --a------ c:\windows\Czech_CZ.gpl
2009-01-07 16:30 . 2009-01-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-01-05 19:25 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 18:09 --------- d-----w c:\program files\Arovax AntiSpyware
2009-02-05 17:34 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Skype
2009-02-04 06:34 --------- d-----w c:\program files\ESET
2009-01-31 05:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 07:39 --------- d-----w c:\program files\Skype
2009-01-30 07:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-11 07:31 --------- d-----w c:\documents and settings\Ivana\Data aplikací\uTorrent
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 16:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Barbie Fashion Show
2008-12-07 09:00 --------- d-----w c:\documents and settings\Ivana\Data aplikací\Audacity
2008-12-06 08:36 --------- d-----w c:\program files\SlySoft
2008-11-29 08:05 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-29 08:05 249,856 ------w c:\windows\Setup1.exe
2008-11-22 14:37 94,208 ----a-w c:\documents and settings\Ivana\Data aplikací\ezplay.sys
2008-11-22 14:37 47,360 ----a-w c:\documents and settings\Ivana\Data aplikací\pcouffin.sys
2008-11-21 11:02 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-22 12:13 2,516 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-04_12.41.41.34 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-03 7618560]
"Arovax AntiSpyware"="c:\program files\Arovax AntiSpyware\arovaxantispyware.exe" [2006-09-22 1847296]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\HRY\\NFSU\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-03-26 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-03-26 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [2008-01-30 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2008-01-30 14414]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [2007-05-04 54784]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-16 19034]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df091c8c-cb07-11db-bc92-000fea64dfaf}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\open\command - E:\penload.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- f:\hry\Zpr []

2009-02-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\rmxtit07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 19:14:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\docume~1\Ivana\LOCALS~1\Temp\Perflib_Perfdata_870.dat 16384 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2009-02-05 19:16:23
ComboFix-quarantined-files.txt 2009-02-05 18:15:50
ComboFix2.txt 2009-02-04 20:12:50
ComboFix3.txt 2009-02-04 11:43:00

Před spuštěním: 8 324 415 488
Po spuštění: 8,311,013,376

168 --- E O F --- 2009-02-05 17:36:58




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:47, on 5.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5111 bytes

logy O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.