Prosím o kontrolu logu Vyřešeno

[Witchi]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:04, on 6.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\365dníNET\365dniNET.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\lotus\org6\organize\EASYCLIP6.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dníNET\365dniNET.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2895.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6935209078
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c986973955c1f8) (gupdate1c986973955c1f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14196 bytes

[Reklama]

[Damned]

Odinstaluj si AskBar, ICQ6Toolbar.

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Witchi]

Tak snad jsem udělala dobře co jsi mi poradil tady je log:
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2382
Windows 5.1.2600 Service Pack 3

6.7.2009 20:39:01
mbam-log-2009-07-06 (20-39-01).txt

Typ skenu: Rychlý sken
Objektu skenováno: 95622
Uplynulý cas: 10 minute(s), 31 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

a radši ještě z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:39, on 6.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\365dníNET\365dniNET.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\lotus\org6\organize\EASYCLIP6.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dníNET\365dniNET.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2895.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6935209078
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c986973955c1f8) (gupdate1c986973955c1f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13212 bytes

[Damned]

Vypni rezidentní štít antiviru i antispyware (máš tam Spybot a Ad-Aware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Witchi]

ComboFix 09-07-05.04 - Owner 06.07.2009 21:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.514 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\Installer\2d21684.msi
c:\windows\Installer\eb6c20.msp
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-06 do 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 13:22 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-06 13:22 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-06 13:21 . 2009-07-06 13:21 -------- d-----w- c:\program files\iPod
2009-07-06 13:21 . 2009-07-06 13:22 -------- d-----w- c:\program files\iTunes
2009-07-06 13:20 . 2009-07-06 13:20 -------- d-----w- c:\program files\Bonjour
2009-07-06 13:13 . 2009-07-06 13:14 -------- d-----w- c:\program files\QuickTime
2009-06-18 08:43 . 2009-06-18 08:49 -------- d-----w- c:\program files\Common Files\Nero
2009-06-17 18:52 . 2009-06-17 18:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- C:\totalcmd
2009-06-17 14:10 . 2008-12-11 08:45 1469952 ----a-w- c:\temp\TSDNWIN.exe
2009-06-17 14:10 . 2009-03-09 12:13 2097152 ----a-w- c:\temp\autorun.bin
2009-06-11 17:36 . 2009-06-11 17:36 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-11 17:19 . 2009-06-11 17:19 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-11 17:11 . 2009-06-11 17:11 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-11 06:32 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 06:32 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 11:30 . 2009-06-08 11:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-07 15:39 . 2009-06-07 15:42 -------- d-----w- c:\program files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 20:03 . 2009-03-26 16:12 137460768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-06 18:35 . 2007-09-04 20:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-06 15:10 . 2009-03-26 16:12 1813292 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 15:10 . 2009-07-06 15:11 109056 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2009-07-06 15:08 . 2007-09-26 09:23 -------- d-----w- c:\program files\365dníNET
2009-07-06 13:33 . 2008-11-29 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 13:21 . 2007-12-04 07:23 -------- d-----w- c:\program files\Common Files\Apple
2009-07-05 18:14 . 2009-07-06 07:56 62976 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2009-07-05 13:08 . 2009-07-05 15:46 237568 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2009-07-02 19:48 . 2009-07-03 14:08 2543104 ----a-w- c:\windows\Internet Logs\xDB47.tmp
2009-07-02 16:11 . 2007-09-04 18:35 -------- d-----w- c:\program files\EA GAMES
2009-06-30 18:17 . 2009-07-01 14:11 100864 ----a-w- c:\windows\Internet Logs\xDB46.tmp
2009-06-28 18:56 . 2009-06-29 16:08 61440 ----a-w- c:\windows\Internet Logs\xDB45.tmp
2009-06-27 19:39 . 2009-06-28 14:39 2995200 ----a-w- c:\windows\Internet Logs\xDB44.tmp
2009-06-26 19:58 . 2009-06-27 06:26 263168 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-06-22 06:40 . 2007-09-04 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 20:23 . 2009-06-22 06:40 176640 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-06-20 20:16 . 2009-06-21 13:44 2981888 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-06-18 21:18 . 2009-06-19 16:08 122880 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-06-18 08:43 . 2007-09-04 18:22 -------- d-----w- c:\program files\Nero
2009-06-18 08:33 . 2007-09-04 18:22 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 08:32 . 2009-06-18 08:33 181760 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-06-17 20:05 . 2009-06-17 20:06 156672 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-06-17 18:53 . 2007-09-05 12:58 -------- d-----w- c:\program files\Electronic Arts
2009-06-17 14:16 . 2009-06-17 14:18 204288 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-06-17 09:27 . 2008-11-29 16:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-11-29 16:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 07:16 . 2007-09-05 07:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-16 22:22 . 2009-06-17 07:14 126976 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-06-14 20:35 . 2009-06-15 07:07 61952 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-06-13 19:00 . 2009-06-14 15:15 98304 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-06-11 21:34 . 2009-06-12 05:51 223232 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-06-11 17:41 . 2008-08-16 11:09 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 21:00 . 2009-06-11 06:18 92160 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-06-10 18:47 . 2009-06-10 18:48 2339328 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-06-10 18:47 . 2009-06-10 18:48 80384 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-10 09:23 . 2009-06-10 12:17 121856 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-06-09 06:53 . 2009-06-09 11:08 127488 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-08 10:17 . 2009-06-08 10:17 144577 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_06_08_12_09_59_small.dmp.zip
2009-06-07 14:35 . 2009-06-07 15:08 57344 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-06 06:42 . 2009-06-07 14:07 356352 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-01 09:54 . 2009-06-01 14:31 151040 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-05-29 19:19 . 2009-05-30 05:47 60416 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-05-29 14:27 . 2009-05-29 14:57 94208 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-05-28 19:56 . 2009-05-29 05:46 75264 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-05-28 17:43 . 2009-02-04 06:57 -------- d-----w- c:\program files\Google
2009-05-27 18:59 . 2009-05-28 12:25 61440 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-05-26 19:33 . 2009-05-27 17:05 56832 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-05-26 09:34 . 2009-05-26 16:31 110080 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 18:28 . 2009-05-25 18:07 59904 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-05-23 19:40 . 2009-05-24 15:26 99328 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-05-20 21:03 . 2009-05-21 14:50 2859520 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-05-19 19:38 . 2009-05-20 15:50 3006464 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-05-17 18:25 . 2009-05-18 16:52 87040 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-05-16 20:06 . 2009-05-17 14:51 2995712 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-05-15 05:54 . 2009-05-16 05:57 97792 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-05-13 17:35 . 2009-05-14 11:54 144896 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-05-13 05:05 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2007-09-04 19:44 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-10 18:23 . 2009-05-11 15:21 59904 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-05-08 20:20 . 2009-05-10 13:58 67072 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-05-08 13:14 . 2009-05-08 16:25 86528 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-05-07 18:13 . 2009-05-07 18:14 158720 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:11 . 2009-05-05 12:05 110080 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-05-03 20:31 . 2009-05-04 15:10 2237440 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-05-02 18:49 . 2009-05-03 14:53 65536 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-01 19:11 . 2009-05-02 10:45 95232 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-04-30 15:30 . 2006-03-02 12:00 93418 ----a-w- c:\windows\system32\perfc005.dat
2009-04-30 15:30 . 2006-03-02 12:00 464256 ----a-w- c:\windows\system32\perfh005.dat
2009-04-29 19:20 . 2009-04-30 15:24 407552 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-29 07:29 . 2009-04-29 06:48 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-29 07:29 . 2009-04-29 06:48 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 06:14 . 2009-04-29 06:15 68608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-04-28 19:29 . 2009-04-29 05:30 65536 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-04-27 18:03 . 2009-04-28 12:42 61952 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-04-26 20:05 . 2009-04-27 12:38 93184 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-04-23 20:48 . 2009-04-24 12:25 74752 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-04-21 19:29 . 2009-04-23 15:36 59392 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-04-20 18:39 . 2009-04-21 16:01 63488 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 19:46 . 2009-04-20 12:12 61952 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-04-18 20:00 . 2009-04-19 14:47 213504 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-04-15 19:21 . 2009-04-16 12:17 50688 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-04-15 18:23 . 2009-04-15 18:24 74752 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 17:18 . 2009-04-15 17:10 56320 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-04-13 19:45 . 2009-04-14 14:15 95232 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-04-10 13:15 . 2009-04-12 15:40 70656 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-04-09 19:25 . 2009-04-10 05:46 62976 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-04-08 18:53 . 2009-04-09 17:33 86016 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2008-07-31 15:26 . 2008-07-31 15:26 0 ----a-w- c:\program files\temp01
2009-03-09 12:22 . 2009-03-09 12:22 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2008-02-01 20:22 . 2008-02-01 19:01 48 --sh--w- c:\windows\SEAC511AD.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-12-06 10:58 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"365dni"="c:\program files\365dníNET\365dniNET.exe" [2007-01-06 753664]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-10 07:20 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Nabídka Start^Programy^Po spuštění^Yahoo! Widgets.lnk]
path=c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.11.2005 12:50 36768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.4.2009 8:48 108289]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [4.9.2007 22:13 24576]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4.9.2007 22:09 36352]
R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\drivers\StkCMini.sys [4.9.2007 22:13 1245056]
S2 gupdate1c986973955c1f8;Google Update Service (gupdate1c986973955c1f8);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 8:59 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [21.2.2008 21:14 17432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1.1.2009 14:34 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1.1.2009 14:34 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 16:19]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:59]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:59]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-PICPRTR.EXE - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4mujus31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 22:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37DEC6DB-B1CF-4028-B374-BE0B6FC82692}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahbeopahepiapbelh"=hex:6a,61,64,61,63,68,6e,6c,6a,68,6a,63,61,70,65,64,6f,67,
61,68,00,00
"hafcoppkppfhkkda"=hex:6a,61,64,61,63,68,6e,6c,6a,68,6a,63,61,70,65,64,6f,67,
61,68,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9f,bb,e3,e8,fa,
a7,5f,51,c8,28,51,af,b0,29,a3,98,7d,79,a3,6b,ca,97,f8,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a9,f6,9c,dc,cd,
a8,ca,cd,71,3b,04,66,8b,46,0d,96,3d,cd,a1,77,b1,5b,14,2c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,16,8b,0c,aa,78,
87,bc,b5,25,da,ec,7e,55,20,c9,26,4b,41,5d,50,f9,f4,04,23,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,30,b4,30,b7,41,
35,78,24,3e,1e,9e,e0,57,5a,93,61,16,1b,19,eb,16,d5,b0,a7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,2a,34,90,56,46,
60,11,b7,cd,44,cd,b9,a6,33,6c,cd,7b,1d,69,3d,4b,fa,f5,0d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,94,3e,16,26,cc,
20,ce,c1,b0,18,ed,a7,3f,8d,37,a4,1f,e3,c1,99,b9,13,ad,07,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,8d,25,b5,e3,07,
9d,fd,3d,31,77,e1,ba,b1,f8,68,02,14,58,28,5c,d1,49,52,cd,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,0e,d7,01,e8,dd,
00,5e,85,83,6c,56,8b,a0,85,96,ab,d8,62,02,ba,d3,50,83,17,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,b2,ed,03,46,8a,
c0,f4,90,51,fa,6e,91,28,9e,14,cc,e1,6d,77,f7,63,6c,ab,39,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,cd,4d,74,76,78,
06,9a,ce,b1,cd,45,5a,a8,c4,f8,b9,41,eb,c0,6a,7a,55,b1,72,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,37,94,68,f2,9d,
c0,bf,74,e3,0e,66,d5,eb,bc,2f,6b,25,2c,c9,af,58,fd,e4,7a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,bf,5a,5e,50,99,
7d,67,d8,fa,ea,66,7f,d4,3b,6b,70,03,10,9b,77,35,57,08,b9,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\IfxWlxEN.dll
.
Celkový čas: 2009-07-06 22:08
ComboFix-quarantined-files.txt 2009-07-06 20:06

Před spuštěním: Volných bajtů: 101 886 701 568
Po spuštění: Volných bajtů: 102 543 417 344

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

343 --- E O F --- 2009-06-11 17:44

[Damned]

Červené soubory zkontroluj na Virustotalu a vlož sem odkazy na výsledek.

c:\temp\TSDNWIN.exe
c:\temp\autorun.bin
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\Internet Logs\xDB4A.tmp
c:\windows\Internet Logs\xDB49.tmp
c:\windows\Internet Logs\xDB48.tmp
c:\windows\Internet Logs\xDB47.tmp
c:\windows\Internet Logs\xDB46.tmp
c:\windows\Internet Logs\xDB45.tmp
c:\windows\Internet Logs\xDB44.tmp
c:\windows\Internet Logs\xDB43.tmp
c:\windows\Internet Logs\xDB42.tmp
c:\windows\Internet Logs\xDB41.tmp
c:\windows\Internet Logs\xDB40.tmp
c:\windows\Internet Logs\xDB3F.tmp
c:\windows\Internet Logs\xDB3E.tmp
c:\windows\Internet Logs\xDB3D.tmp
c:\windows\Internet Logs\xDB3C.tmp
c:\windows\Internet Logs\xDB3B.tmp
c:\windows\Internet Logs\xDB3A.tmp
c:\windows\Internet Logs\xDB39.tmp
c:\windows\Internet Logs\xDB38.tmp
c:\windows\Internet Logs\xDB37.tmp
c:\windows\Internet Logs\xDB36.tmp
c:\windows\Internet Logs\xDB35.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_06_08_12_09_59_small.dmp.zip
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDBF.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\Internet Logs\xDBC.tmp
c:\windows\Internet Logs\xDBB.tmp
c:\windows\Internet Logs\xDBA.tmp
c:\windows\SEAC511AD.tmp

DirLook::
c:\program files\temp01

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Witchi]

Dobré ráno.Tak odkazy:
http://www.virustotal.com/cs/analisis/e ... 1244242525
http://www.virustotal.com/cs/analisis/9 ... 1246951950
Ten zbytek dám za chvíli.

[Witchi]

ComboFix 09-07-06.02 - Owner 07.07.2009 9:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.384 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_06_08_12_09_59_small.dmp.zip"
"c:\windows\Internet Logs\xDB10.tmp"
"c:\windows\Internet Logs\xDB11.tmp"
"c:\windows\Internet Logs\xDB12.tmp"
"c:\windows\Internet Logs\xDB13.tmp"
"c:\windows\Internet Logs\xDB14.tmp"
"c:\windows\Internet Logs\xDB15.tmp"
"c:\windows\Internet Logs\xDB16.tmp"
"c:\windows\Internet Logs\xDB17.tmp"
"c:\windows\Internet Logs\xDB18.tmp"
"c:\windows\Internet Logs\xDB19.tmp"
"c:\windows\Internet Logs\xDB1A.tmp"
"c:\windows\Internet Logs\xDB1B.tmp"
"c:\windows\Internet Logs\xDB1C.tmp"
"c:\windows\Internet Logs\xDB1D.tmp"
"c:\windows\Internet Logs\xDB1E.tmp"
"c:\windows\Internet Logs\xDB1F.tmp"
"c:\windows\Internet Logs\xDB20.tmp"
"c:\windows\Internet Logs\xDB21.tmp"
"c:\windows\Internet Logs\xDB22.tmp"
"c:\windows\Internet Logs\xDB23.tmp"
"c:\windows\Internet Logs\xDB24.tmp"
"c:\windows\Internet Logs\xDB25.tmp"
"c:\windows\Internet Logs\xDB26.tmp"
"c:\windows\Internet Logs\xDB27.tmp"
"c:\windows\Internet Logs\xDB28.tmp"
"c:\windows\Internet Logs\xDB29.tmp"
"c:\windows\Internet Logs\xDB2A.tmp"
"c:\windows\Internet Logs\xDB2B.tmp"
"c:\windows\Internet Logs\xDB2C.tmp"
"c:\windows\Internet Logs\xDB2D.tmp"
"c:\windows\Internet Logs\xDB2E.tmp"
"c:\windows\Internet Logs\xDB2F.tmp"
"c:\windows\Internet Logs\xDB30.tmp"
"c:\windows\Internet Logs\xDB31.tmp"
"c:\windows\Internet Logs\xDB32.tmp"
"c:\windows\Internet Logs\xDB33.tmp"
"c:\windows\Internet Logs\xDB34.tmp"
"c:\windows\Internet Logs\xDB35.tmp"
"c:\windows\Internet Logs\xDB36.tmp"
"c:\windows\Internet Logs\xDB37.tmp"
"c:\windows\Internet Logs\xDB38.tmp"
"c:\windows\Internet Logs\xDB39.tmp"
"c:\windows\Internet Logs\xDB3A.tmp"
"c:\windows\Internet Logs\xDB3B.tmp"
"c:\windows\Internet Logs\xDB3C.tmp"
"c:\windows\Internet Logs\xDB3D.tmp"
"c:\windows\Internet Logs\xDB3E.tmp"
"c:\windows\Internet Logs\xDB3F.tmp"
"c:\windows\Internet Logs\xDB40.tmp"
"c:\windows\Internet Logs\xDB41.tmp"
"c:\windows\Internet Logs\xDB42.tmp"
"c:\windows\Internet Logs\xDB43.tmp"
"c:\windows\Internet Logs\xDB44.tmp"
"c:\windows\Internet Logs\xDB45.tmp"
"c:\windows\Internet Logs\xDB46.tmp"
"c:\windows\Internet Logs\xDB47.tmp"
"c:\windows\Internet Logs\xDB48.tmp"
"c:\windows\Internet Logs\xDB49.tmp"
"c:\windows\Internet Logs\xDB4A.tmp"
"c:\windows\Internet Logs\xDBA.tmp"
"c:\windows\Internet Logs\xDBB.tmp"
"c:\windows\Internet Logs\xDBC.tmp"
"c:\windows\Internet Logs\xDBD.tmp"
"c:\windows\Internet Logs\xDBE.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
"c:\windows\SEAC511AD.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_06_08_12_09_59_small.dmp.zip
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\xDB35.tmp
c:\windows\Internet Logs\xDB36.tmp
c:\windows\Internet Logs\xDB37.tmp
c:\windows\Internet Logs\xDB38.tmp
c:\windows\Internet Logs\xDB39.tmp
c:\windows\Internet Logs\xDB3A.tmp
c:\windows\Internet Logs\xDB3B.tmp
c:\windows\Internet Logs\xDB3C.tmp
c:\windows\Internet Logs\xDB3D.tmp
c:\windows\Internet Logs\xDB3E.tmp
c:\windows\Internet Logs\xDB3F.tmp
c:\windows\Internet Logs\xDB40.tmp
c:\windows\Internet Logs\xDB41.tmp
c:\windows\Internet Logs\xDB42.tmp
c:\windows\Internet Logs\xDB43.tmp
c:\windows\Internet Logs\xDB44.tmp
c:\windows\Internet Logs\xDB45.tmp
c:\windows\Internet Logs\xDB46.tmp
c:\windows\Internet Logs\xDB47.tmp
c:\windows\Internet Logs\xDB48.tmp
c:\windows\Internet Logs\xDB49.tmp
c:\windows\Internet Logs\xDB4A.tmp
c:\windows\Internet Logs\xDBA.tmp
c:\windows\Internet Logs\xDBB.tmp
c:\windows\Internet Logs\xDBC.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBF.tmp
c:\windows\SEAC511AD.tmp . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-07 do 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 13:22 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-06 13:22 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-06 13:21 . 2009-07-06 13:21 -------- d-----w- c:\program files\iPod
2009-07-06 13:21 . 2009-07-06 13:22 -------- d-----w- c:\program files\iTunes
2009-07-06 13:20 . 2009-07-06 13:20 -------- d-----w- c:\program files\Bonjour
2009-07-06 13:13 . 2009-07-06 13:14 -------- d-----w- c:\program files\QuickTime
2009-06-18 08:43 . 2009-06-18 08:49 -------- d-----w- c:\program files\Common Files\Nero
2009-06-17 18:52 . 2009-06-17 18:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-06-17 14:45 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- C:\totalcmd
2009-06-17 14:10 . 2008-12-11 08:45 1469952 ----a-w- c:\temp\TSDNWIN.exe
2009-06-17 14:10 . 2009-03-09 12:13 2097152 ----a-w- c:\temp\autorun.bin
2009-06-11 17:36 . 2009-06-11 17:36 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-11 17:19 . 2009-06-11 17:19 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-11 17:11 . 2009-06-11 17:11 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-11 06:32 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 06:32 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 11:30 . 2009-06-08 11:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-07 15:39 . 2009-06-07 15:42 -------- d-----w- c:\program files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 07:53 . 2009-03-26 16:12 139892512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 07:49 . 2009-07-07 07:49 0 ------w- c:\windows\SEAC511AD.tmp
2009-07-07 07:48 . 2009-03-26 16:12 1873844 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-07 07:18 . 2007-09-04 20:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-06 15:08 . 2007-09-26 09:23 -------- d-----w- c:\program files\365dníNET
2009-07-06 13:33 . 2008-11-29 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 13:21 . 2007-12-04 07:23 -------- d-----w- c:\program files\Common Files\Apple
2009-07-02 16:11 . 2007-09-04 18:35 -------- d-----w- c:\program files\EA GAMES
2009-06-22 06:40 . 2007-09-04 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 08:43 . 2007-09-04 18:22 -------- d-----w- c:\program files\Nero
2009-06-18 08:33 . 2007-09-04 18:22 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-17 18:53 . 2007-09-05 12:58 -------- d-----w- c:\program files\Electronic Arts
2009-06-17 09:27 . 2008-11-29 16:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-11-29 16:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 07:16 . 2007-09-05 07:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-11 17:41 . 2008-08-16 11:09 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-28 17:43 . 2009-02-04 06:57 -------- d-----w- c:\program files\Google
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:05 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2007-09-04 19:44 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 15:30 . 2006-03-02 12:00 93418 ----a-w- c:\windows\system32\perfc005.dat
2009-04-30 15:30 . 2006-03-02 12:00 464256 ----a-w- c:\windows\system32\perfh005.dat
2009-04-29 07:29 . 2009-04-29 06:48 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-29 07:29 . 2009-04-29 06:48 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-07-31 15:26 . 2008-07-31 15:26 0 ----a-w- c:\program files\temp01
2009-03-09 12:22 . 2009-03-09 12:22 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\temp01 ----



((((((((((((((((((((((((((((( SnapShot@2009-07-06_20.03.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 07:50 . 2009-07-07 07:50 16384 c:\windows\Temp\Perflib_Perfdata_a7c.dat
+ 2009-04-02 14:41 . 2009-07-07 07:50 8776 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-12-06 10:58 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"365dni"="c:\program files\365dníNET\365dniNET.exe" [2007-01-06 753664]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-10 07:20 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Nabídka Start^Programy^Po spuštění^Yahoo! Widgets.lnk]
path=c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.11.2005 12:50 36768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.4.2009 8:48 108289]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [4.9.2007 22:13 24576]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4.9.2007 22:09 36352]
R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\drivers\StkCMini.sys [4.9.2007 22:13 1245056]
S2 gupdate1c986973955c1f8;Google Update Service (gupdate1c986973955c1f8);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 8:59 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [21.2.2008 21:14 17432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1.1.2009 14:34 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1.1.2009 14:34 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 16:19]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:59]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\org6\organize\bandobjs.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\4mujus31.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 09:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37DEC6DB-B1CF-4028-B374-BE0B6FC82692}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahbeopahepiapbelh"=hex:6a,61,64,61,63,68,6e,6c,6a,68,6a,63,61,70,65,64,6f,67,
61,68,00,00
"hafcoppkppfhkkda"=hex:6a,61,64,61,63,68,6e,6c,6a,68,6a,63,61,70,65,64,6f,67,
61,68,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(2292)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Infineon\Security Platform Software\PSDsrvc.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Celkový čas: 2009-07-07 10:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-07 08:09
ComboFix2.txt 2009-07-06 20:08

Před spuštěním: Volných bajtů: 102 499 864 576
Po spuštění: Volných bajtů: 102 468 542 464

389 --- E O F --- 2009-06-11 17:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:47, on 7.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\365dníNET\365dniNET.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dníNET\365dniNET.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\lotus\org6\organize\bandobjs.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se2895.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6935209078
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c986973955c1f8) (gupdate1c986973955c1f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12426 bytes

Počítač se snad chová normálně, asi je rychlejší.

[Damned]

Zopakuj test souboru c:\temp\TSDNWIN.exe na Virustotalu a zkontroluj i soubor c:\windows\SEAC511AD.tmp . Pokud ti nabídne možnost, že soubor byl již kontrolován, dej Otestovat znovu.

Ten první soubor hlásí VT takto: Soubor FFA5243700E5CC486ECC16A3D6D1D70009B0DBE3.dll přijatý 2009.06.05 22:55:25, což asi není on.

[Witchi]

http://www.virustotal.com/cs/analisis/e ... 1246963584
a u toho druhýho říka 0 bytes size received / Se ha recibido un archivo vacio

A antivir hlasil virus v volume information.

[Damned]

Vypni Body obnovení a po chvíli je zapni. V jakém souboru ti AV hlásil vir? exe, ini nebo dll? Pokud ti ho hlásil v System Volume Information, bylo to z nějakého programu, který si spustil, nebo z něčeho, co jsi instaloval. Je možné, že ho hlásí v souboru 365dniNET.exe? Zkontroluj ho na virustotalu a vlož sem zas odkaz.

Stáhni si KillBox.
Vybal ho z archívu na plochu a spusť ho. Do "Full Path of File to Delete" vlož cestu "c:\windows\SEAC511AD.tmp" , zaškrtni "Delete on Reboot" a zmáčkni bílej kříž v červeným kolečku.
Totéž po restartu zopakuj se složkou: "c:\temp" a pak po restartu smaž složku "C:\!KillBox . Pokud ho Avira detekuje jako vir, vypni rezidenta Aviry a po použití KillBoxu ho smaž a spusť rezidenta Aviry.
****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Stáhni si T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš a zvol A nebo N podle toho co ti napíše.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
****************************************************************************************************************************************
Potom:
Udělej nový log z HJT a dej ho sem.
Potom:
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
*****************************************************************************************************************************************Podle ComboFixu tam máš dva antiviráky. ZoneAlarm Security Suite Antivirus a Aviru. Nebo z toho ZA jsi instaloval jen Firewall?

[Damned]

Ještě doplním: Odinstaluj si ten Burn4Free Toolbar, je to adware.