Kontrola logu

[Kamínek]

Ahoj, jukněte mi prosím drazí přátelé na tenhle log.
PC se neustále kouše, otevírání oken programů, nebo Mozily trvá milion let. Z ničeho nic začne procesor pracovat na plne obratky až cely zamrzne a nejde s nim nic delat. Norton žádné viry nedetekuje, Spybot našel včera nejakych par potvůrek a CC Cleaner používám pravidelně...nic extra tam nikde nikdy nebylo.
Helpněte, please - než to tu
Díky moc


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:10, on 14.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7391 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Kamínek]

dikes -tady je to:


Malwarebytes' Anti-Malware 1.36
Verze databáze: 1982
Windows 5.1.2600 Service Pack 2

14.4.2009 18:56:39
mbam-log-2009-04-14 (18-56-35).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82309
Uplynulý cas: 4 minute(s), 58 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Norton/Symantec+deaktivuj Spybot ( pokud ho tam máš , nevidím ho v logu.)
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Kamínek]

ok tak tady je ten druhej:


Malwarebytes' Anti-Malware 1.36
Verze databáze: 1982
Windows 5.1.2600 Service Pack 2

14.4.2009 19:11:46
mbam-log-2009-04-14 (19-11-46).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82099
Uplynulý cas: 4 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

[Kamínek]

tak tady je log z Combofixu.

ComboFix 09-04-14.09 - HUBKA 14.04.2009 19:27.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.203 [GMT 2:00]
Spuštěný z: c:\documents and settings\HUBKA\WINDOWS\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HUBKA\Data aplikací\inst.exe
c:\windows\regedit.com
c:\windows\system32\_003673_.tmp.dll
c:\windows\system32\_003674_.tmp.dll
c:\windows\system32\_003675_.tmp.dll
c:\windows\system32\_003676_.tmp.dll
c:\windows\system32\_003682_.tmp.dll
c:\windows\system32\_003683_.tmp.dll
c:\windows\system32\_003684_.tmp.dll
c:\windows\system32\_003685_.tmp.dll
c:\windows\system32\_003686_.tmp.dll
c:\windows\system32\_003687_.tmp.dll
c:\windows\system32\_003688_.tmp.dll
c:\windows\system32\_003689_.tmp.dll
c:\windows\system32\_003690_.tmp.dll
c:\windows\system32\_003691_.tmp.dll
c:\windows\system32\_003692_.tmp.dll
c:\windows\system32\_003693_.tmp.dll
c:\windows\system32\_003694_.tmp.dll
c:\windows\system32\_003695_.tmp.dll
c:\windows\system32\_003696_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003701_.tmp.dll
c:\windows\system32\_003702_.tmp.dll
c:\windows\system32\_003703_.tmp.dll
c:\windows\system32\_003704_.tmp.dll
c:\windows\system32\_003705_.tmp.dll
c:\windows\system32\_003706_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003846_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003848_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003850_.tmp.dll
c:\windows\system32\_003851_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003861_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003870_.tmp.dll
c:\windows\system32\_003873_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_003876_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003882_.tmp.dll
c:\windows\system32\_003883_.tmp.dll
c:\windows\system32\_003884_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003890_.tmp.dll
c:\windows\system32\_005799_.tmp.dll
c:\windows\system32\_005800_.tmp.dll
c:\windows\system32\_005801_.tmp.dll
c:\windows\system32\_005802_.tmp.dll
c:\windows\system32\_005810_.tmp.dll
c:\windows\system32\_005811_.tmp.dll
c:\windows\system32\_005812_.tmp.dll
c:\windows\system32\_005814_.tmp.dll
c:\windows\system32\_005815_.tmp.dll
c:\windows\system32\_005818_.tmp.dll
c:\windows\system32\_005819_.tmp.dll
c:\windows\system32\_005821_.tmp.dll
c:\windows\system32\_005822_.tmp.dll
c:\windows\system32\_005823_.tmp.dll
c:\windows\system32\_005825_.tmp.dll
c:\windows\system32\_005828_.tmp.dll
c:\windows\system32\_005829_.tmp.dll
c:\windows\system32\_005833_.tmp.dll
c:\windows\system32\_005834_.tmp.dll
c:\windows\system32\_005836_.tmp.dll
c:\windows\system32\_005839_.tmp.dll
c:\windows\system32\_005841_.tmp.dll
c:\windows\system32\_005842_.tmp.dll
c:\windows\system32\_005843_.tmp.dll
c:\windows\system32\_005844_.tmp.dll
c:\windows\system32\_005845_.tmp.dll
c:\windows\system32\_005848_.tmp.dll
c:\windows\system32\_005849_.tmp.dll
c:\windows\system32\_005850_.tmp.dll
c:\windows\system32\_005851_.tmp.dll
c:\windows\system32\_005852_.tmp.dll
c:\windows\system32\_005857_.tmp.dll
c:\windows\system32\_005859_.tmp.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-14 do 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Malwarebytes
2009-04-14 16:48 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 16:48 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-14 07:39 . 2009-04-14 07:39 -------- d-----w c:\program files\Trend Micro
2009-04-10 16:39 . 2009-04-10 16:39 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Media Player Classic
2009-04-10 16:25 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-10 16:25 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-10 16:25 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-10 16:25 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-10 16:25 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-10 16:25 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-10 16:25 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-10 16:25 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-10 16:25 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-10 16:25 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-10 16:25 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-10 16:25 . 2009-04-10 16:25 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-07 07:34 . 2009-04-07 07:34 -------- d-----w c:\program files\MOBILedit!
2009-04-06 19:13 . 2009-04-06 19:13 -------- d-----w c:\program files\AC3Filter
2009-04-01 12:03 . 2009-04-01 12:03 -------- d-----w C:\TiskProRadost
2009-03-24 08:24 . 2009-03-24 08:24 -------- d-----w c:\program files\Album Maker
2009-03-24 08:17 . 2009-03-24 08:17 -------- d-sh--r C:\sys
2009-03-24 08:16 . 2009-03-24 08:16 -------- d-----w c:\program files\Magic Photo Editor
2009-03-23 16:09 . 2009-03-23 16:09 45 ---h--w c:\windows\dwin6988.dat
2009-03-20 14:33 . 2009-03-20 14:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Data aplikací\O&O
2009-03-19 15:46 . 2009-04-14 17:34 53634 ----a-w c:\windows\system32\oodbs.lor
2009-03-19 10:18 . 2009-03-19 10:18 0 ----a-w c:\windows\oodcnt.INI
2009-03-19 10:18 . 2009-03-19 10:18 -------- d-----w c:\windows\system32\oodag
2009-03-19 08:15 . 2009-03-19 08:15 -------- d-----w c:\documents and settings\HUBKA\Local Settings\Data aplikací\O&O
2009-03-19 08:14 . 2009-03-19 08:14 -------- d-----w c:\program files\OO Software
2009-03-19 06:47 . 2009-03-19 06:47 -------- d-----w c:\program files\QuickTime
2009-03-19 06:46 . 2009-03-19 06:47 -------- d-----w c:\program files\Apple Software Update
2009-03-18 13:06 . 2009-03-18 13:06 -------- d-----w c:\program files\CCleaner
2009-03-18 08:36 . 2009-03-24 08:24 10127591 ----a-w c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 15:45 . 2009-02-09 19:50 737280 ----a-w c:\windows\iun6002.exe
2009-03-18 10:13 . 2006-02-16 21:29 247886 ---h--w C:\treeinfo.wc
2009-03-18 08:32 . 2002-09-23 10:00 75262 ----a-w c:\windows\system32\perfc005.dat
2009-03-18 08:32 . 2002-09-23 10:00 403046 ----a-w c:\windows\system32\perfh005.dat
2009-03-12 15:57 . 2009-03-12 15:57 -------- d--h--w c:\documents and settings\All Users\Data aplikací\CanonIJScan
2009-03-12 15:56 . 2009-03-12 15:56 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Canon
2009-03-11 16:22 . 2009-03-11 16:22 -------- d-----w c:\program files\ICQ6Toolbar
2009-03-11 16:21 . 2009-03-11 16:21 -------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-11 16:15 . 2009-03-11 16:15 -------- d-----w c:\program files\ICQ6.5
2009-03-01 15:38 . 2009-03-01 15:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\VirtualFarm
2009-03-01 14:36 . 2009-03-01 14:36 -------- d-----w c:\program files\Robomoucha
2009-03-01 13:42 . 2009-03-01 13:42 -------- d-----w c:\program files\ABC
2009-02-19 11:16 . 2009-02-19 11:16 86528 ----a-w c:\windows\bnetunin.exe
2009-02-19 11:16 . 2007-02-03 11:22 61440 ----a-w c:\windows\diabswun.exe
2009-02-19 10:03 . 2009-02-19 10:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 10:03 . 2009-02-19 10:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 09:31 . 2009-02-19 09:31 9844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 09:31 . 2009-02-19 09:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 09:31 . 2009-02-19 09:31 1611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-19 09:31 . 2009-02-19 09:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 09:31 . 2009-02-19 09:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 09:31 . 2009-02-19 09:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 09:31 . 2009-02-19 09:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 09:31 . 2009-02-19 09:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 09:31 . 2009-02-19 09:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 09:31 . 2009-02-19 09:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 08:33 . 2009-02-19 08:33 4632168 ----a-w c:\program files\SweetImSetup.exe
2009-02-18 16:37 . 2009-02-18 16:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-18 16:37 . 2009-02-18 16:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-18 16:33 . 2009-02-18 16:33 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-02-18 16:33 . 2008-11-05 07:23 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-02-18 16:33 . 2008-11-05 07:23 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-02-18 12:07 . 2009-02-18 12:07 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Alawar
2009-02-18 12:07 . 2009-02-18 12:07 -------- d-----w c:\program files\Katčin Rybí krámek
2009-02-14 13:03 . 2009-02-14 13:03 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\ArcSoft
2009-02-09 13:19 . 2008-10-24 18:13 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:19 . 2008-10-24 18:13 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-08 14:15 . 2008-12-21 15:43 140471 ----a-w C:\pokus.txt
2009-02-03 08:03 . 2007-06-16 15:42 47360 ----a-w c:\documents and settings\HUBKA\Data aplikací\pcouffin.sys
2009-01-16 19:30 . 2006-05-19 15:10 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 14:49 . 2009-01-04 14:49 81920 ----a-w c:\documents and settings\HUBKA\Data aplikací\ezpinst.exe
2008-09-25 14:49 . 2004-12-03 20:57 92080 ----a-w c:\documents and settings\HUBKA\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2007-06-23 17:33 . 2007-06-23 17:33 125 ----a-w c:\documents and settings\HUBKA\Local Settings\Data aplikací\fusioncache.dat
2004-12-13 20:05 . 2004-12-13 19:59 1234 ----a-w c:\program files\GPRSpeed Plus Client setup.log
2004-03-11 11:27 . 2004-12-29 19:50 40960 ----a-w c:\program files\Uninstall_CDS.exe
2007-08-24 18:2008-02-20 14:36 52:00 . c:\program files\mozilla firefox\components\coFFPlgn.dll
.

------- Sigcheck -------

[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\system32\svchost.exe
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe

[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\system32\ws2_32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\system32\winlogon.exe
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys

[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ip6fw.sys

[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\system32\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\services.exe

[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ctfmon.exe

[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\system32\userinit.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe

[-] 2004-08-17 13:49 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\system32\termsrv.dll
[-] 2004-08-17 13:49 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\termsrv.dll

[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\powrprof.dll

[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\imm32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-31 243064]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 FlyPCI;FlyPCI;c:\progra~1\FLY200~1\FlyPCI.sys [2003-10-10 4134]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-18 13224]
R3 GT680xNT;USB Scanner Driver; [x]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-06-23 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-06-23 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-06-23 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-06-23 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-06-23 83344]
S0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2006-10-02 30808]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-17 101936]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2003-07-18 24608]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST
.
Obsah adresáře 'Naplánované úlohy'

2009-04-06 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - HUBKA.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2007-08-26 16:19]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-PowerBar - (no file)
Notify-dimsntfy - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HUBKA\Data aplikací\Mozilla\Firefox\Profiles\qdaiptsp.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 19:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="78D8777ABE18292A243AC7DA27BD1B1C1F5E05DA52C9257816EACA90B820A86DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808E1555D407F3A47B47E47A68A0556CFDEC023768A70461FF1D6E6BC35F7158537CA4749B83F58C0F3B91C236E735A81EF544AAFE2B755387C35492A6FDD3C361904B9EE5BF998211C6D7F93153AF1AE75637CCBF891CA39FBB4CC28A8BA281ECBF01E186EFD2D6F35190EC5B5524972B8AB9F3F14486C731BF13DED59C356617DA94A5FBB0FEEC60E73455A0D302FFCCB207CCE7E19A34BCA3DCC087CA4693D9C7AF93690E3D5D539E689C9D5B39913FE67BD9709B3FA3BBE179056157AA67CE0E54A62BD2602600D8EA25BD5B71D8CE95BF406083E25CF70B9818AA657F783C29E3E7C1A76B7BFA2BD3BADD286F756690B97DDD051772A1B8FFDAF3A416C47008E3CEF7F68DB5B597A63B118E009F09B397C35417AE8803EB7469EDBB134D397D08E7ECA80FA35527C8EAFF2FAD56E63DB5F7838B9989A1E0780889B17264651B6633DDD3C436074B292BE36FC8379689D63E4990546D7C38436EF9054BCD134C3CD141F098603E8BEACCD3902604E15DD8A8D4C45D6277BEB552FD03E143A0FB2C4C0774BBDD89EF3FB9E571BDBBA192E3ED9BCD6528F54AA2D6FFA1FEFDCF1EDA053535903B1C8DE03476DCB0A2667D4CA84D90C67A9A367F5B2AEB5B4A6B196A0B0A67D94F05BBA2AB15F0CA087B74C601B98276623007846CA8F32ED99690268126678D50D12FA3C9913C87E6A85C41382EE65443C47E79DDF48BD484C74B77D040BFACD11E9C26813F360A26F8E1FDB6FD970194B9977DBEE056F966AF3744967932F271D26EDC203EF2830CBD673176DD86A223AD99AC746F5D6CDAE4EA91C70012DB0644C8942A3F9E76F47258905DBEE68C084B0F58A8BCF7508EE2B7A27285985DD2EA656438289DA4C3D05624A6C24F2FABB8A68B0B4CAC1838FF940016B27BAC5D543C9838018B2569F45B06F270488F686177FAB0EA4A5A18CE807236BF5C3A149740EA7D52591427179D9DFE51E98829CCA80D1379D7EE8F1EE10ED2DD70CD18ED0803689B211674BF8F7ED570689904CDD615C25791E8263C5CEA287E372D93AB1B21C7AC73CC1D9DD5A4BFE543233F7CBCDE79D814C3D16E9EDE72933C95EF8366926D96E92F05C070313B224E1A591D5A5773E83C18B569AC7499362D9AC88BE9F8A2F368ABA299A29409E9458C225007C6EF5CDAC0180606DB21894DCB2BE7381DE52B0890426FB38324049CB0DCE911A9709B7AF5988022377636F0202013E719F72F5EC5BD059CBAFEA6AE32941187A1F0E96DF72F10D62CE701BECD34CCB04AB902084ED3920"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\SCARDSVR.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\OODAG.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
.
**************************************************************************
.
Celkový čas: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 17:40

Před spuštěním: Volných bajtů: 90 556 497 920
Po spuštění: Volných bajtů: 90 465 665 024

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\ = "Nezn mě operaźnˇ syst‚m na jednotce C:"

492 --- E O F --- 2009-03-23 18:02

[jaro3]

Toto otestuj na Virustotal
c:\windows\dwin6988.dat
Vlož sem pak odkaz výsledku.

[Kamínek]

Soubor dwin6988.dat přijatý 2009.04.14 21:21:18 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.14 -
AhnLab-V3 5.0.0.2 2009.04.14 -
AntiVir 7.9.0.143 2009.04.14 -
Antiy-AVL 2.0.3.1 2009.04.14 -
Authentium 5.1.2.4 2009.04.14 -
Avast 4.8.1335.0 2009.04.14 -
AVG 8.5.0.285 2009.04.14 -
BitDefender 7.2 2009.04.14 -
CAT-QuickHeal 10.00 2009.04.14 -
ClamAV 0.94.1 2009.04.14 -
Comodo 1113 2009.04.14 -
DrWeb 4.44.0.09170 2009.04.14 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.14 -
F-Secure 8.0.14470.0 2009.04.14 -
Fortinet 3.117.0.0 2009.04.14 -
GData 19 2009.04.14 -
Ikarus T3.1.1.49.0 2009.04.14 -
K7AntiVirus 7.10.703 2009.04.14 -
Kaspersky 7.0.0.125 2009.04.14 -
McAfee 5584 2009.04.14 -
McAfee+Artemis 5584 2009.04.14 -
McAfee-GW-Edition 6.7.6 2009.04.14 -
Microsoft 1.4502 2009.04.14 -
NOD32 4007 2009.04.14 -
Norman 6.00.06 2009.04.14 -
nProtect 2009.1.8.0 2009.04.14 -
Panda 10.0.0.14 2009.04.14 -
PCTools 4.4.2.0 2009.04.14 -
Prevx1 V2 2009.04.14 -
Rising 21.25.14.00 2009.04.14 -
Sophos 4.40.0 2009.04.14 -
Sunbelt 3.2.1858.2 2009.04.14 -
Symantec 1.4.4.12 2009.04.14 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.14 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.14.1692 2009.04.14 -
VirusBuster 4.6.5.0 2009.04.14 -
Rozšiřující informace
File size: 45 bytes
MD5...: 0b3b67abe3af3386328bafcbc7f3a398
SHA1..: bde11e7d5808e42602bef33df64eefda54b36111
SHA256: b8d5c6734c79a90ea149b0b09bdca9f8aea8708134d8c3787253509a53ed5fbb
SHA512: 297fb23c878c202b65724efe88de460af3e2fe8eac40a1c29a6647ddc168cb46
3b64700aedb3fa3284d3b1e814a4a7f45142e4d9172a756597f6100fce7f1585
ssdeep: 3:tQPXrCQCPNyn:tcC3y
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-

[Kamínek]

Soubor dwin6988.dat přijatý 2009.04.14 21:21:18 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)

Rozšiřující informace
File size: 45 bytes
MD5...: 0b3b67abe3af3386328bafcbc7f3a398
SHA1..: bde11e7d5808e42602bef33df64eefda54b36111
SHA256: b8d5c6734c79a90ea149b0b09bdca9f8aea8708134d8c3787253509a53ed5fbb
SHA512: 297fb23c878c202b65724efe88de460af3e2fe8eac40a1c29a6647ddc168cb46
3b64700aedb3fa3284d3b1e814a4a7f45142e4d9172a756597f6100fce7f1585
ssdeep: 3:tQPXrCQCPNyn:tcC3y
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\bnetunin.exe
c:\windows\iun6002.exe
c:\windows\diabswun.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Kamínek]

Combofix:

ComboFix 09-04-15.08 - HUBKA 15.04.2009 9:25.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.232 [GMT 2:00]
Spuštěný z: c:\documents and settings\HUBKA\WINDOWS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HUBKA\WINDOWS\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\bnetunin.exe
c:\windows\diabswun.exe
c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bnetunin.exe
c:\windows\diabswun.exe
c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 06:13 . 2009-04-15 06:13 -------- d-----w c:\windows\LastGood
2009-04-14 19:14 . 2009-04-14 19:14 190904 ---h--w C:\treeinfo.wc
2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Malwarebytes
2009-04-14 16:48 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 16:48 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:48 . 2009-04-14 16:48 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-14 07:39 . 2009-04-14 07:39 -------- d-----w c:\program files\Trend Micro
2009-04-10 16:39 . 2009-04-10 16:39 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Media Player Classic
2009-04-10 16:25 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-10 16:25 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-10 16:25 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-10 16:25 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-10 16:25 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-10 16:25 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-10 16:25 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-10 16:25 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-10 16:25 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-10 16:25 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-10 16:25 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-10 16:25 . 2009-04-10 16:25 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-07 07:34 . 2009-04-07 07:34 -------- d-----w c:\program files\MOBILedit!
2009-04-06 19:13 . 2009-04-06 19:13 -------- d-----w c:\program files\AC3Filter
2009-04-01 12:03 . 2009-04-01 12:03 -------- d-----w C:\TiskProRadost
2009-03-24 08:24 . 2009-03-24 08:24 -------- d-----w c:\program files\Album Maker
2009-03-24 08:17 . 2009-03-24 08:17 -------- d-sh--r C:\sys
2009-03-24 08:16 . 2009-03-24 08:16 -------- d-----w c:\program files\Magic Photo Editor
2009-03-23 16:09 . 2009-03-23 16:09 45 ---h--w c:\windows\dwin6988.dat
2009-03-20 14:33 . 2009-03-20 14:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Data aplikací\O&O
2009-03-19 15:46 . 2009-04-15 06:09 54911 ----a-w c:\windows\system32\oodbs.lor
2009-03-19 10:18 . 2009-03-19 10:18 0 ----a-w c:\windows\oodcnt.INI
2009-03-19 10:18 . 2009-03-19 10:18 -------- d-----w c:\windows\system32\oodag
2009-03-19 08:15 . 2009-03-19 08:15 -------- d-----w c:\documents and settings\HUBKA\Local Settings\Data aplikací\O&O
2009-03-19 08:14 . 2009-03-19 08:14 -------- d-----w c:\program files\OO Software
2009-03-19 06:47 . 2009-03-19 06:47 -------- d-----w c:\program files\QuickTime
2009-03-19 06:46 . 2009-03-19 06:47 -------- d-----w c:\program files\Apple Software Update
2009-03-18 13:06 . 2009-03-18 13:06 -------- d-----w c:\program files\CCleaner
2009-03-18 08:36 . 2009-03-24 08:24 10127591 ----a-w c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 08:32 . 2002-09-23 10:00 75262 ----a-w c:\windows\system32\perfc005.dat
2009-03-18 08:32 . 2002-09-23 10:00 403046 ----a-w c:\windows\system32\perfh005.dat
2009-03-12 15:57 . 2009-03-12 15:57 -------- d--h--w c:\documents and settings\All Users\Data aplikací\CanonIJScan
2009-03-12 15:56 . 2009-03-12 15:56 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Canon
2009-03-11 16:22 . 2009-03-11 16:22 -------- d-----w c:\program files\ICQ6Toolbar
2009-03-11 16:21 . 2009-03-11 16:21 -------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-11 16:15 . 2009-03-11 16:15 -------- d-----w c:\program files\ICQ6.5
2009-03-01 15:38 . 2009-03-01 15:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\VirtualFarm
2009-03-01 14:36 . 2009-03-01 14:36 -------- d-----w c:\program files\Robomoucha
2009-03-01 13:42 . 2009-03-01 13:42 -------- d-----w c:\program files\ABC
2009-02-19 10:03 . 2009-02-19 10:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 10:03 . 2009-02-19 10:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 09:31 . 2009-02-19 09:31 9844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 09:31 . 2009-02-19 09:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 09:31 . 2009-02-19 09:31 1611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-19 09:31 . 2009-02-19 09:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 09:31 . 2009-02-19 09:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 09:31 . 2009-02-19 09:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 09:31 . 2009-02-19 09:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 09:31 . 2009-02-19 09:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 09:31 . 2009-02-19 09:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 09:31 . 2009-02-19 09:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 08:33 . 2009-02-19 08:33 4632168 ----a-w c:\program files\SweetImSetup.exe
2009-02-18 16:37 . 2009-02-18 16:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-18 16:37 . 2009-02-18 16:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-18 16:33 . 2009-02-18 16:33 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-02-18 16:33 . 2008-11-05 07:23 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-02-18 16:33 . 2008-11-05 07:23 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-02-18 12:07 . 2009-02-18 12:07 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\Alawar
2009-02-18 12:07 . 2009-02-18 12:07 -------- d-----w c:\program files\Katčin Rybí krámek
2009-02-14 13:03 . 2009-02-14 13:03 -------- d-----w c:\documents and settings\HUBKA\Data aplikací\ArcSoft
2009-02-09 13:19 . 2008-10-24 18:13 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:19 . 2008-10-24 18:13 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-08 14:15 . 2008-12-21 15:43 140471 ----a-w C:\pokus.txt
2009-02-03 08:03 . 2007-06-16 15:42 47360 ----a-w c:\documents and settings\HUBKA\Data aplikací\pcouffin.sys
2009-01-16 19:30 . 2006-05-19 15:10 3594752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 14:49 . 2009-01-04 14:49 81920 ----a-w c:\documents and settings\HUBKA\Data aplikací\ezpinst.exe
2008-09-25 14:49 . 2004-12-03 20:57 92080 ----a-w c:\documents and settings\HUBKA\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2007-06-23 17:33 . 2007-06-23 17:33 125 ----a-w c:\documents and settings\HUBKA\Local Settings\Data aplikací\fusioncache.dat
2004-12-13 20:05 . 2004-12-13 19:59 1234 ----a-w c:\program files\GPRSpeed Plus Client setup.log
2004-03-11 11:27 . 2004-12-29 19:50 40960 ----a-w c:\program files\Uninstall_CDS.exe
2007-08-24 18:2008-02-20 14:36 52:00 . c:\program files\mozilla firefox\components\coFFPlgn.dll
.

------- Sigcheck -------

[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\system32\svchost.exe
[-] 2004-08-17 13:49 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe

[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\system32\ws2_32.dll
[-] 2004-08-17 13:49 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\system32\winlogon.exe
[-] 2004-08-17 13:49 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys

[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ip6fw.sys

[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\system32\services.exe
[-] 2004-08-17 13:49 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\services.exe
[-] 2009-02-09 09:54 111104 33081FED75032291EE0E008D5385E86F c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2QFE\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3GDR\services.exe
[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP3QFE\services.exe
[-] 2009-02-09 10:11 111104 4F9F7B567970B524F31D9970A23F7C24 c:\windows\SoftwareDistribution\Download\3600e56e45ad54d0df91c2e4c0249f5a\SP2GDR\services.exe

[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\system32\lsass.exe
[-] 2004-08-17 13:49 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\system32\ctfmon.exe
[-] 2004-08-17 13:49 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ctfmon.exe

[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\system32\userinit.exe
[-] 2004-08-17 13:49 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe

[-] 2004-08-17 13:49 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\system32\termsrv.dll
[-] 2004-08-17 13:49 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\termsrv.dll

[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\system32\powrprof.dll
[-] 2004-08-17 13:49 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\powrprof.dll

[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\system32\imm32.dll
[-] 2004-08-17 13:49 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-14_17.36.07 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-31 243064]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 FlyPCI;FlyPCI;c:\progra~1\FLY200~1\FlyPCI.sys [2003-10-10 4134]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-18 13224]
R3 GT680xNT;USB Scanner Driver; [x]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-06-23 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-06-23 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-06-23 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-06-23 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-06-23 83344]
S0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2006-10-02 30808]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-17 101936]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2003-07-18 24608]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST
.
Obsah adresáře 'Naplánované úlohy'

2009-04-06 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - HUBKA.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2007-08-26 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HUBKA\Data aplikací\Mozilla\Firefox\Profiles\qdaiptsp.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 09:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="78D8777ABE18292A243AC7DA27BD1B1C1F5E05DA52C9257816EACA90B820A86DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808E1555D407F3A47B47E47A68A0556CFDEC023768A70461FF1D6E6BC35F7158537CA4749B83F58C0F3B91C236E735A81EF544AAFE2B755387C35492A6FDD3C361904B9EE5BF998211C6D7F93153AF1AE75637CCBF891CA39FBB4CC28A8BA281ECBF01E186EFD2D6F35190EC5B5524972B8AB9F3F14486C731BF13DED59C356617DA94A5FBB0FEEC60E73455A0D302FFCCB207CCE7E19A34BCA3DCC087CA4693D9C7AF93690E3D5D539E689C9D5B39913FE67BD9709B3FA3BBE179056157AA67CE0E54A62BD2602600D8EA25BD5B71D8CE95BF406083E25CF70B9818AA657F783C29E3E7C1A76B7BFA2BD3BADD286F756690B97DDD051772A1B8FFDAF3A416C47008E3CEF7F68DB5B597A63B118E009F09B397C35417AE8803EB7469EDBB134D397D08E7ECA80FA35527C8EAFF2FAD56E63DB5F7838B9989A1E0780889B17264651B6633DDD3C436074B292BE36FC8379689D63E4990546D7C38436EF9054BCD134C3CD141F098603E8BEACCD3902604E15DD8A8D4C45D6277BEB552FD03E143A0FB2C4C0774BBDD89EF3FB9E571BDBBA192E3ED9BCD6528F54AA2D6FFA1FEFDCF1EDA053535903B1C8DE03476DCB0A2667D4CA84D90C67A9A367F5B2AEB5B4A6B196A0B0A67D94F05BBA2AB15F0CA087B74C601B98276623007846CA8F32ED99690268126678D50D12FA3C9913C87E6A85C41382EE65443C47E79DDF48BD484C74B77D040BFACD11E9C26813F360A26F8E1FDB6FD970194B9977DBEE056F966AF3744967932F271D26EDC203EF2830CBD673176DD86A223AD99AC746F5D6CDAE4EA91C70012DB0644C8942A3F9E76F47258905DBEE68C084B0F58A8BCF7508EE2B7A27285985DD2EA656438289DA4C3D05624A6C24F2FABB8A68B0B4CAC1838FF940016B27BAC5D543C9838018B2569F45B06F270488F686177FAB0EA4A5A18CE807236BF5C3A149740EA7D52591427179D9DFE51E98829CCA80D1379D7EE8F1EE10ED2DD70CD18ED0803689B211674BF8F7ED570689904CDD615C25791E8263C5CEA287E372D93AB1B21C7AC73CC1D9DD5A4BFE543233F7CBCDE79D814C3D16E9EDE72933C95EF8366926D96E92F05C070313B224E1A591D5A5773E83C18B569AC7499362D9AC88BE9F8A2F368ABA299A29409E9458C225007C6EF5CDAC0180606DB21894DCB2BE7381DE52B0890426FB38324049CB0DCE911A9709B7AF5988022377636F0202013E719F72F5EC5BD059CBAFEA6AE32941187A1F0E96DF72F10D62CE701BECD34CCB04AB902084ED3920"
.
Celkový čas: 2009-04-15 9:30
ComboFix-quarantined-files.txt 2009-04-15 07:30
ComboFix2.txt 2009-04-14 17:40

Před spuštěním: Volných bajtů: 91 038 941 184
Po spuštění: Volných bajtů: 91 025 080 320

249 --- E O F --- 2009-03-23 18:02


HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:29, on 15.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\cs-cz\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7060 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.