Prosím o kontrolu logu HiJackThis Vyřešeno

[Stene]

Prutce se mi zbrzdil počítač, načítání souborů, webu->prostě všecho.. Prosím o pomoc! Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:03, on 18.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Messenger\msmsgs.exe
C:\apache2triad\bin\httpd.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\apache2triad\mail\bin\XMail.exe
D:\Program Files\QIP\qip.exe
C:\apache2triad\bin\httpd.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1123561945-746137067-839522115-1008\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'apache2triad')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinMysqlAdmin.lnk = D:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: fcn32.dll
O10 - Unknown file in Winsock LSP: fcn32.dll
O10 - Unknown file in Winsock LSP: fcn32.dll
O10 - Unknown file in Winsock LSP: fcn32.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\TN4D04~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\xampp\service.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 9299 bytes

[Reklama]

[Stene]

nikdo nic?

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - AppInit_DLLs:


1) Klikni na následující odkaz pro stažení LSPFix na vaší pracovní ploše.
http://www.cexx.org/LSPFix.exe

nebo
http://www.cexx.org/lspfix.htm

2) Poté, co se exe soubor na ploše ukáže, poklikej na něj.
3) V levém sloupci se objeví soubor fcn32.dll. Kliknutím na něj se odkaz zvýrazní, potom klikni na šipku uprostřed obrazovky, který ukazuje na pravé .
Tím se přesune soubor do správného sloupce označeném Odebrat (Remove)

POZNÁMKA: Pokud je šipka je šedá a neumožňuje, abys kliknul, je potřeba zaškrtnout políčko nad označený "Já vím, co mám dělat" (I know what..)

4) Poté, co byl soubor převeden na Odstranit( remove) sloupce, klepněte na tlačítko Dokončit( Finnish) v dolní části obrazovky. Budeš informován na obrazovce že soubor byl odstraněn z Winsock záznamu v registru.Potom zavři LSPFix program .

5) Spusť Hijackthis a vstup pro tento soubor by měl být nyní pryč ze seznamu.
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Stene]

Tak tady je log...

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2009
Windows 5.1.2600 Service Pack 2

19.4.2009 18:29:03
mbam-log-2009-04-19 (18-28-52).txt

Typ skenu: Rychlý sken
Objektu skenováno: 86447
Uplynulý cas: 7 minute(s), 22 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
D:\WINDOWS\system32\raz.dll (Spyware.Passwords) -> No action taken.
D:\Documents and Settings\Štěně\Plocha\WoWEmuHacker5.exe (Trojan.Agent) -> No action taken.
D:\WINDOWS\system32\alog.txt (Stolen.Data) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Stene]

Combofix.txt



ComboFix 09-04-19.05 - Štěně 19.04.2009 19:04.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.647 [GMT 2:00]
Spuštěný z: d:\documents and settings\Štěně\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 081112-0] *On-access scanning disabled* (Outdated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Štěně\Data aplikací\Microsoft\SystemCertificates\Request

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Malwarebytes
2009-04-19 16:20 . 2009-04-06 13:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-04-19 16:20 . 2009-04-06 13:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-17 19:08 . 2009-04-17 19:08 -------- d-----w d:\documents and settings\All Users\Data aplikací\MySQL
2009-04-17 18:07 . 2002-03-25 16:44 722192 ----a-w d:\windows\system32\VB40032.DLL
2009-04-17 18:07 . 2002-03-25 16:44 60416 ----a-w d:\windows\ST4UNST.EXE
2009-04-17 07:56 . 2008-07-11 00:28 50200 ----a-w d:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:36 . 2009-04-16 20:36 -------- d-----w d:\documents and settings\Štěně\Data aplikací\TortoiseSVN
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Subversion
2009-04-15 18:46 . 2009-04-15 18:46 -------- d-----w d:\documents and settings\Štěně\Data aplikací\SQLyog
2009-04-12 13:15 . 2007-05-17 15:30 318976 ----a-w d:\windows\system32\avisynth.dll
2009-04-12 13:15 . 2004-02-22 08:11 719872 ----a-w d:\windows\system32\devil.dll
2009-04-12 13:15 . 2005-07-14 10:31 27648 ----a-w d:\windows\system32\AVSredirect.dll
2009-04-12 13:15 . 2004-01-24 22:00 70656 ----a-w d:\windows\system32\yv12vfw.dll
2009-04-12 13:15 . 2004-01-24 22:00 70656 ----a-w d:\windows\system32\i420vfw.dll
2009-04-12 13:15 . 2005-02-12 23:00 67584 --sh--r d:\windows\system32\RLTheoraDec.ax
2009-04-12 13:15 . 2005-02-12 23:00 51712 --sh--r d:\windows\system32\RLSpeexDec.ax
2009-04-12 13:15 . 2005-02-12 23:00 186880 --sh--r d:\windows\system32\RLOgg.ax
2009-04-12 13:15 . 2005-02-05 23:00 92672 --sh--r d:\windows\system32\RLVorbisDec.ax
2009-04-12 13:14 . 2006-08-16 14:53 175104 --sh--r d:\windows\system32\CoreAAC.ax
2009-04-12 13:14 . 2005-02-22 16:55 81920 --sh--r d:\windows\system32\aac_parser.ax
2009-04-12 13:14 . 2005-01-17 23:26 179200 --sh--r d:\windows\system32\DiracSplitter.ax
2009-04-10 21:26 . 2009-04-10 21:26 13160262 ----a-w D:\oka.rar
2009-04-10 21:22 . 2009-04-11 11:05 6117888 ----a-w D:\Rosťa Kittler1.ppt
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-21 20:36 . 2009-03-21 20:36 -------- d-----w d:\documents and settings\All Users\Data aplikací\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 17:03 . 2008-11-22 16:32 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Free Download Manager
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-04-18 21:03 . 2008-12-11 19:52 -------- d-----w d:\program files\Microsoft SQL Server
2009-04-18 21:02 . 2008-12-11 19:49 -------- d-----w d:\program files\Microsoft.NET
2009-04-18 21:01 . 2001-10-25 14:00 78694 ----a-w d:\windows\system32\perfc005.dat
2009-04-18 21:01 . 2001-10-25 14:00 431648 ----a-w d:\windows\system32\perfh005.dat
2009-04-17 19:08 . 2009-04-17 18:18 -------- d-----w d:\program files\MySQL
2009-04-17 08:54 . 2008-11-22 13:18 -------- d-----w d:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-17 08:48 . 2009-04-17 08:48 -------- d-----w d:\program files\Microsoft Visual Studio .NET 2003
2009-04-17 07:52 . 2009-04-17 07:52 -------- d-----w d:\program files\MSXML 6.0
2009-04-17 07:46 . 2009-04-17 07:44 -------- d-----w d:\program files\Microsoft Visual Studio 9.0
2009-04-17 07:45 . 2009-04-17 07:44 -------- d-----w d:\program files\Common Files\Merge Modules
2009-04-17 07:44 . 2009-04-17 07:44 -------- d-----w d:\program files\Reference Assemblies
2009-04-17 07:42 . 2009-04-17 07:42 -------- d-----w d:\program files\Microsoft SDKs
2009-04-16 21:02 . 2009-04-16 21:02 -------- d-----w d:\program files\Microsoft Silverlight
2009-04-16 20:56 . 2008-11-21 19:31 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-16 20:23 . 2009-04-16 20:23 -------- d-----w d:\program files\TortoiseSVN
2009-04-16 20:23 . 2008-12-12 15:05 -------- d-----w d:\program files\Common Files\TortoiseOverlays
2009-04-16 09:23 . 2009-02-21 15:59 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Skype
2009-04-16 08:33 . 2009-02-21 16:00 -------- d-----w d:\documents and settings\Štěně\Data aplikací\skypePM
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-13 09:49 . 2009-04-13 09:49 -------- d-----w d:\program files\AIDA32 - Enterprise System Information
2009-04-12 13:15 . 2009-04-12 13:15 -------- d-----w d:\program files\AviSynth 2.5
2009-03-22 20:24 . 2009-01-29 21:30 -------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 20:27 . 2009-03-17 11:29 -------- d-----w d:\program files\SpywareBlaster
2009-03-17 11:22 . 2009-03-17 11:22 -------- d-----w d:\program files\CCleaner
2009-03-17 11:12 . 2009-03-17 11:11 -------- d-----w d:\program files\Unlocker
2009-03-17 10:54 . 2009-03-16 10:31 -------- d-----w d:\program files\GalleryWorker_CZ
2009-03-16 09:35 . 2009-03-16 09:35 -------- d-----w d:\documents and settings\Štěně\Data aplikací\LangSoft
2009-03-16 09:35 . 2009-03-16 09:35 -------- d-----w d:\documents and settings\All Users\Data aplikací\LangSoft
2009-03-13 08:42 . 2008-11-21 18:24 -------- d--h--w d:\program files\InstallShield Installation Information
2009-03-13 08:40 . 2009-01-30 08:44 -------- d-----w d:\program files\Pinnacle
2009-03-11 15:12 . 2009-03-11 15:12 -------- d-----w d:\program files\Common Files\Adobe AIR
2009-03-10 14:58 . 2009-03-10 14:58 -------- d-----w d:\program files\Ventrilo
2009-02-28 13:36 . 2009-02-28 13:36 -------- d-----w d:\program files\Serif
2009-02-28 13:16 . 2009-02-28 13:12 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Alchemy Mindworks
2009-02-28 13:15 . 2008-12-03 14:07 -------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-02-28 13:12 . 2009-02-28 13:12 -------- d-----w d:\program files\Alchemy Mindworks
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----r d:\program files\Skype
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----w d:\program files\Common Files\Skype
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----w d:\documents and settings\All Users\Data aplikací\Skype
2009-02-19 19:35 . 2008-12-17 17:11 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Hamachi
2009-02-11 14:37 . 2009-02-11 14:37 249592 ----a-w d:\windows\system32\cssdll32.dll
2009-01-30 16:13 . 2009-01-30 16:13 40960 ----a-w d:\windows\system32\ipv6sc.dll
2008-12-11 10:05 . 2008-12-11 10:05 158528 ----a-w d:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-20 23:43 1526296 ----a-w d:\program files\TorrentMan\tbTorr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "d:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "d:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-07-24 490952]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="d:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="d:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-03-24 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\ćtŘnŘ\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Bit Lord 1.1\\BitLord.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"d:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.ICD"=
"d:\\Program Files\\Altap Salamander 2.5\\salamand.exe"=
"c:\\PseuWoW_13.52\\PseuWoW.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\xampp\\apache\\bin\\apache.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\WINDOWS\\system32\\userinit.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NvMixer\\NvMixerTray.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\wotlk\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\wotlk\\Launcher.exe"=
"c:\\Program Files\\Crusader\\Stronghold Crusader Multiplayer Demo\\Stronghold Crusader multiplayer demo.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 PHPGeekUtil;PHPGeekUtil; [x]
R2 XAMPP;XAMPP Service;d:\xampp\service.exe [2007-12-21 60928]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2009-04-16 17408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2009-04-16 75207]
R3 UnlockerDriver4;UnlockerDriver4 Driver;d:\program files\Unlocker\UnlockerDriver4.sys [2005-04-24 3584]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
S2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [2009-04-16 54272]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2009-04-16 339968]
S3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - d:\documents and settings\Štěně\Data aplikací\Mozilla\Firefox\Profiles\agqhneo1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - seznam.cz

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 19:05
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9a,d2,af,bd,fe,
d8,5f,7d,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,99,f0,51,a3,d3,
ea,d2,ca,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,3e,c6,4d,a0,df,
d2,42,2b,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,35,7e,aa,8b,
98,3d,e2,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ca,30,ee,a9,9c,
e5,73,ce,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,fc,4c,64,94,c7,
19,62,18,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3f,1e,0a,dd,85,
aa,0f,34,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,25,be,a9,e7,22,
d0,84,56,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,e6,69,34,3d,18,
e6,c1,26,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,94,82,2b,a7,06,
c6,6c,d3,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,40,3f,cc,13,c8,
ff,8a,bc,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e9,87,d6,8b,46,
86,4c,c6,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2716)
d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseHg\tortoisehg.dll
c:\program files\TortoiseHg\PYTHON25.DLL
c:\program files\TortoiseHg\win32api.pyd
c:\program files\TortoiseHg\pywintypes25.dll
c:\program files\TortoiseHg\pythoncom25.dll
c:\program files\TortoiseHg\win32trace.pyd
c:\program files\TortoiseHg\win32file.pyd
c:\program files\TortoiseHg\win32process.pyd
c:\program files\TortoiseHg\shell.pyd
c:\program files\TortoiseHg\win32event.pyd
c:\program files\TortoiseHg\win32ui.pyd
c:\program files\TortoiseHg\win32gui.pyd
c:\program files\TortoiseHg\bz2.pyd
c:\program files\TortoiseHg\_hashlib.pyd
c:\program files\TortoiseHg\_socket.pyd
c:\program files\TortoiseHg\_ssl.pyd
c:\program files\TortoiseHg\win32net.pyd
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
d:\windows\system32\msi.dll
.
Celkový čas: 2009-04-19 19:06
ComboFix-quarantined-files.txt 2009-04-19 17:06

Před spuštěním: 3 827 650 560
Po spuštění: 3 817 803 776

329 --- E O F --- 2009-01-02 14:40

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
d:\windows\system32\ipv6sc.dll

Registry::
[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

toto asi znáš:
D:\Rosťa Kittler1.ppt ?

[Stene]

Jo, znám to no.. CO je s tím? :(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:23, on 19.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\apache2triad\bin\httpd.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\apache2triad\bin\httpd.exe
C:\apache2triad\mail\bin\XMail.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1123561945-746137067-839522115-1008\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'apache2triad')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinMysqlAdmin.lnk = D:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\TN4D04~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\xampp\service.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 8606 bytes




Combofix-->

ComboFix 09-04-19.05 - Štěně 19.04.2009 19:39.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.646 [GMT 2:00]
Spuštěný z: d:\documents and settings\Štěně\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Štěně\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1282 [VPS 081112-0] *On-access scanning disabled* (Outdated)
* Vytvořen nový Bod Obnovení

FILE ::
d:\windows\system32\ipv6sc.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\ipv6sc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Malwarebytes
2009-04-19 16:20 . 2009-04-06 13:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-04-19 16:20 . 2009-04-06 13:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-17 19:08 . 2009-04-17 19:08 -------- d-----w d:\documents and settings\All Users\Data aplikací\MySQL
2009-04-17 18:07 . 2002-03-25 16:44 722192 ----a-w d:\windows\system32\VB40032.DLL
2009-04-17 18:07 . 2002-03-25 16:44 60416 ----a-w d:\windows\ST4UNST.EXE
2009-04-17 07:56 . 2008-07-11 00:28 50200 ----a-w d:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:53 . 2009-04-19 16:59 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\TSVNCache
2009-04-16 20:36 . 2009-04-16 20:36 -------- d-----w d:\documents and settings\Štěně\Data aplikací\TortoiseSVN
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Subversion
2009-04-15 18:46 . 2009-04-15 18:46 -------- d-----w d:\documents and settings\Štěně\Data aplikací\SQLyog
2009-04-12 13:15 . 2007-05-17 15:30 318976 ----a-w d:\windows\system32\avisynth.dll
2009-04-12 13:15 . 2004-02-22 08:11 719872 ----a-w d:\windows\system32\devil.dll
2009-04-12 13:15 . 2005-07-14 10:31 27648 ----a-w d:\windows\system32\AVSredirect.dll
2009-04-12 13:15 . 2004-01-24 22:00 70656 ----a-w d:\windows\system32\yv12vfw.dll
2009-04-12 13:15 . 2004-01-24 22:00 70656 ----a-w d:\windows\system32\i420vfw.dll
2009-04-12 13:15 . 2005-02-12 23:00 67584 --sh--r d:\windows\system32\RLTheoraDec.ax
2009-04-12 13:15 . 2005-02-12 23:00 51712 --sh--r d:\windows\system32\RLSpeexDec.ax
2009-04-12 13:15 . 2005-02-12 23:00 186880 --sh--r d:\windows\system32\RLOgg.ax
2009-04-12 13:15 . 2005-02-05 23:00 92672 --sh--r d:\windows\system32\RLVorbisDec.ax
2009-04-12 13:14 . 2006-08-16 14:53 175104 --sh--r d:\windows\system32\CoreAAC.ax
2009-04-12 13:14 . 2005-02-22 16:55 81920 --sh--r d:\windows\system32\aac_parser.ax
2009-04-12 13:14 . 2005-01-17 23:26 179200 --sh--r d:\windows\system32\DiracSplitter.ax
2009-04-10 21:26 . 2009-04-10 21:26 13160262 ----a-w D:\oka.rar
2009-04-10 21:22 . 2009-04-11 11:05 6117888 ----a-w D:\Rosťa Kittler1.ppt
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-24 17:16 . 2009-03-24 17:16 -------- d-----w d:\documents and settings\Štěně\Local Settings\Data aplikací\Identities
2009-03-21 20:36 . 2009-03-21 20:36 -------- d-----w d:\documents and settings\All Users\Data aplikací\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 17:39 . 2008-11-22 16:32 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Free Download Manager
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-04-18 21:03 . 2008-12-11 19:52 -------- d-----w d:\program files\Microsoft SQL Server
2009-04-18 21:02 . 2008-12-11 19:49 -------- d-----w d:\program files\Microsoft.NET
2009-04-18 21:01 . 2001-10-25 14:00 78694 ----a-w d:\windows\system32\perfc005.dat
2009-04-18 21:01 . 2001-10-25 14:00 431648 ----a-w d:\windows\system32\perfh005.dat
2009-04-17 19:08 . 2009-04-17 18:18 -------- d-----w d:\program files\MySQL
2009-04-17 08:54 . 2008-11-22 13:18 -------- d-----w d:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-17 08:48 . 2009-04-17 08:48 -------- d-----w d:\program files\Microsoft Visual Studio .NET 2003
2009-04-17 07:52 . 2009-04-17 07:52 -------- d-----w d:\program files\MSXML 6.0
2009-04-17 07:46 . 2009-04-17 07:44 -------- d-----w d:\program files\Microsoft Visual Studio 9.0
2009-04-17 07:45 . 2009-04-17 07:44 -------- d-----w d:\program files\Common Files\Merge Modules
2009-04-17 07:44 . 2009-04-17 07:44 -------- d-----w d:\program files\Reference Assemblies
2009-04-17 07:42 . 2009-04-17 07:42 -------- d-----w d:\program files\Microsoft SDKs
2009-04-16 21:02 . 2009-04-16 21:02 -------- d-----w d:\program files\Microsoft Silverlight
2009-04-16 20:56 . 2008-11-21 19:31 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-16 20:23 . 2009-04-16 20:23 -------- d-----w d:\program files\TortoiseSVN
2009-04-16 20:23 . 2008-12-12 15:05 -------- d-----w d:\program files\Common Files\TortoiseOverlays
2009-04-16 09:23 . 2009-02-21 15:59 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Skype
2009-04-16 08:33 . 2009-02-21 16:00 -------- d-----w d:\documents and settings\Štěně\Data aplikací\skypePM
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-14 09:53 . 2008-11-21 18:42 69616 ----a-w d:\documents and settings\Štěně\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-13 09:49 . 2009-04-13 09:49 -------- d-----w d:\program files\AIDA32 - Enterprise System Information
2009-04-12 13:15 . 2009-04-12 13:15 -------- d-----w d:\program files\AviSynth 2.5
2009-03-22 20:24 . 2009-01-29 21:30 -------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 20:27 . 2009-03-17 11:29 -------- d-----w d:\program files\SpywareBlaster
2009-03-17 11:22 . 2009-03-17 11:22 -------- d-----w d:\program files\CCleaner
2009-03-17 11:12 . 2009-03-17 11:11 -------- d-----w d:\program files\Unlocker
2009-03-17 10:54 . 2009-03-16 10:31 -------- d-----w d:\program files\GalleryWorker_CZ
2009-03-16 09:35 . 2009-03-16 09:35 -------- d-----w d:\documents and settings\Štěně\Data aplikací\LangSoft
2009-03-16 09:35 . 2009-03-16 09:35 -------- d-----w d:\documents and settings\All Users\Data aplikací\LangSoft
2009-03-13 08:42 . 2008-11-21 18:24 -------- d--h--w d:\program files\InstallShield Installation Information
2009-03-13 08:40 . 2009-01-30 08:44 -------- d-----w d:\program files\Pinnacle
2009-03-11 15:12 . 2009-03-11 15:12 -------- d-----w d:\program files\Common Files\Adobe AIR
2009-03-10 14:58 . 2009-03-10 14:58 -------- d-----w d:\program files\Ventrilo
2009-02-28 13:36 . 2009-02-28 13:36 -------- d-----w d:\program files\Serif
2009-02-28 13:16 . 2009-02-28 13:12 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Alchemy Mindworks
2009-02-28 13:15 . 2008-12-03 14:07 -------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-02-28 13:12 . 2009-02-28 13:12 -------- d-----w d:\program files\Alchemy Mindworks
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----r d:\program files\Skype
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----w d:\program files\Common Files\Skype
2009-02-21 15:58 . 2009-02-21 15:58 -------- d-----w d:\documents and settings\All Users\Data aplikací\Skype
2009-02-19 19:35 . 2008-12-17 17:11 -------- d-----w d:\documents and settings\Štěně\Data aplikací\Hamachi
2009-02-11 14:37 . 2009-02-11 14:37 249592 ----a-w d:\windows\system32\cssdll32.dll
2008-12-11 10:05 . 2008-12-11 10:05 158528 ----a-w d:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-07-24 490952]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="d:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="d:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-03-24 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\ćtŘnŘ\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Bit Lord 1.1\\BitLord.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"d:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.ICD"=
"d:\\Program Files\\Altap Salamander 2.5\\salamand.exe"=
"c:\\PseuWoW_13.52\\PseuWoW.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\xampp\\apache\\bin\\apache.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\WINDOWS\\system32\\userinit.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NvMixer\\NvMixerTray.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\wotlk\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\wotlk\\Launcher.exe"=
"c:\\Program Files\\Crusader\\Stronghold Crusader Multiplayer Demo\\Stronghold Crusader multiplayer demo.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 PHPGeekUtil;PHPGeekUtil; [x]
R2 XAMPP;XAMPP Service;d:\xampp\service.exe [2007-12-21 60928]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2009-04-16 17408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2009-04-16 75207]
R3 UnlockerDriver4;UnlockerDriver4 Driver;d:\program files\Unlocker\UnlockerDriver4.sys [2005-04-24 3584]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
S2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [2009-04-16 54272]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2009-04-16 339968]
S3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]

.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - d:\documents and settings\Štěně\Data aplikací\Mozilla\Firefox\Profiles\agqhneo1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - seznam.cz

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 19:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9a,d2,af,bd,fe,
d8,5f,7d,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,99,f0,51,a3,d3,
ea,d2,ca,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,3e,c6,4d,a0,df,
d2,42,2b,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,35,7e,aa,8b,
98,3d,e2,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ca,30,ee,a9,9c,
e5,73,ce,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,fc,4c,64,94,c7,
19,62,18,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3f,1e,0a,dd,85,
aa,0f,34,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,25,be,a9,e7,22,
d0,84,56,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,e6,69,34,3d,18,
e6,c1,26,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,94,82,2b,a7,06,
c6,6c,d3,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,40,3f,cc,13,c8,
ff,8a,bc,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e9,87,d6,8b,46,
86,4c,c6,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-04-19 19:42
ComboFix-quarantined-files.txt 2009-04-19 17:42
ComboFix2.txt 2009-04-19 17:06

Před spuštěním: 3 792 584 704
Po spuštění: 3 781 820 416

303 --- E O F --- 2009-01-02 14:40

[jaro3]

Ještě nový log z HJT.

[Stene]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:32, on 19.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\apache2triad\bin\httpd.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\apache2triad\bin\httpd.exe
C:\apache2triad\mail\bin\XMail.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1123561945-746137067-839522115-1008\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'apache2triad')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WinMysqlAdmin.lnk = D:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\TN4D04~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\xampp\service.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 8606 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Pokud nejsou problémy , je to vše.

[Stene]

Cituji

toto asi znáš:
D:\Rosťa Kittler1.ppt ?

Proč si se ptal??